Jump to content

Categories:    Windows      Software      Hardware      Security      Mobile      Internet      Guides
Sponsored Links
Recent Forum Topics
Community Zone
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics

Windows News
Microsoft fixes critical DLL hole in Office but not XP SP3
Posted on Nov 12 2010 03:52 AM by xper in Security

This month's fairly light Patch Tuesday included a critical patch for Microsoft Office that fixed a couple of dangerous issues, including Microsoft's first and only patch for the DLL hijacking vulnerability that made big news in August. The Office patch also included a fix for a scary drive-by exploit which could infect a PC if an evil e-mail showed up in the preview box of Outlook.

Enterprise users may be pleased that Microsoft's patch for the DLL bug has arrived for Office, as several applications included in Office have been known to be vulnerable, including PowerPoint, Excel and Word. But there are other Microsoft applications including Windows XP SP3 and the new Microsoft Visual Studio 2010 that are hanging out waiting for a patch.

Microsoft has not released a list of its own Windows applications found to be affected by the DLL hole (which can't surprise anyone). But since the hole came to light about three months ago, others have created such lists.

Vupen Security keeps this running list of a couple of dozen applications it knows to be affected. Those marked with a red square are considered to be rated critical. Notice that the DLL hole affects a couple of applications that are part of Windows XP SP3 (the still supported version). It has also been confirmed with older apps like Visio 2003.

Full story: NetworkWorld

Your Comment?