Excel, Word, Access, and Outlook affected by latest Microsoft patches
Microsoft's August security bulletin [1] covers critical vulnerabilities covering Microsoft Access 2003 (MS01-041) and Word 2003 (MS08-42), plus Excel 2000 (MS08-043) and Internet Explorer (MS080-045), our sister site, AccountingWEB.co.uk [2], reports.
The final critical vulnerability affects the Microsoft Image Color Management system for Windows 2000, Windows XP, and Windows Server 2003 (MS08-046). Security experts such as McAfee report that some of these weak points are being targeted in the wild.
As Stewart Twynham [3] explained last year, Patch Tuesdays are inconvenient, but quick application of the patches is recommended to keep your systems secure.
But come October, the great unveiling of the monthly will become less dramatic, as Microsoft has set out plans for the Microsoft Active Protections Program (MAPP) that will share vulnerability details under non-disclosure terms with a community of Microsoft partners. The idea is that these partners will be able to patch their own products against the vulnerabilities before Microsoft officially announces their existence.
The shift has come about partly because Microsoft feared the Patch Tuesday rigmarole was perpetuating security fears and giving hackers a window during which they could try to exploit vulnerabilities before users and developers applied the published patches.
A new Microsoft Security Research Center Ecosystem Strategy blog [4] details the new arrangements, which include a monthly "exploitability index" to identify the most dangerous threats and a community-based approach to sharing information with trusted MAPP partners each month.