Excel



UPDATE: Call it ‘dancing with the girl that brought ‘ya,’: two weeks after it disclosed a serious security breach at its RSA Security Division, tech firm EMC said it was buying NetWitness, a threat analysis firm that helped it detect the breach in the first place.

As
part of its scheduled batch of patches for November, Microsoft today
issued six security bulletins with fixes for a total of 15
vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated “critical,” meaning they can be
used to launch remote code execution or worm attacks without any user
action.  One of the Windows vulnerabilities could expose users to
drive-by malware attacks via the browser, Microsoft warned.

Microsoft plans to release six security bulletins next Tuesday
November 10 to fix at least 15 serious vulnerabilities that could
expose Windows users to malicious hacker attacks.
According to Microsoft’s advance notice
for this month’s Patch Tuesday, the updates will address gaping holes
in the Windows operating system and the Microsoft Office productivity
suite.  Read the notice from Redmond [microsoft.com]

From Computerworld (Gregg Keizer)
Microsoft’s plan to “sandbox” documents in the next version of Office looks like a “very good step forward,” according to one security analyst.
Last week, Microsoft revealed more details about a new security feature in Office 2010, dubbed “Protected View,” that is designed to shut down the popular hacker tactic of feeding users rigged Word, Excel and PowerPoint files.  Read the full story [computerworld.com]

Microsoft today released its April batch of security patches:  8 bulletins with patches for at least 20 documented holes in popular software products.  The most serious of the flaws could lead to remote code execution attacks that give a malicious hacker complete ownership of a vulnerable machine. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.