Microsoft Tries To Patch Hacker Holes

The latest security bulletins address issues being targeted by hackers in the wild, including vulnerabilities in Microsoft Office Excel and WordPad

Microsoft has bundled five critical bulletins into a mammoth April Patch Tuesday release.

The release contains a total of eight bulletins, a few of which address vulnerabilities already under attack. Among these are critical bulletins affecting Microsoft Office Excel and text converters for WordPad and Office.

MS09-09 touches on two memory corruption vulnerabilities in Excel tied to the way the program parses the Excel spreadsheet file format. One of these flaws is already on the radar of hackers and is being targeted by a Trojan making the rounds on the Web. Both of these flaws affect multiple versions of the product but are only rated “critical” for Excel 2000. The bulletin’s severity is lowered to “important” for other Excel versions because later editions generate prompts that require additional user interaction for the exploits to work.

The bulletin covering the WordPad and Office text converters touches on four issues, including two bugs Microsoft says are being targeted in the wild. According to Microsoft, hackers have been targeting a vulnerability in the way the text converters in WordPad and Office process memory when a user opens a specially crafted Word 6 file with malformed data. Attackers have also had their eyes on a vulnerability in the way WordPad processes memory when parsing specially crafted Word 97 documents.

While attackers have reportedly only been exploiting some of the bugs, they may be knocking on the doors of others very soon. Two of the three vulnerabilities affecting Microsoft Windows HTTP Services already have either exploit code or exploit tools publicly available.

Also included in the round of patches is a critical cumulative update for Internet Explorer that swats six bugs in IE 7 and earlier versions of the browser. There is also a serious vulnerability in Microsoft DirectShow that could permit a hacker to remotely execute code if a user opens a malicious M-JPEG file.

“This software is a core component of Microsoft Windows 2000, XP and Server 2003 and is used as an interface by most Windows-based applications, such as Microsoft Media Player, that play multimedia files,” said Holly Stewart, threat response manager for IBM’s X-Force, adding attackers have increasingly turned to this exploit method in the past year.

The bulletins rated “important” included privilege escalation issues in Windows, denial-of-service bugs in Microsoft ISA Server and a blended threat privilege escalation vulnerability in SearchPath is rated “moderate.”