Microsoft revokes more DigiNotar certificates on Patch Tuesday

Security administrators will be busy today after Microsoft's monthly Patch Tuesday update and Adobe's quarterly patch release fell on the same day, and Microsoft revoked certificates signed by two authorities in the wake of the DigiNotar breach.

Microsoft issued five patches to deal with flaws rated as 'important' in Windows and Office software.

Priority, according to vulnerability management firm Qualys, should be given to the MS11-072 patch which fixes an arbitrary code execution vulnerability in Excel that affects all versions of the software.

"To exploit this issue, attackers could create malicious Excel files which, when opened on vulnerable hosts, can take control of the system," explained Qualys chief technology officer Wolfgang Kandek.

"Priority should also be given to MS11-073 which fixes a code execution vulnerability in Microsoft Office versions 2003, 2007 and 2010, including Microsoft Word. Attackers could use a malicious word file (CVE-2011-1982) to execute code on victim machines."

Microsoft also made a move to secure Internet Explorer users by revoking six certificates signed by two Certificate Authorities, Entrust and Cybertrust, which had issued certificates on behalf of DigiNotar.

DigiNotar was hacked last month by cyber criminals who managed to issue false certificates for sites including Google and Facebook. Browser vendors including Google and Mozilla have already revoked the certificates in question.

Also on Tuesday, Adobe issued critical updates for Reader and Acrobat which could cause the apps to crash or allow an attacker to take control of an affected system.