All users of Office 97, Office 2000 and a plethora of other products have been advised by Microsoft to downlaod a newly released software patch or risk having dangerous holes in their systems.
Only weeks after security holes were discovered in Office 97 software, Microsoft has admitted to further “vulnerabilities” caused by a bug in its Jet database engine.
Microsoft has now admitted the bug could affect Office 2000 - something it had previously denied. About two weeks ago the existence of the bug was revealed for Office 97 and a number of other Microsoft products, all of which contain the Jet database engine. Hackers could easily exploit the bug for malicious purposes.
Microsoft confirmed to VNU Newswire that it had discovered the two vulnerabilites which it said could affect any applications that run on top of Jet, allowing a database query to take virtually any action on a user’s computer.
This could include adding, deleting or modifying files, reformatting the hard drive, copying information to or from a Web site or virtually any malicious action desired by the person running the query.
Microsoft has quietly issued a patch for the vulnerabilities and sent a security bulletin to all subscribers of its free email Product Security Notification Service. This is available on the Microsoft site.
Microsoft has known about the vulnerabilities for some time before owning up, but wanted to get a patch in place before it confirmed the problem. The software giant recommends that all customers running applications that use Jet, especially users of Microsoft Office 97 and Office 2000, install the patch.
Jet, however, is also used in a number of other Microsoft products, including Excel and Acess and ships as part of Visual Studio. It also comes as part of third party software offerings.
Microsoft said it had focused the threat of these vulnerabilites on Office because scenarios for exploiting them via Office are publicly known. It also said that Office was the most widely used of the applications affected and that the vulnerabilities could be exploited via Office documents that are hosted on the Web.
Although Microsoft has only been able to trigger the Jet vulnerabilities in Office, it is strongly advising all customers who have Jet installed as part of any software product to download the patch to protect themselves from possible attacks.
The software patch available on Microsoft's site will detect whether Jet is present in a user's software and automatically download if necessary.
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones