ID: IRCNE2011091251
Date: 2011-09-14
According to "cnet", Microsoft released security fixes yesterday, and Microsoft blacklisted six more root certificates in the wake of a breach at DigiNotar that allowed fraudulent SSL certificates to be issued.
As part of its monthly Patch Tuesday, Microsoft released five security bulletins, none of which are critical, plugging 15 holes. Affected software includes Windows, Office, Excel, SharePoint, Windows Server and Office Web Apps. More details are in the advisory.
Meanwhile, Microsoft revoked certificates signed by two certificate authorities, which had issued certificates on behalf of DigiNotar.
Microsoft, Google Chrome, Firefox, Opera, Adobe and Apple now blacklist the certificates.
Microsoft today warned that innocuous documents, including legitimate rich text format files (.rtf), text files (.txt), or Word documents (.doc) could be used in code execution attacks against Windows users.
As part of this month’s Patch Tuesday release, Microsoft shipped MS11-071 to address a publicly known vulnerability in Windows Components that could be exploited via Office documents.
Despite the risk of “remote code execution” attacks, Microsoft is rating this an “important” issue.
A separate bulletin (MS11-072) provides cover for a total of five documented vulnerabilities in Microsoft Office.
- 3