…adds up to a critical threat, most are only moderate or low-level threats to fully patched IE 6 versions on Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1.
MS06-047
Microsoft Security Bulletin MS06-047, "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution", also deserves immediate attention because attackers are actively exploiting this flaw. This is a critical threat for Microsoft Office 2000 users.
MS06-047 addresses the Visual Basic for Applications Vulnerability (CVE-2006-3649). While this vulnerability also affects Office XP and Visual Basic for Applications SDK 6.0, 6.2, 6.3, and 6.4, it's only an important threat for these versions.
The only recommended workaround is not to open unexpected Office files or any Office files from untrusted sources.
MS06-048
Microsoft Security Bulletin MS06-048, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution", doesn't appear to pose a great threat at first glace. It only affects PowerPoint users — and it's only critical for PowerPoint 2000. (It's an important threat for all other affected versions.)
However, attackers are already exploiting the Mso.dll vulnerability, which is why I'm addressing it. MS06-048 addresses two vulnerabilities: Microsoft PowerPoint Mso.dll Vulnerability (CVE-2006-3590) and Microsoft PowerPoint Malformed Records Vulnerability (CVE-2006-3449).
This security bulletin replaces Microsoft Security Bulletin MS06-038. It affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, PowerPoint 2004 for Mac and PowerPoint 2004 v. X for Mac.
Final word
What a lovely way to spend the dog days of August — so many security bulletins that I can't even fit all the critical threats into one article!
I've tried to prioritise these threats because I think readers have slightly different priorities (as each subset of users and managers generally does) than Microsoft's necessarily generalised ratings. I will focus on the remaining five critical threats, as well as the three important threats, in a future article.
John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.
