Microsoft has released
its monthly set of security patches (
get
ISO), fixing a critical flaw in Office. Attackers could exploit the
bug by tricking Office users into opening a maliciously encoded .pub document,
which would then allow attackers to run unauthorized software on a victim's PC.
These .pub documents are created by Microsoft's Publisher software, an Office
component used for designing print and online business publications. Microsoft
rates the bug as "critical" for Publisher 2000, but this warning has been
downgraded to "important" for the Publisher 2002 and Publisher 2003 products.
Some security experts expected Microsoft to fix a similar bug in Word, which has
been used by online attackers over the past few weeks, but that problem remains
unfixed.
Tuesday's patches also include less-critical fixes for two Windows
components: the PGM (Pragmatic General Multicast) protocol used by Microsoft's
Reliable Multicast Program software to transfer data, and the Windows Indexing
service, which is used by the operating system's search engine.