Microsoft today patched 11 vulnerabilities, including one in Office that hackers will quickly exploit to launch drive-by attacks, said security experts.
As expected, Microsoft did not ship a fix for the flaw in Internet Explorer (IE) that criminals are currently using to hijack Windows PCs.
Of the 11 flaws addressed in three separate updates, only one was pegged as “critical,” Microsoft’s top ranking in its four-step scoring system. The remaining 10 were all marked “important,” the second-highest rating.
“The one that gives me the heebie-jeebies this month is the Office update,” said Andrew Storms, director of security operations at nCircle Security. “The RTF vulnerability can be triggered simply by viewing a message in Outlook, so all you have to do is receive a [malicious] message. Then the game is over.”