Yesterday, June 8, 2010, Microsoft released 10 security bulletins, three rated as "critical" and seven rated as "important," to address a total of 34 software vulnerabilities. Of these bulletin items, users should prioritize these four:
- MS10-033: Critical on all supported versions of Windows. This update addresses a Windows media file vulnerability that could potentially enable drive-by downloads.
- S10-034: Addresses an ActiveX vulnerability.
- MS10-035: A cumulative update for Internet Explorer.
- MS10-038: Addresses critical vulnerabilities in Excel.
It’s important to note that MS10-038 addresses 14 CVE vulnerabilities, all related to Excel. Many of these vulnerabilities have a “critical” rating. Of the 14 vulnerabilities, only 11 affect Office 2002. Office 2010 is not impacted by any of these.
If you are still running MS Office 2002, it is time to upgrade! In addition to these newly announced vulnerabilities, Microsoft is ceasing support to Office 2002 next month. All the more reason to upgrade!
Users can protect themselves by installing the upgrade released with the bulletin. If you have Windows auto-update enabled, you are good to go. Otherwise, you can follow this link to download the updates: http://www.microsoft.com/technet/security/current.aspx.
An important item to note: In addition to Office 2002, Microsoft will cease support for Windows XP service pack 2 and Windows 2000. Users should upgrade to a later version of Windows XP service pack 3.