Seattle, Sept 04: Microsoft warned on Wednesday that users of its Office software were at risk of having their computers taken over by an attacker unless they applied a patch to correct the problem. The world's largest software maker said a "critical" flaw in its Visual Basic for Applications software, used to develop applications for Windows and Office, could enable a malicious programmer to create documents that would launch attacks on unsuspecting users.

Microsoft has vowed to improve security and reliability of its software, which has been hit by several high-profile flaws this year. The Slammer worm nearly brought the Internet to a halt in January while the Blaster worm and its variants crippled hundreds of thousands of computers in August.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The flaw exploited by Blaster first appeared in a Microsoft security bulletin in mid-July, which was followed by the release of the worm sometime during the first week of August.

While experts said that it is difficult to determine whether the Blaster worm was created in response to the July security bulletin, they added that there was a slight risk that the latest disclosure could spawn a new virus.

Redmond, Washington-based Microsoft urged users in a security bulletin (http://www.microsoft.com/security/) to apply the software fix.

At risk were recent versions of Microsoft's Access, Excel, PowerPoint, Publisher, Visio, Word and Works applications, which are part of the Office family of software used in a range of tasks such as creating databases, documents, spreadsheets and presentations as well as publishing documents and Web pages. Some applications from Microsoft's Great Plains business software division were also affected, Microsoft said.

A user could trigger an attack by opening a document for any of those programs that contain Visual Basic components, the company said.

Experts said that any virus that exploits the Visual Basic flaw was unlikely to cause major damage.

"There are a number of factors that minimize the risk in this case," said Oliver Friedrichs, a senior manager at computer security and services provider Symantec Corp.

"You need to open a document that someone sends you to, where with blaster you simply had to be on the Internet to be infected," he said.

Microsoft credited eEye Digital Security, a security software provider in Aliso Viejo, California, for reporting the flaw. Bureau Report