The H-Security: Microsoft has released two updates for Windows and three for Office to close various security holes. All five updates have only been rated “important” by the company.
A hole in WINS enables local attackers to escalate their privileges on a system. Another patch prevents a new variant of binary planting, or DLL hijacking, attacks that can cause Windows to load DLLs from shared network volumes without the user’s permission. This allows attackers to execute code on a computer via specially crafted DLLs. Microsoft has been struggling to contain the insecure DLL loading problem with numerous patches released since mid 2010.
Further updates for Office close five holes in Excel and two general holes in Office that can all be exploited to compromise a PC. Opening a specially crafted document is all that is required to become a victim. Another update fixes five vulnerabilities in SharePoint that allow users to escalate their privileges on a system.
An overview of the updates can be found in the “Microsoft Security Bulletin Summary for September 2011“.