Risk: High
Microsoft's March security bulletin was issued on 14th March and covered seven new vulnerabilities discovered in Microsoft Office and Windows.
Six of the vulnerabilities, enabling remote code execution, were found in Microsoft Office and are classified as critical. Most Microsoft Office programs are affected, and the majority of the flaws relate to Microsoft Excel. The vulnerabilities have occurred as a result of malformed elements, including graphics, file format and routing slip. Patches are available from Microsoft's website to fix these flaws. The flaw found in Windows enables elevation of privilege; an attacker exploiting the flaw would be able to take complete control of an affected system and edit data, create new user accounts with full user rights and install programs. The flaw, which is classified by Microsoft as 'important', only exists on XP Service Pack 1, so to fix it, users should install Service Pack 2.
Three Internet Explorer flaws have also been published, which Microsoft will address in its April bulletin, due to be issued on 11th April. Two of the flaws enable attackers to take control of an affected system and the other crashes IE if the user visits a specially crafted website. Microsoft recommends that those using IE do not open attachments from unfamiliar senders or visit websites that are not trusted.