Today Microsoft released its March 2006 Security Bulletin, which includes two updates, one critical and the other important. This bulletin covers not only Windows updates, but also updates to Microsoft Office, the latter considered by Microsoft to be critical. Patches are available via Microsoft Update and Microsoft Office Update. For more details on these updates, see News.com.
Entitled "Permissive Windows Services DACLs Could Allow Elevation of Privilege," this security bulletin addresses a vulnerability that could allow escalation of services on affected systems. Affected versions of Windows include Windows XP SP1 and Windows Server 2003. No other versions of Windows are affected.
Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," this security bulletin addresses several vulnerabilities within Microsoft Excel and other Office applications that include Excel functionality. Affected versions include Microsoft Office 2000 (specifically Word, Excel, Outlook, PowerPoint, and Multilingual packs), Microsoft Office 2002 (specifically Word, Excel, Outlook, PowerPoint, and Multilingual packs), Microsoft Office 2003 (specifically Excel and Excel Viewer), Microsoft Works Suite 2000, 2001, 2002, 2003, 2004, 2005, and 2006, Microsoft Office X for Mac (specifically Excel for Mac), and Microsoft Office 2004 for Mac (specifically Excel for Mac). Note: Microsoft Works users should use Microsoft Office Update to download the appropriate patches. In affected versions of Office, if the current user has administrative user rights, an attacker could use this vulnerability to take complete control of the client workstation and install programs; view, change, or delete data; or create new accounts with full user rights.