REDMOND, Wash., Feb. 14 (UPI) -- Microsoft Corp. released safety updates including six listed as "critical" as the U.S. software maker plugs holes in Office and a security-scanning engine.
The security flaw could easily be exploited by an attacker to run unauthorized software, the IDG News Service reported.
The error affects the way Microsoft's Malware Protection Engine, used by Windows Live One Care and Windows Defender, processes PDF files, the service said.
Windows Defender is available for free and ships with Microsoft's Vista operating system.
"An attacker could exploit the vulnerability by constructing a specially crafted PDF file that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file," Microsoft said in its bulletin about the patch.
Security software maker Symantec Corp. rated this scanning engine flaw the most critical of the Microsoft vulnerabilities patched.
Microsoft released the patch for this flaw Jan. 26 but only notified customers of the bug now, Microsoft security program Manager Mark Griesi said.
The patch also closes loopholes in Word, Excel, PowerPoint and Internet Explorer. Versions of these programs used on Windows 2000 and XP could have these loopholes.
