I know that Windows has regular security updates, but is it also necessary to update Microsoft Office programs as well?
This question was answered on May 11, 2007. Much of the information contained herein may have changed since posting.
(See our CNN video segment on this topic at: http://tinyurl.com/2w8zn3 )
The number of potential areas that an Internet connected computer can be exploited continues to grow and the biggest targets are the most commonly used software programs.
Windows, because of its dominant position in market share, has always been the biggest target (although some are speculating that as more folks convert to the MacOS, the hackers will follow), but an often overlooked application that is almost as common in today’s computing environment is Microsoft’s productivity package known as Office.
The various Office packages use a combination of programs such as Word, Excel, PowerPoint and Outlook which have always been minor targets for hackers (old-timers will remember the Macro Virus days) but recently, they are being targeted more vigorously
There have been a plethora of recent “Zero-day” attacks using e-mail attachments of Word, Excel and PowerPoint files (for just about every version of Office including older 2000 and XP versions) because the hackers have figured out how to use them to create a backdoor to hijack computers that open the infected files.
“Zero-day” refers to the fact that within the same day that a security hole has been discovered (most commonly referred to as a “vulnerability”) the hackers have created an exploit and launched it on the Internet.
In the past, it would take weeks if not months for hackers to write the code to take advantage of the newly discovered security holes, but today it is almost instantaneous.
The hackers know that the quicker they act, the more people they can snare with the newly discovered hole before users get around to plugging the hole with a security update.
To that end, it is imperative that you always keep Microsoft Office updated (check at least once a month if you use the programs regularly) with the most current security patches and never open a file in an e-mail attachment, instant message or even on a website unless you absolutely know exactly what it is (don’t let your curiosity turn you into a victim!)
If you want to make sure that you have the latest patches for any of the programs in Microsoft Office, you can click on the “Help” menu, then on “Check for Updates”
Or you can go directly to http://office.microsoft.com and look in the upper right hand corner of the page for the “Check for Updates” link.
Depending upon how old your computer is and which operating system you are running, critical Office updates may already be delivered to you via the standard Microsoft Update system, but use the manual systems described above periodically to make sure you are protected.
Many folks confuse Office as being part of the Windows operating system because so many computer companies pre-load it on new computers, but it is actually a completely separate set of programs and needs to be checked separately from Windows to be safe.
If you really want to keep up with all of the technical bulletins and security updates that Microsoft releases (especially for business users), you may want to routinely visit the security section of the Microsoft TechNet site (Microsoft.com/technet/security).
Those of you that are in charge of a large number of computers can also sign up for the technical security notification service at this site (very technical dispatches) so that as new items are discovered in any Microsoft product, you are alerted via e-mail, RSS or several other options that Microsoft offers.
About the author
Posted by Ken Colburn of Data Doctors on May 11, 2007