VBA and RPC Vulnerabilities Require New Patches

Critical security bulletins have been issued for vulnerabilities in Microsoft’s Visual Basic for Applications (VBA) and Remote Procedure Call (RPC) software. Both vulnerabilities could leave systems exposed to takeover by malicious code, and require immediate corrective action, even if customers think it unlikely that a sophisticated programmer can exploit the VBA vulnerability, and even if they already patched RPC to address the Blaster worm. VBA and RPC are found on most computers running Microsoft OSs and applications.

VBA Vulnerability

VBA allows developers and users to develop new applications, integrate different applications, and automate features of existing applications with scripts that can be integrated into common applications and are easier to write and install than executable programs. The best-known use of VBA is in some components of Microsoft Office, but Microsoft has also licensed VBA to other software developers.

The vulnerability is a buffer overflow in code that VBA uses to check document properties when a document is opened.