MA-220.032010 : MyCERT Alert - Latest Patch for Multiple Microsoft Vulnerabilities (March 2010)
Published date: 2010-03-10
1.0 Introduction
Microsoft has recently released 2 security bulletins for March 2010. Both of them are rated Important.
The list of the critical vulnerabilities is as below:
1. Vulnerabilities in Windows Movie Maker could allow Remote Code Execution (975561)
Patch: http://go.microsoft.com/fwlink/?LinkId=183077
This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less effected than users who operate with administrative user rights.
Below is the list of vulnerable products:
- Movie Maker 2.1 running on all Windows XP Service Pack 2 and Service Pack 3
- Movie Maker 2.1 running on all Windows XP Professional x64 Edition Service Pack 2
- Movie Maker 6.0 and Movie Maker 2.6 running on all Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Movie Maker 6.0 and Movie Maker 2.6 running on all Windows Vista x64 Edition, Windows Vista x64 Edition Service
- Pack 1, and Windows Vista x64 Edition Service Pack 2
- Movie Maker 2.6 running on Windows 7 for 32-bit Systems
- Movie Maker 2.6 running on Windows 7 for x64-bit Systems
2. Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
Patch: http://go.microsoft.com/fwlink/?LinkId=182987
This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less effected than users who operate with administrative user rights.
Below is the list of the vulnerable products:
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft
- Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
More information can be found at Microsoft Security Bulletin Summary for March 2010 by visiting the following URL: http://www.microsoft.com/technet/security/bulletin/MS10-mar.mspx
All patches can be done almost automatically via the Windows Update application.
The how-to perform of the windows update is available at the following URL:
http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor. MyCERT can be reached through the following channels:
E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
2.0 References
