|09 Mar 2010||#1|
| || |
March 2010 Security Bulletin Release
Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible. The Microsoft Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins. A summary of today’s security updates can be found on the Microsoft Security Bulletin webpage.
MS10-016 addresses one vulnerability in Windows Movie Maker. Both Windows XP and Windows Vista ship with affected versions (2.1 and 6.0 respectively). Version 2.6 is also vulnerable and can be freely downloaded and installed from the web. Customers who install 2.6 on any supported platform, including Windows 7, will be offered the update. In order to take advantage of the vulnerability, a user would need to open a specially crafted Movie Maker project file. These are files with the .mswmm file extension.
The MS10-016 bulletin also calls out Microsoft Producer 2003 in the affected products list. Producer 2003 is a free download with limited distribution. At this time, we are not offering an update for Producer 2003. Our standard approach is to produce updates that can be deployed automatically for all affected products at the same time but Producer 2003 does not offer a means for automatic update. Based on our investigation, we determined that the best way to protect the vast majority of customers was to release an update addressing the components that shipped with Windows. While we continue to investigate Producer 2003, we recommend that customers either uninstall the application or apply an available Microsoft Fix It to disassociate the project file type from the application to add an extra layer of security.
MS10-017 affects all currently supported versions of Microsoft Office Excel. It also affects Office 2004 and Office 2008 for Mac, the Open XML File Format Converter for Mac, supported versions of Excel viewer and SharePoint 2007. As with most Office vulnerabilities, a user would have to open a specially crafted file in order to be exploited.
Since both of today’s bulletins require user interaction, we give them both a “2” on our deployment priority scale:
Our Severity and Exploitability Index slide offers additional guidance to help customers prioritize this month’s bulletins:
In the following video, Adrian Stone and I give a brief overview of today’s bulletins:
More listening and viewing options:
Additionally, we continue to to monitor the threat landscape around Security Advisory 981169 regarding a vulnerability in VBScript that could allow remote code execution. We are not currently aware of any active attacks but encourage customers to review the advisory and apply the suggested workarounds where possible. Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected.
Please join us tomorrow for a public webcast where Adrian Stone and I will go in to detail on these bulletins and answer customer questions with the help of the engineers who worked to produce them so please plan to join us.
Date: Wednesday, March 10
Time: 11:00 a.m. PST (UTC -8)
Sr. Security Communications Manager Lead
*This posting is provided "AS IS" with no warranties, and confers no rights.*
|My System Specs|
|Similar help and support threads for2: March 2010 Security Bulletin Release|
|Microsoft security bulletin for March 12 2013||Security News|
|May 2010 Security Bulletin Release||News|
|April 2010 Security Bulletin Release||News|
|Microsoft Security Bulletin Summary for March 9, 2010||Windows Updates & Activation|
|March 2010 Bulletin Release Advance Notification||News|
|February 2010 Security Bulletin Release||News|
|January 2010 Security Bulletin Release||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 07:36 PM.