Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: March 2010 Security Bulletin Release

09 Mar 2010   #1
SGT Oddball

March 2010 Security Bulletin Release

Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible. The Microsoft Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins. A summary of today’s security updates can be found on the Microsoft Security Bulletin webpage.

MS10-016 addresses one vulnerability in Windows Movie Maker. Both Windows XP and Windows Vista ship with affected versions (2.1 and 6.0 respectively). Version 2.6 is also vulnerable and can be freely downloaded and installed from the web. Customers who install 2.6 on any supported platform, including Windows 7, will be offered the update. In order to take advantage of the vulnerability, a user would need to open a specially crafted Movie Maker project file. These are files with the .mswmm file extension.

The MS10-016 bulletin also calls out Microsoft Producer 2003 in the affected products list. Producer 2003 is a free download with limited distribution. At this time, we are not offering an update for Producer 2003. Our standard approach is to produce updates that can be deployed automatically for all affected products at the same time but Producer 2003 does not offer a means for automatic update. Based on our investigation, we determined that the best way to protect the vast majority of customers was to release an update addressing the components that shipped with Windows. While we continue to investigate Producer 2003, we recommend that customers either uninstall the application or apply an available Microsoft Fix It to disassociate the project file type from the application to add an extra layer of security.

MS10-017 affects all currently supported versions of Microsoft Office Excel. It also affects Office 2004 and Office 2008 for Mac, the Open XML File Format Converter for Mac, supported versions of Excel viewer and SharePoint 2007. As with most Office vulnerabilities, a user would have to open a specially crafted file in order to be exploited.

Since both of today’s bulletins require user interaction, we give them both a “2” on our deployment priority scale:

Our Severity and Exploitability Index slide offers additional guidance to help customers prioritize this month’s bulletins:

In the following video, Adrian Stone and I give a brief overview of today’s bulletins:

More listening and viewing options:
Today we also re-released MS09-033 to add Virtual Server 2005 to the affected products list. Customers who have already installed the update for affected products do not have any additional actions.

Additionally, we continue to to monitor the threat landscape around Security Advisory 981169 regarding a vulnerability in VBScript that could allow remote code execution. We are not currently aware of any active attacks but encourage customers to review the advisory and apply the suggested workarounds where possible. Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected.

Please join us tomorrow for a public webcast where Adrian Stone and I will go in to detail on these bulletins and answer customer questions with the help of the engineers who worked to produce them so please plan to join us.

Date: Wednesday, March 10
Time: 11:00 a.m. PST (UTC -8)


Jerry Bryant
Sr. Security Communications Manager Lead

*This posting is provided "AS IS" with no warranties, and confers no rights.*


My System SpecsSystem Spec

 March 2010 Security Bulletin Release

Thread Tools

Similar help and support threads
Thread Forum
May 2010 Security Bulletin Release
April 2010 Security Bulletin Release
Microsoft Security Bulletin Summary for March 9, 2010
Microsoft Security Bulletin Summary for March 9, 2010 Microsoft Security Bulletin Summary for March 9, 2010 Published: March 9 2010 Note: There may be latency issues due to replication, if the page does not display keep refreshing Note: Security Center - Bulletins Advisories Tools Guidance...
Windows Updates & Activation
March 2010 Bulletin Release Advance Notification
February 2010 Security Bulletin Release
January 2010 Security Bulletin Release

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:14.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App

Windows 7 Forums