3 replies to this topic

[AplusWebMaster]

FYI...

- https://www.microsof...n/ms10-mar.mspx
March 09, 2010 - "This bulletin summary lists security bulletins released for March 2010... (Total of -2-)

Important -2-

Microsoft Security Bulletin MS10-016 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
- http://www.microsoft...n/ms10-016.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS10-017 - Important
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
- http://www.microsoft...n/MS10-017.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Deployment Priority
- http://blogs.technet...5/original.aspx

Severity and Exploitability Index
- http://blogs.technet...4/original.aspx

- http://blogs.technet...in-release.aspx
___

ISC Analysis
- http://isc.sans.org/...ml?storyid=8392
Last Updated: 2010-03-09 18:10:05 UTC
___

MSRT
- http://support.micro...om/?kbid=890830
March 9, 2010 - Revision: 70.0
(Recent additions)
- http://www.microsoft...e/families.aspx
... added this release
• Helpud: http://www.microsoft.....=Win32/Helpud

- http://go.microsoft....k/?LinkId=40587
File Name: windows-kb890830-v3.5.exe
Version: 3.5
___

Movie Maker
- http://secunia.com/advisories/38791/
MS10-016

Excel
- http://secunia.com/advisories/38805/
MS10-017

.

Edited by AplusWebMaster, 12 March 2010 - 04:55 AM.

[AplusWebMaster]

FYI...

MS10-017-Excel-updated-fixed...
Non-English Text in Add or Remove Programs tool
- http://blogs.technet...grams-tool.aspx
March 12, 2010 - "We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the Add or Remove Programs tool (WinXP) or the Programs and Features --> Installed Updates view (Vista, Win7). The title text being displayed for this update is Chinese Simplified. It’s very important to note that this cosmetic issue does not affect the functionality of the update. All of the security fixes in this bulletin (MS10-017) are included in the update. If English text in your Add or Remove Programs tool (WinXP) or the Programs and Features --> Installed Updates view (Vista, Win7) is a requirement, there is a two-part workaround available.
1. Un-install this update
2. Navigate to the link below and install a corrected version of the update from the Download Center.
EXCEL 2002: http://download.micr...ullFile-ENU.exe
EXCEL 2003: http://download.micr...ullFile-ENU.exe "

[AplusWebMaster]

FYI...

IE update to be released March 30, 2010
- http://www.microsoft...n/ms10-mar.mspx
March 29, 2010 - "This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7... described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack..."

- http://blogs.technet...ut-of-band.aspx
March 29, 2010 - "... Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer..."

Edited by AplusWebMaster, 30 March 2010 - 05:24 AM.

[AplusWebMaster]

FYI...

Microsoft Security Bulletin MS10-018 - Critical
Cumulative Security Update for Internet Explorer (980182)
- http://www.microsoft...n/ms10-018.mspx
March 30, 2010 - "This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer... The security update addresses these vulnerabilities by modifying the way that Internet Explorer verifies the origin of scripts and handles objects in memory, content using encoding strings, and long URL... This security update also addresses the vulnerability first described in Microsoft Security Advisory 981374..."
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer
* http://support.microsoft.com/kb/980182

Aggregate severity on Internet Explorer 6, 7, and 8
Graphic: http://blogs.technet...7/original.aspx

- http://isc.sans.org/...ml?storyid=8533
Last Updated: 2010-03-30 17:19:30 UTC
Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
Race Condition Memory Corruption Vulnerability - CVE-2010-0489
Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
HTML Object Memory Corruption Vulnerability - CVE-2010-0491
HTML Object Memory Corruption Vulnerability - CVE-2010-0492
HTML Element Cross-Domain Vulnerability - CVE-2010-0494
Memory Corruption Vulnerability - CVE-2010-0805
Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807

- http://secunia.com/advisories/38860
Last Update: 2010-03-30
Criticality level: Extremely critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: MS IE 5.01, 6.x, 7.x, 8.x
Solution: Apply patches.
Advisory: MS10-018 (KB980182):
http://www.microsoft...n/ms10-018.mspx

- http://atlas.arbor.n...ndex#-443267133
March 31, 2010 - "Analysis: This is a critical fix for -all- users of IE and Windows that we encourage people to apply immediately. Exploits are in use in the wild."

Active Exploitation of CVE-2010-0806
- http://blogs.technet...A4A/image_2.png
March 10-28, 2010

Edited by AplusWebMaster, 02 April 2010 - 08:18 AM.