Jump to content
Sign in to follow this  
Dr.Melzer

Alert - Critical Product Vulnerability - March 2008 Microsoft Security Bulletin Relea

Recommended Posts

gestern Abend wurden die Microsoft Security Bulletins für März 2007 veröffentlicht. Die Veröffentlichung der Bulletins für März 2008 ersetzt die Bulletin Advance Notification, die erstmalig am 6. März 2008 veröffentlicht wurde.

 

Weitere Infos findet Ihr nachfolgend und auch unter: Microsoft Security Bulletin Summary für März*2008

 

 

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletins being released on 11 March 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.

 

New Security Bulletins:

 

Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities:

 

Bulletin Number Maximum Severity Affected Products Impact

MS08-014 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-015 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-016 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-017 Critical Microsoft Office Web Components. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

 

Summaries for these new bulletins may be found at the following pages:

Microsoft Security Bulletin Summary for March 2008

Share this post


Link to post
Share on other sites

Microsoft Windows Malicious Software Removal Tool

 

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

 

High-Priority Non-Security Updates

 

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2008

 

PUBLIC BULLETIN WEBCAST

 

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft March Security Bulletins (Level 200)

Date: Wednesday, March 12th, 2008 11:00 AM Pacific Time (US & Canada)

URL: TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200)

Replay: Available 24 hours after webcast - same URL

Share this post


Link to post
Share on other sites

NEW SECURITY BULLETIN TECHNICAL DETAILS

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.

 

Bulletin Identifier Microsoft Security Bulletin MS08-014

Bulletin Title Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Executive Summary This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office Excel 2000 Service Pack 3

- Microsoft Office Excel 2002 Service Pack 3

- Microsoft Office Excel 2003 Service Pack 2

- Microsoft Office Excel Viewer 2003

- Microsoft Office Excel 2007

- Microsoft Office Compatibility Pack for Word, Excel,

and PowerPoint 2007 File Formats

- Microsoft Office 2004 for Mac

- Microsoft Office 2008 for Mac

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office Excel 2000 Service Pack 3: MS07-044

- Microsoft Office Excel 2002 Service Pack 3: MS07-044

- Microsoft Office Excel 2003 Service Pack 2: MS07-044

- Microsoft Office Excel Viewer 2003: MS07-044

- Microsoft Office Excel 2007: MS07-036

- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats : MS07-036

- Microsoft Office 2004 for Mac: MS08-013

- Microsoft Office 2008 for Mac: None

Full Details: Microsoft Security Bulletin MS08-014 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Share this post


Link to post
Share on other sites

Bulletin Identifier Microsoft Security Bulletin MS08-015

Bulletin Title Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Executive Summary This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office Outlook 2000 Service Pack 3

- Microsoft Office Outlook 2002 Service Pack 3

- Microsoft Office Outlook 2003 Service Pack 2

- Microsoft Office Outlook 2003 Service Pack 3

- Microsoft Office Outlook 2007

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office Outlook 2000 Service Pack 3: MS07-003

- Microsoft Office Outlook 2002 Service Pack 3: MS07-003

- Microsoft Office Outlook 2003 Service Pack 2: MS07-003

- Microsoft Office Outlook 2003 Service Pack 3: None

- Microsoft Office Outlook 2007: None

Full Details: Microsoft Security Bulletin MS08-015 - Critical: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Share this post


Link to post
Share on other sites

Bulletin Identifier Microsoft Security Bulletin MS08-016

Bulletin Title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office 2000 Service Pack 3

- Microsoft Office XP Service Pack 3

- Microsoft Office 2003 Service Pack 2

- Microsoft Office Excel Viewer 2003

- Microsoft Office Excel Viewer 2003 Service Pack 3

- Microsoft Office 2004 for Mac

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office 2000 Service Pack 3: MS07-025

- Microsoft Office XP Service Pack 3: MS07-025 and MS07-015

- Microsoft Office 2003 Service Pack 2: None

- Microsoft Office Excel Viewer 2003: None

- Microsoft Office Excel Viewer 2003 Service Pack 3: None

- Microsoft Office 2004 for Mac: MS08-013

Full Details: Microsoft Security Bulletin MS08-016 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Share this post


Link to post
Share on other sites

Bulletin Identifier Microsoft Security Bulletin MS08-017

Bulletin Title Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Executive Summary This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Microsoft Office 2000 Web Components. For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update may require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update None

Full Details: Microsoft Security Bulletin MS08-017 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Share this post


Link to post
Share on other sites

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team

Share this post


Link to post
Share on other sites
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte überlege Dir, ob es nicht sinnvoller ist ein neues Thema zu erstellen.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

Werbepartner:



×
×
  • Create New...