Jump to content

Alert - Critical Product Vulnerability - March 2008 Microsoft Security Bulletin Relea


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

gestern Abend wurden die Microsoft Security Bulletins für März 2007 veröffentlicht. Die Veröffentlichung der Bulletins für März 2008 ersetzt die Bulletin Advance Notification, die erstmalig am 6. März 2008 veröffentlicht wurde.

 

Weitere Infos findet Ihr nachfolgend und auch unter: Microsoft Security Bulletin Summary für März*2008

 

 

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletins being released on 11 March 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.

 

New Security Bulletins:

 

Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities:

 

Bulletin Number Maximum Severity Affected Products Impact

MS08-014 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-015 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-016 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

MS08-017 Critical Microsoft Office Web Components. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution

 

Summaries for these new bulletins may be found at the following pages:

Microsoft Security Bulletin Summary for March 2008

Link zu diesem Kommentar

Microsoft Windows Malicious Software Removal Tool

 

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

 

High-Priority Non-Security Updates

 

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2008

 

PUBLIC BULLETIN WEBCAST

 

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft March Security Bulletins (Level 200)

Date: Wednesday, March 12th, 2008 11:00 AM Pacific Time (US & Canada)

URL: TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200)

Replay: Available 24 hours after webcast - same URL

Link zu diesem Kommentar

NEW SECURITY BULLETIN TECHNICAL DETAILS

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.

 

Bulletin Identifier Microsoft Security Bulletin MS08-014

Bulletin Title Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Executive Summary This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office Excel 2000 Service Pack 3

- Microsoft Office Excel 2002 Service Pack 3

- Microsoft Office Excel 2003 Service Pack 2

- Microsoft Office Excel Viewer 2003

- Microsoft Office Excel 2007

- Microsoft Office Compatibility Pack for Word, Excel,

and PowerPoint 2007 File Formats

- Microsoft Office 2004 for Mac

- Microsoft Office 2008 for Mac

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office Excel 2000 Service Pack 3: MS07-044

- Microsoft Office Excel 2002 Service Pack 3: MS07-044

- Microsoft Office Excel 2003 Service Pack 2: MS07-044

- Microsoft Office Excel Viewer 2003: MS07-044

- Microsoft Office Excel 2007: MS07-036

- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats : MS07-036

- Microsoft Office 2004 for Mac: MS08-013

- Microsoft Office 2008 for Mac: None

Full Details: Microsoft Security Bulletin MS08-014 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Link zu diesem Kommentar

Bulletin Identifier Microsoft Security Bulletin MS08-015

Bulletin Title Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Executive Summary This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office Outlook 2000 Service Pack 3

- Microsoft Office Outlook 2002 Service Pack 3

- Microsoft Office Outlook 2003 Service Pack 2

- Microsoft Office Outlook 2003 Service Pack 3

- Microsoft Office Outlook 2007

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office Outlook 2000 Service Pack 3: MS07-003

- Microsoft Office Outlook 2002 Service Pack 3: MS07-003

- Microsoft Office Outlook 2003 Service Pack 2: MS07-003

- Microsoft Office Outlook 2003 Service Pack 3: None

- Microsoft Office Outlook 2007: None

Full Details: Microsoft Security Bulletin MS08-015 - Critical: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Link zu diesem Kommentar

Bulletin Identifier Microsoft Security Bulletin MS08-016

Bulletin Title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software - Microsoft Office 2000 Service Pack 3

- Microsoft Office XP Service Pack 3

- Microsoft Office 2003 Service Pack 2

- Microsoft Office Excel Viewer 2003

- Microsoft Office Excel Viewer 2003 Service Pack 3

- Microsoft Office 2004 for Mac

 

For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update will not require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update - Microsoft Office 2000 Service Pack 3: MS07-025

- Microsoft Office XP Service Pack 3: MS07-025 and MS07-015

- Microsoft Office 2003 Service Pack 2: None

- Microsoft Office Excel Viewer 2003: None

- Microsoft Office Excel Viewer 2003 Service Pack 3: None

- Microsoft Office 2004 for Mac: MS08-013

Full Details: Microsoft Security Bulletin MS08-016 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Link zu diesem Kommentar

Bulletin Identifier Microsoft Security Bulletin MS08-017

Bulletin Title Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Executive Summary This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Microsoft Office 2000 Web Components. For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update may require a restart.

Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions.

Bulletins Replaced by This Update None

Full Details: Microsoft Security Bulletin MS08-017 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Link zu diesem Kommentar

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team

Link zu diesem Kommentar
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
×
  • Neu erstellen...