March Microsoft Patch Tuesday
Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution. Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office. Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin. Summary information is included below:
- Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) MS10-016 – This update fixes a privately-reported remote code execution vulnerability in software included with Microsoft Windows. Namely, Microsoft Windows Movie Maker and Microsoft Producer 2003 are affected. This vulnerability is rated Important for Windows XP and Windows Vista. Microsoft reports that Windows Server 2003 and 2008, and Windows 7 are not affected by this vulnerability.
- Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) MS10-017 – This update fixes privately-reported remote code execution vulnerabilities in Microsoft Office Excel. This vulnerability is rated Important by Microsoft. Attackers can exploit this vulnerability by tricking a victim into opening a maliciously-crafted Excel file.
Gladiator recommends that users patch their workstation systems quickly for MS10-017. Other patches can be released during your normal update windows.
Related Links:
- Microsoft Security Bulletin (https://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx)
- SANS ISC Diary (http://isc.sans.org/diary.html?storyid=8392)