March '10 Patch Tuesday Detailed
Each second Tuesday of the month, Microsoft releases updates for its products – this is something we all know as Patch Tuesday. For the month of March, Microsoft announced last week that it would release just two security bulletins – which is breadcrumbs compared to February, when Microsoft rolled out a total of 13 security bulletins (out of which one caused BSOD problems to some users).
Until now, all we knew about the March 2010 Patch Tuesday is that the 2 security bulletins address a total of 8 vulnerabilities plaguing the Windows operating system and the Office productivity suite. Now that Tuesday, March 9th, is behind us, Microsoft has released additional details about the two security bulletins it released. Title: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software:
Rating: Important
Description: Seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software:
The Microsoft Security Response Center (MSRC) has provided these visual representations of the March 2010 Patch Tuesday update.
Until now, all we knew about the March 2010 Patch Tuesday is that the 2 security bulletins address a total of 8 vulnerabilities plaguing the Windows operating system and the Office productivity suite. Now that Tuesday, March 9th, is behind us, Microsoft has released additional details about the two security bulletins it released. Title: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software:
- Microsoft Windows Movie Maker versions 2.x
- Microsoft Windows Movie Maker versions 6.x
- Microsoft Producer 2003
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Microsoft Windows Vista
- Microsoft Windows Vista Service Pack 1
- Microsoft Windows Vista Service Pack 2
- Microsoft Windows Vista x64 Edition
- Microsoft Windows Vista x64 Edition Service Pack 1
- Microsoft Windows Vista x64 Edition Service Pack 2
- Microsoft Windows 7 (32-bit)
- Microsoft Windows 7 (x64)
- MS10-017
Rating: Important
Description: Seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software:
- Microsoft Excel 2002 Service Pack 3
- Microsoft Excel 2003 Service Pack 3
- Microsoft Excel 2007 Service Pack 1
- Microsoft Excel 2007 Service Pack 2
- Microsoft Excel Viewer Service Pack 1
- Microsoft Excel Viewer Service Pack 2
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Office for Mac
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Office SharePoint Server 2007 Service Pack 1
- Microsoft Office SharePoint Server 2007 Service Pack 2
The Microsoft Security Response Center (MSRC) has provided these visual representations of the March 2010 Patch Tuesday update.
