Dr.Melzer 191 Geschrieben 12. März 2008 Melden Teilen Geschrieben 12. März 2008 gestern Abend wurden die Microsoft Security Bulletins für März 2007 veröffentlicht. Die Veröffentlichung der Bulletins für März 2008 ersetzt die Bulletin Advance Notification, die erstmalig am 6. März 2008 veröffentlicht wurde. Weitere Infos findet Ihr nachfolgend und auch unter: Microsoft Security Bulletin Summary für März*2008 What is the purpose of this alert? This alert is to provide you with an overview of the new security bulletins being released on 11 March 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities. New Security Bulletins: Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS08-014 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution MS08-015 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution MS08-016 Critical Microsoft Office. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution MS08-017 Critical Microsoft Office Web Components. For more information, see the Security Bulletin Technical Details section below. Remote Code Execution Summaries for these new bulletins may be found at the following pages: Microsoft Security Bulletin Summary for March 2008 Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000 High-Priority Non-Security Updates High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2008 PUBLIC BULLETIN WEBCAST Microsoft will host a Webcast to address customer questions on these bulletins: Title: Information about Microsoft March Security Bulletins (Level 200) Date: Wednesday, March 12th, 2008 11:00 AM Pacific Time (US & Canada) URL: TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200) Replay: Available 24 hours after webcast - same URL Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 NEW SECURITY BULLETIN TECHNICAL DETAILS In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle. Bulletin Identifier Microsoft Security Bulletin MS08-014 Bulletin Title Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) Executive Summary This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Affected Software - Microsoft Office Excel 2000 Service Pack 3 - Microsoft Office Excel 2002 Service Pack 3 - Microsoft Office Excel 2003 Service Pack 2 - Microsoft Office Excel Viewer 2003 - Microsoft Office Excel 2007 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats - Microsoft Office 2004 for Mac - Microsoft Office 2008 for Mac For more information, see the Affected Software section of the bulletin at the link below. Restart Requirement The update will not require a restart. Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions. Bulletins Replaced by This Update - Microsoft Office Excel 2000 Service Pack 3: MS07-044 - Microsoft Office Excel 2002 Service Pack 3: MS07-044 - Microsoft Office Excel 2003 Service Pack 2: MS07-044 - Microsoft Office Excel Viewer 2003: MS07-044 - Microsoft Office Excel 2007: MS07-036 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats : MS07-036 - Microsoft Office 2004 for Mac: MS08-013 - Microsoft Office 2008 for Mac: None Full Details: Microsoft Security Bulletin MS08-014 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 Bulletin Identifier Microsoft Security Bulletin MS08-015 Bulletin Title Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) Executive Summary This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Affected Software - Microsoft Office Outlook 2000 Service Pack 3 - Microsoft Office Outlook 2002 Service Pack 3 - Microsoft Office Outlook 2003 Service Pack 2 - Microsoft Office Outlook 2003 Service Pack 3 - Microsoft Office Outlook 2007 For more information, see the Affected Software section of the bulletin at the link below. Restart Requirement The update will not require a restart. Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions. Bulletins Replaced by This Update - Microsoft Office Outlook 2000 Service Pack 3: MS07-003 - Microsoft Office Outlook 2002 Service Pack 3: MS07-003 - Microsoft Office Outlook 2003 Service Pack 2: MS07-003 - Microsoft Office Outlook 2003 Service Pack 3: None - Microsoft Office Outlook 2007: None Full Details: Microsoft Security Bulletin MS08-015 - Critical: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 Bulletin Identifier Microsoft Security Bulletin MS08-016 Bulletin Title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Affected Software - Microsoft Office 2000 Service Pack 3 - Microsoft Office XP Service Pack 3 - Microsoft Office 2003 Service Pack 2 - Microsoft Office Excel Viewer 2003 - Microsoft Office Excel Viewer 2003 Service Pack 3 - Microsoft Office 2004 for Mac For more information, see the Affected Software section of the bulletin at the link below. Restart Requirement The update will not require a restart. Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions. Bulletins Replaced by This Update - Microsoft Office 2000 Service Pack 3: MS07-025 - Microsoft Office XP Service Pack 3: MS07-025 and MS07-015 - Microsoft Office 2003 Service Pack 2: None - Microsoft Office Excel Viewer 2003: None - Microsoft Office Excel Viewer 2003 Service Pack 3: None - Microsoft Office 2004 for Mac: MS08-013 Full Details: Microsoft Security Bulletin MS08-016 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 Bulletin Identifier Microsoft Security Bulletin MS08-017 Bulletin Title Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) Executive Summary This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Affected Software Microsoft Office 2000 Web Components. For more information, see the Affected Software section of the bulletin at the link below. Restart Requirement The update may require a restart. Removal Information Removal instructions vary depending on which component is being updated. Please see the Security Update Deployment section of the bulletin at the link below for specific instructions. Bulletins Replaced by This Update None Full Details: Microsoft Security Bulletin MS08-017 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 12. März 2008 Autor Melden Teilen Geschrieben 12. März 2008 REGARDING INFORMATION CONSISTENCY We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative. If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft CSS Security Team Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.