US-CERT Technical Cyber Security Alert TA08-071A -- Microsoft Updates for Multiple Vulnerabilities

[US-CERT Technical Alerts <technical-alerts@xxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


	 National Cyber Alert System

   Technical Cyber Security Alert TA08-071A

Microsoft Updates for Multiple Vulnerabilities

   Original release date: March 11, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Microsoft Office
     * Microsoft Outlook
     * Microsoft Excel
     * Microsoft Excel Viewer
     * Microsoft Office for Mac
     * Microsoft Office Web Componenets

Overview

   Microsoft   has  released  updates  that  address  vulnerabilities  in
   Microsoft  Office,  Outlook,  Excel, Excel Viewer, Office for Mac, and
   Office Web Components.

I. Description

   Microsoft  has released updates to address vulnerabilities that affect
   Microsoft  Office,  Outlook,  Excel, Excel Viewer, Office for Mac, and
   Office  Web  Components  as  part  of  the Microsoft Security Bulletin
   Summary  for March 2008. The most severe vulnerabilities could allow a
   remote,  unauthenticated  attacker to execute arbitrary code. For more
   information, see the US-CERT Vulnerability Notes Database.

II. Impact

   A  remote, unauthenticated attacker could execute arbitrary code, gain
   elevated privileges, or cause a denial of service.

III. Solution

Apply updates from Microsoft

   Microsoft  has provided updates for these vulnerabilities in the March
   2008  security  bulletin.  The  security  bulletin  describe any known
   issues  related  to the updates. Administrators are encouraged to note
   these   issues   and   test   for  any  potentially  adverse  effects.
   Administrators  should consider using an automated update distribution
   system such as Windows Server Update Services (WSUS).

IV. References

 * US-CERT  Vulnerability  Notes  for  Microsoft March 2008 updates
   - <http://www.kb.cert.org/vuls/byid?searchview&query=ms08-mar>

 * Microsoft Security Bulletin Summary for March 2008
   - <http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx>

 * Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/>

 * Windows Server Update Services - <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-071A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@xxxxxxxx> with "TA08-071A Feedback VU#393305" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR9b0APRFkHkM87XOAQLTUwf9HHlM9vQfwMpmCv77RuJKdZgdn5bNTPQA
HjsABoxmVZzE4XnArclHPyMivO8x/oel6UFvZgG/h2oGFarK7h1WpvCFQKE/cNO8
c5o0tRhxMx+ri7w7DnkhmhbWTLQ8coqKjzAioKoc2mboNz+PamQO22INjS3ktOyL
dRA+qwxSsPN3Bi7NDS2DOdUeAA+VdMn0cQTDLHJ7ZPhzy7JOiVXwQwyO3CwNDeOl
C6+FGSk8o1BsMjdP6kRaGnQkgivBi1ID4dcAQA8h0K2IGDPkCBIYiGTvj9pNnpwZ
lrP6DdHyd2idzGEXr2R0VlTQPrhabs+YpZq+qzVh6f2tg+Lc9xBwHg==
=aCnE
-----END PGP SIGNATURE-----