-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-068A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. I. Description Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Movie Maker, Microsoft Office Producer 2003, and Microsoft Office Excel. These bulletins are described in the Microsoft Security Bulletin Summary for March 2010. Microsoft notes that affected versions of Microsoft Movie Maker were either included with Microsoft Windows or available as an optional download. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Microsoft notes that there is no security update available for Microsoft Producer 2003 at this time of this writing. Users can mitigate the impact to systems with Microsoft Producer 2003 by applying the automated solution to remove the Microsoft Producer file associations using the Fix it found in Microsoft Knowledge Base Article 975561, and by applying the workarounds in Microsoft Security Bulletin MS10-016. IV. References * Microsoft Security Bulletin Summary for March 2010 - <http://www.microsoft.com/technet/security/bulletin/MS10-mar.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Knowledge Base Article 975561 - <http://support.microsoft.com/kb/975561> * Microsoft Security Bulletin MS10-016 - <http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-068A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA10-068A Feedback VU#586853" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS5bAnT6pPKYJORa3AQJgXwgAvE0mmWRlV/XF5k/H6yf5ZHocmH80a3+P CpGT1DWFDbBLEO2I6jq9bJM8yNCmeTzG0v3XkwGe6fQ29KuILMTRqwDPgdB5gDHh MPfnxX/PJN8LBR8Qog8T6ilOTXEgYHj/6RN4j5iOmZjpbgkUKmGfDxevht2DDOjK e7y0tseZuKee4Vb1pZgpFHyjspMQ1ksVQbyvklAQkPL9DSnq+uk6lFBxQnnJ36pR I4Lku7Qf3kjSc3yJWFXkXhAcMx6RbPasogtnU9MBDlOC69X3W3m4RxaXB87RwFV8 XDqtuyrINJ6RJHEg0V/gZCT0+mgfUpkqPWS9uaaPSp24LwDGj5yqQw== =+osT -----END PGP SIGNATURE-----