-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-131A Microsoft Updates for Multiple Vulnerabilities Original release date: May 11, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Outlook Express * Microsoft Windows Mail * Microsoft Windows Live Mail * Microsoft Office * Microsoft Visual Basic for Applications * third-party software that uses Visual Basic for Applications Overview Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. I. Description Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010. Third-party software that distributes VBE6.DLL may also be affected. If the third-party application follows the best practices for using a shared component as a side-by-side assembly, then the component will be updated by the update provided by MS10-031. Otherwise, you should contact the vendor to obtain an updated version of the application with the fixed VBE6.DLL file. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for May 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx> * Microsoft Security Bulletin MS10-031 - Critical - <http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-131A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA10-131A Feedback VU#617092" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 11, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS+m0fz6pPKYJORa3AQI3NQf/RhDVC52OJXDRHyTEdRHRgIkaR1oIH2iC StFdl15uF5Ym0eAqz6H8E7DxvG8gCnflPjvocyLC6dFfyV/k1E12HMou0tH0cfAZ 3DsjI77irngiN3tCN0vansmBnM5uiacveQRPP4thcjGy9BeVxzhsUar759pTt85e 6Mytazl54yINv71OftNpCdSJ++8J4k3l68rIUlXerdhdK5Z5N21TDlOdx33OwMcU 2FeseljNK7iDTlN133SPgwfL9DiipdGncjbIpoGnDt+/MRV7OFXA8U9SQP5DairD uDtd96navz10+XADrGlhdbMr1w4kpKz4Z2I+Lxa+CIQvqcvav4+NEg== =RAsv -----END PGP SIGNATURE-----