Released on Tuesday 9th March 2010, this month’s regular update to Microsoft software to keep those bugs at bay (and keep our software secure!) involves two product areas; Office and Windows.
Both have a single Security Bulletin – meaning a Windows Update for affected Operating Systems (OS).
“MS10-016 addresses one vulnerability in Windows Movie Maker. BothWindows XP and Windows Vista ship withaffected versions (2.1 and 6.0 respectively). Version 2.6 is also vulnerable and can be freely downloaded and installed from the web. Customers who install 2.6 on any supported platform, including Windows 7, will be offered the update. In order to take advantage of the vulnerability, a user would need to open a specially crafted Movie Maker project file. These are files with the .mswmm file extension.”
“MS10-017 affects all currently supported versions of Microsoft Office Excel. It also affects Office 2004 and Office 2008 for Mac, the Open XML File Format Converter for Mac, supported versions of Excel viewer and SharePoint 2007. As with most Office vulnerabilities, a user would have to open a specially crafted file in order to be exploited.”
Microsoft also re-released MS09-033 to add Virtual Server 2005 to the affected products list – worth checking on if you have VS2005 deployments – or to be fair, worth considering moving over to Hyper-V!
In other news relating to potential threats and updates; an issue with Windows Help and VBScript potentially allowing remote code execution on older versions of Windows. This is detailed in Security Advisory 981169 and doesn’t affect Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista.
As usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.