Microsoft Patch Tuesday Security Update for March 2010: Two Bulletins

Microsoft Security Response Center released an advance notification stating that Microsoft will issue two Security Bulletins addressing eight vulnerabilities on Tuesday. Both of the vulnerabilities are rated “Important” and both may require a restart. The list of affected operating systems includes Windows XP (x86 and x64), Windows Vista (x86 and x64), and Windows 7 (x86 and x64). In case of Microsoft Office suites, all supported versions on both Windows and Mac OS X are affected.

The exact breakdown of the bulletins is as follows:

  • Bulletin 1: Important (Remote Code Execution), Windows
  • Bulletin 2: Important (Remote Code Execution), Office

The two security bulletins that are released by Microsoft will patch flaws found in Microsoft Excel, Windows Movie Maker and Microsoft Producer 2003.

The security updates can be downloaded from Windows Update, Microsoft Update or directly from Microsoft websites.

The following table summarizes the security bulletins for this month in order of severity.

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software

MS10-016

Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Windows, Microsoft Office

MS10-017

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

Microsoft Excel, Microsoft Producer 2003 or Windows Movie Maker users should install the security patches to protect their computer system from the vulnerabilities.

You may also like...