Video Screencast Help
Security Response

Microsoft Patch Tuesday - March 2010

Created: 09 Mar 2010 21:17:52 GMT • Updated: 23 Jan 2014 18:29:01 GMT
Robert Keith's picture
+1 1 Vote
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly quiet month—the vendor is releasing two bulletins covering a total of eight vulnerabilities.

All of the issues are rated “Important” this month: seven affecting Office/Excel and one affecting Movie Maker and Producer. All of the issues are file-based remote code-execution vulnerabilities in the context of the currently logged-in user.

Microsoft also released a security advisory (981374) today regarding a publicly disclosed vulnerability affecting Internet Explorer 6 and 7. Limited, targeted attacks exploiting this issue have been detected in the wild.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the March releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

The following is a breakdown of the issues being addressed this month:

1. MS10-016 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

CVE-2010-0257 (BID 38547) Microsoft Excel Document Parsing (CVE-2010-0257) Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when handling specially crafted Excel files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2002 SP3

CVE-2010-0258 (BID 38550) Microsoft Excel Object Type Confusion Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to a type confusion when handling specially crafted Excel files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2002 SP3, Microsoft Office Excel 2003 SP3, Microsoft Office Excel 2007 SP1 and SP2, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Office Excel Viewer SP1 and SP2, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

CVE-2010-0260 (BID 38551) Microsoft Excel MDXTUPLE Record Remote Heap Buffer Overflow Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to an heap overflow when handling specially crafted Excel files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2007 SP1 and SP2, Microsoft Office Excel Viewer SP1 and SP2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

CVE-2010-0261 (BID 38552) Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to a heap overflow when handling specially crafted Excel files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2007 SP1 and SP2, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

CVE-2010-0262 (BID 38553) Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to the handling of uninitialized memory when opening a specially crafted Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2007 SP1 and SP2, and Microsoft Office 2004 for Mac

CVE-2010-0263 (BID 38554) Microsoft Excel XLSX File Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when parsing a specially crafted Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2007 SP1 and SP2, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Office Excel Viewer SP1 and SP2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Microsoft Office SharePoint Server 2007 SP1 and SP2 (32-bit editions) and Microsoft Office SharePoint Server 2007 SP1 and SP2 (64-bit editions)

CVE-2010-0264 (BID 38555) Microsoft Excel DbOrParamQry Record Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote-code execution vulnerability affects Excel when parsing records in a specially crafted Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2002 SP3, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac

2. MS10-017 Vulnerability in Microsoft Movie Maker Could Allow Remote Code Execution (975561)

CVE-2010-0265 (BID 38515) Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Movie Maker and Microsoft Producer when processing specially crafted Movie Maker project files (‘.mswmm’). An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Movie Maker project file with the affected application. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Movie Maker 2.1, 2.6 and 6.0, and Microsoft Producer 2003

======================================

More information on these and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.