微软三月安全公告发布

作者: 天晴无名氏日期: 2008-03-15 01:22

字体大小: 小中大

微软已经发布了三月安全公告,本月的公告数量并不多,仅仅4个,
但是危险性却是非常的大,其中还包括Microsoft Excel的0day漏洞,
利用该漏洞的攻击代码和恶意软件均已在网上开始传播.
此外,其它三个补丁的风险评级无一例外都是“危急”等级,
希望大家注意对自己的系统进行修补工作.

查看:Microsoft Security Bulletin Summary for March 2008
Bulletin Identifier
Microsoft Security Bulletin MS08-014
Bulletin Title
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Executive Summary
This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote
code execution if a user opens a specially crafted Excel file.
An attacker who successfully exploited these vulnerabilities
could take complete control of an affected system.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate
with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update. The update will not require a restart.
Affected Software
Microsoft Office. For more information,
see the Affected Software and Download Locations section.

Bulletin Identifier
Microsoft Security Bulletin MS08-015
Bulletin Title
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Executive Summary
This security update resolves a privately reported vulnerability
in Microsoft Office Outlook. The vulnerability could allow remote
code execution if Outlook is passed a specially crafted mailto URI.
An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights. This vulnerability is not exploitable
by simply viewing an e-mail through the Outlook preview pane.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update. The update will not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software
and Download Locations section.

Bulletin Identifier
Microsoft Security Bulletin MS08-016
Bulletin Title
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Executive Summary
This security update resolves two privately reported vulnerabilities
in Microsoft Office that could allow remote code execution
if a user opens a malformed Office file. An attacker who successfully
exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users
who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update. The update will not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download
Locations section.

Bulletin Identifier
Microsoft Security Bulletin MS08-017
Bulletin Title
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Executive Summary
This critical update resolves two privately reported vulnerabilities
in Microsoft Office Web Components. These vulnerabilities could allow remote code
execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with
administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update. The update may require a restart.
Affected Software
Microsoft Office Web Components. For more information,
see the Affected Software and Download Locations section.