Microsoft Patch Tuesday – March 2010

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly quiet month—the vendor is releasing two bulletins covering a total of eight vulnerabilities.
All of the issues are rated “Important” this month: seven affecting Office/Excel and one affecting Movie Maker and Producer. All of the issues are file-based remote code-execution vulnerabilities in the context of the currently logged-in user.
Microsoft also released a security advisory (981374) today regarding a publicly disclosed vulnerability affecting Internet Explorer 6 and 7. Limited, targeted attacks exploiting this issue have been detected in the wild.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the March releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
The following is a breakdown of the issues being addressed this month:
1. MS10-016 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
CVE-2010-0257 (BID 38547) Microsoft Excel Document (continue reading...)