March, 2008

  • UPDATE: MSRC Blog: Microsoft Security Advisory (950627)

    Hi there, This is Mike of the MSRC, The case of the MDB attack vector The MSRC on Friday afternoon posted an advisory about limited, targeted attacks using JET database files, commonly referenced as file type MDB. Many of you probably remember that MDB files are on the unsafe file type list ( http://support.microsoft.com/kb/925330 ), and are blocked from being opened by Outlook, are commonly removed from incoming email by Exchange, and trigger scary prompts similar to EXEs when...
  • MSRC Blog: Microsoft Security Advisory (950627)

    Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (950627) . This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects c ustomers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007...
  • March 2008 MS08-014 Re-release

    Hello, this is Tim Rains. Very quickly, I wanted to let you know that we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only. The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution...
  • Update: March 2008 Monthly Release

    Bill here. I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used. The issue affects a specific scenario and may not affect you. Please see the bulletin for additional details. Our teams are testing a fix and will release it once it meets our quality bar for broad distribution. Cheers, Bill Sisk...
  • March 2008 Advance Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, March 11, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: · Four Microsoft Security...
  • March 2008 Monthly Release

    Wow! It is already the 2 nd Tuesday of the month, and with it comes the announcement of some new bulletins! This is Tami Gallupe, MSRC Release Manager, and I just wanted to let you know that we just posted our March 2008 Bulletins . We released four bulletins today, all are for Office and all have a maximum severity rating of Critical . Here is a quick list of what we released: MS08-014 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution. Note that this Excel bulletin addresses...