Technical Cyber Security Alert 2010-131A - Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.
734937a93aad140f993320ea92d9ed2ca13f36c93bab8370832391104cef175e
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA10-131A
Microsoft Updates for Multiple Vulnerabilities
Original release date: May 11, 2010
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Live Mail
* Microsoft Office
* Microsoft Visual Basic for Applications
* third-party software that uses Visual Basic for Applications
Overview
Microsoft has released updates to address vulnerabilities in
Microsoft Outlook Express, Microsoft Windows Mail, Microsoft
Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for
Applications.
I. Description
Microsoft has released security bulletins for multiple
vulnerabilities in Microsoft Outlook Express, Microsoft Windows
Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft
Visual Basic for Applications. These bulletins are described in the
Microsoft Security Bulletin Summary for May 2010.
Third-party software that distributes VBE6.DLL may also be
affected. If the third-party application follows the best practices
for using a shared component as a side-by-side assembly, then the
component will be updated by the update provided by MS10-031.
Otherwise, you should contact the vendor to obtain an updated
version of the application with the fixed VBE6.DLL file.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code or
cause a vulnerable application to crash.
III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for May 2010. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).
IV. References
* Microsoft Security Bulletin Summary for May 2010 -
<http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx>
* Microsoft Security Bulletin MS10-031 - Critical -
<http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA10-131A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA10-131A Feedback VU#617092" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 11, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS+m0fz6pPKYJORa3AQI3NQf/RhDVC52OJXDRHyTEdRHRgIkaR1oIH2iC
StFdl15uF5Ym0eAqz6H8E7DxvG8gCnflPjvocyLC6dFfyV/k1E12HMou0tH0cfAZ
3DsjI77irngiN3tCN0vansmBnM5uiacveQRPP4thcjGy9BeVxzhsUar759pTt85e
6Mytazl54yINv71OftNpCdSJ++8J4k3l68rIUlXerdhdK5Z5N21TDlOdx33OwMcU
2FeseljNK7iDTlN133SPgwfL9DiipdGncjbIpoGnDt+/MRV7OFXA8U9SQP5DairD
uDtd96navz10+XADrGlhdbMr1w4kpKz4Z2I+Lxa+CIQvqcvav4+NEg==
=RAsv
-----END PGP SIGNATURE-----