-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA10-131A


Microsoft Updates for Multiple Vulnerabilities

   Original release date: May 11, 2010
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Outlook Express
     * Microsoft Windows Mail
     * Microsoft Windows Live Mail
     * Microsoft Office
     * Microsoft Visual Basic for Applications
     * third-party software that uses Visual Basic for Applications


Overview

   Microsoft has released updates to address vulnerabilities in
   Microsoft Outlook Express, Microsoft Windows Mail, Microsoft
   Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for
   Applications.


I. Description

   Microsoft has released security bulletins for multiple
   vulnerabilities in Microsoft Outlook Express, Microsoft Windows
   Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft
   Visual Basic for Applications. These bulletins are described in the
   Microsoft Security Bulletin Summary for May 2010.

   Third-party software that distributes VBE6.DLL may also be
   affected. If the third-party application follows the best practices
   for using a shared component as a side-by-side assembly, then the
   component will be updated by the update provided by MS10-031.
   Otherwise, you should contact the vendor to obtain an updated
   version of the application with the fixed VBE6.DLL file.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code or
   cause a vulnerable application to crash.


III. Solution

   Apply updates from Microsoft

   Microsoft has provided updates for these vulnerabilities in the
   Microsoft Security Bulletin Summary for May 2010. The security
   bulletin describes any known issues related to the updates.
   Administrators are encouraged to note these issues and test for any
   potentially adverse effects. Administrators should consider using
   an automated update distribution system such as Windows Server
   Update Services (WSUS).


IV. References

 * Microsoft Security Bulletin Summary for May 2010 -
   <http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx>

 * Microsoft Security Bulletin MS10-031 - Critical -
   <http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx>

 * Microsoft Windows Server Update Services -
   <http://technet.microsoft.com/en-us/wsus/default.aspx>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA10-131A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA10-131A Feedback VU#617092" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2010 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

  May 11, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS+m0fz6pPKYJORa3AQI3NQf/RhDVC52OJXDRHyTEdRHRgIkaR1oIH2iC
StFdl15uF5Ym0eAqz6H8E7DxvG8gCnflPjvocyLC6dFfyV/k1E12HMou0tH0cfAZ
3DsjI77irngiN3tCN0vansmBnM5uiacveQRPP4thcjGy9BeVxzhsUar759pTt85e
6Mytazl54yINv71OftNpCdSJ++8J4k3l68rIUlXerdhdK5Z5N21TDlOdx33OwMcU
2FeseljNK7iDTlN133SPgwfL9DiipdGncjbIpoGnDt+/MRV7OFXA8U9SQP5DairD
uDtd96navz10+XADrGlhdbMr1w4kpKz4Z2I+Lxa+CIQvqcvav4+NEg==
=RAsv
-----END PGP SIGNATURE-----