Microsoft Security Bulletin(s) for March 11 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx

Critical (4)

Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx

Microsoft Security Bulletin MS08-015
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx

Microsoft Security Bulletin MS08-016
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx

Microsoft Security Bulletin MS08-017
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update (http://www.windowsupdate.com/) and Office Update (http://office.microsoft.com/OfficeUpdate/) or Microsoft Update (http://update.microsoft.com/microsoftupdate) websites. You may also get the updates thru Automatic Updates (http://www.microsoft.com/athome/security/update/bulletins/automaticupdates.mspx) functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx).

TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200)
Event ID: 1032357217

Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, March 12, 2008 11:00 AM Pacific Time (US & Canada)


Event Overview

On March 11, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the March security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Bill Sisk, Security Response Communications Manager, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the March security bulletin webcast (http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357219&Culture=en-US).

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: March 11, 2008
New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Virtumonde
http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fVirtumonde

• Vundo
http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fVundo

Microsoft Security Bulletin MS08-014 - Critical

Microsoft Security Bulletin MS08-014 - Critical
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Published: March 11, 2008 | Updated: March 13, 2008

- Reason for Revision: FAQ added about known issues relating to
users of Excel 2003 Service Pack 2 or Service Pack 3

Revisions• V1.0 (March 11, 2008 Bulletin published.

• V1.1 (March 12, 2008 Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update.

• V2.0 (March 13, 2008 Bulletin updated. FAQ added about known issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.

http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx

Microsoft Security Bulletin Re-Releases
Issued: March 19, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-014 - Critical

Bulletin Information:
=====================

* MS08-014 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx

- Reason for Revision: V3.0 March 19, 2008 Bulletin updated.
Added Excel Viewer 2003 Service Pack 3 and Compatibility Pack
Service Pack 1 to non-affected software. Added FAQ added
about re-release to fix known issues relating to Excel 2003
Service Pack 2 or Service Pack 3. Updated the file name of
the Excel 2003 update executable.
- Originally posted: March 11, 2008
- Updated: March 19, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0


Revisions• V1.0 March 11, 2008 Bulletin published.

• V1.1 March 12, 2008 Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update.

• V2.0 March 13, 2008 Bulletin updated. FAQ added about known issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.

• V3.0 March 19, 2008 Bulletin updated. Added Excel Viewer 2003 Service Pack 3 and Compatibility Pack Service Pack 1 to non-affected software. Added FAQ about re-release to fix known issues relating to Excel 2003 Service Pack 2 or Service Pack 3. Updated the file name of the Excel 2003 update executable.

March 2008 MS08-014 Re-release

-{ Quote: "Hello, this is Tim Rains.

Very quickly, I wanted to let you know that we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only.

The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function). For additional details, please refer to KB950340.



If you're not running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action.

If you are running Microsoft Excel 2003 Service Pack 2 or Service Pack 3, you should use the guidance provided in Knowledge Base article KB950340 to deploy the new update. It is being released through all the same distribution channels as the original MS08-014 security update. It is also supported by the same detection and deployment tools as the original update.

Thanks.

Tim

*This posting is provided "AS IS" with no warranties, and confers no rights.*" }-