Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Releases Security Advisory 968272 Relating To A Vulnerability In Office Excel - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Releases Security Advisory 968272 Relating To A Vulnerability In Office Excel

This day just keeps getting better and better...

Earlier today, an ISC Reader (Thanks Sander) gave us a heads-up to the following URL pertaining to a Vulnerability in Microsoft Office Excel:  (http://www.securityfocus.com/bid/33870/info).

Further searching Symantec's Security Response section of their website reveals this URL giving more information to the vulnerability that is being exploited:  (http://www.symantec.com/security_response/writeup.jsp?docid=2009-022310-4202-99).

Finally, Microsoft has now released Advisory 968272 pertaining to the above:(http://www.microsoft.com/technet/security/advisory/968272.mspx)

G.N. White

Handler On Duty (So what else could go wrong today?)

 

 

G. N.

23 Posts
Not content with just an Excel 0-day Advisory, Microsoft has released 16 unrelated UPDATES today!

New Update Alert
The following 16 new updates have been synchronized to [snip] since Tuesday, February 24, 2009 7:12 PM (GMT).


Critical and Security Updates ------------------------------------
Update for Windows Server 2003 (KB961118)
Install this update to resolve an issue in which an Inbox Printer driver may be unsigned after you install the Microsoft .NET Framework 3.5 SP1. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 x64 Edition (KB961118)
Install this update to resolve an issue in which an Inbox Printer driver may be unsigned after you install the Microsoft .NET Framework 3.5 SP1. After you install this item, you may have to restart your computer.

Update for Windows XP (KB961118)
Install this update to resolve an issue in which an Inbox Printer driver may be unsigned after you install the Microsoft .NET Framework 3.5 SP1. After you install this item, you may have to restart your computer.

Update for Windows 2000 (KB967715)
Install this update to resolve an issue in which AutoRun features were not correctly disabled. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 (KB967715)
Install this update to resolve an issue in which AutoRun features were not correctly disabled. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 for Itanium-based Systems (KB967715)
Install this update to resolve an issue in which AutoRun features were not correctly disabled. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 x64 Edition (KB967715)
Install this update to resolve an issue in which AutoRun features were not correctly disabled. After you install this item, you may have to restart your computer.

Update for Windows XP (KB967715)
Install this update to resolve an issue in which AutoRun features were not correctly disabled. After you install this item, you may have to restart your computer.


Other Updates ------------------------------------
Update for Root Certificates
This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables you to use Extended Validation (EV) certificates in Internet Explorer 7, a greater range of security enhanced Web browsing, encrypted e-mail, and security enhanced code delivery. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.

Office Accounting 2009 Service Pack 1 For Accounting Professional 2009 and for Accounting Express 2009 UK
Microsoft Office Accounting 2009 Service Pack 1 provides the latest updates for the U.S. and U.K. versions of Microsoft Office Accounting Professional 2009 and Microsoft Office Accounting Express 2009. This service pack addresses several issues.

Office Accounting 2009 Service Pack 1 For Accounting Professional 2009 and for Accounting Express 2009
Microsoft Office Accounting 2009 Service Pack 1 provides the latest updates for the U.S. and U.K. versions of Microsoft Office Accounting Professional 2009 and Microsoft Office Accounting Express 2009. This service pack addresses several issues.

Update for Windows Server 2008 x64 Edition (KB959772)
Install this update to enable Windows Media Player to automatically correct an error which may occur when DRM protected content requires an update to the license. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

Update for Windows Server 2008 (KB959772)
Install this update to enable Windows Media Player to automatically correct an error which may occur when DRM protected content requires an update to the license. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

Update for Windows Vista (KB959772)
Install this update to enable Windows Media Player to automatically correct an error which may occur when DRM protected content requires an update to the license. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

Update for Windows XP (KB959772)
Install this update to enable Windows Media Player to automatically correct an error which may occur when DRM protected content requires an update to the license. After you install this item, you may have to restart your computer.

Update for Root Certificates
This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables you to use Extended Validation (EV) certificates in Internet Explorer 7, a greater range of security enhanced Web browsing, encrypted e-mail, and security enhanced code delivery. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!