Microsoft delivers two latest security updates to fix eight vulnerabilities affecting Excel and Movie Maker.
As promised, Patch Tuesday for March 2010 is not commensurate with its predecessor. Much lighter. It proposes two new updates to the security severity rating of important vulnerabilities executing remote code.
MS10-016 addresses a vulnerability in the video editing software Windows Movie Maker. Versions 2.1 and 6.0 present by default in Windows XP and Windows Vista are affected, as well as version 2.6 can be downloaded via the Web for example take place in Windows 7. Note that Microsoft does not mention a vulnerability in Windows Live Movie Maker.
To exploit this vulnerability, a user must open a project specially designed Movie Maker (file extension. Mswmm). The vulnerability has been reported confidentially. Microsoft Producer 2003 is also vulnerable, but that it has no mechanism for automatic update, no fix is available yet.
Producer 2003 is a complement to PowerPoint 2003 and 2002 to capture and synchronize audio and video presentations destination. Microsoft, continuing its investigations, "advises uninstalling Producer 2003 or at least remove the associations with the files. Mswmm.
Count to seven for Excel
MS010-017 fixes seven vulnerabilities in Excel. All currently supported versions are affected as well as Office 2004 and 2008 for Mac, converter file formats to Open XML Mac, all versions of Microsoft Office Excel Viewer and Compatibility Pack Microsoft Office.
For operation, the user opens a specially crafted file to allow execution of remote code. These vulnerabilities have again been reported confidentially.
It will point the finger at the "omissions" from the Patch Tuesday in March 2010 with a vulnerability in VBScript that can entrap Internet Explorer on Windows XP (no attacks reported), a vulnerability SMB (Server Message Block) on Windows dating back to November 7 last.