US-CERT Technical Cyber Security Alert TA10-068A -- Microsoft Updates for Multiple Vulnerabilities

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA10-068A

Microsoft Updates for Multiple Vulnerabilities

Original release date:
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office


Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.

I. Description

Microsoft has released security bulletins for multiple
vulnerabilities in Microsoft Movie Maker, Microsoft Office Producer
2003, and Microsoft Office Excel. These bulletins are described in
the Microsoft Security Bulletin Summary for March 2010. Microsoft
notes that affected versions of Microsoft Movie Maker were either
included with Microsoft Windows or available as an optional

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or
cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for March 2010. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

Microsoft notes that there is no security update available for
Microsoft Producer 2003 at this time of this writing. Users can
mitigate the impact to systems with Microsoft Producer 2003 by
applying the automated solution to remove the Microsoft Producer
file associations using the Fix it found in Microsoft Knowledge
Base Article 975561, and by applying the workarounds in Microsoft
Security Bulletin MS10-016.

IV. References

* Microsoft Security Bulletin Summary for March 2010 -

* Microsoft Windows Server Update Services -

* Microsoft Knowledge Base Article 975561 -

* Microsoft Security Bulletin MS10-016 -


The most recent version of this document can be found at:


Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA10-068A Feedback VU#586853" in
the subject.

For instructions on subscribing to or unsubscribing from this
mailing list, visit <>.

Produced 2010 by US-CERT, a government organization.

Terms of use:


Revision History

March 09, 2010: Initial release

Version: GnuPG v1.4.5 (GNU/Linux)


Relevant Pages

  • <>
    ... > Microsoft Security Bulletin Advance Notification issued: ... > Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. ...
  • [NT] Microsoft ASN.1 Library Vulnerability Could Allow Code Execution (MS04-007)
    ... Get your security news from a reliable source. ... A security vulnerability exists in the Microsoft ASN.1 Library that could ... * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
  • Re: Does Microsoft take Security Seriously? - Internet Bank hacked - it could happen to you!
    ... take security seriously. ... I have used Microsoft products for year without ... while downloading those updates. ... As soon as I connected to the Internet, I did a Windows Update - I ...
  • Re: Microsoft Security Bulletins for December 2007
    ... Microsoft released today the following security bulletins. ... high-priority updates and 2007 ... Microsoft Office Service Pack 1 on Microsoft Update and Windows ...