US-CERT Technical Cyber Security Alert TA10-131A -- Microsoft Updates for Multiple Vulnerabilities

National Cyber Alert System
Technical Cyber Security Alert TA10-131A

Microsoft Updates for Multiple Vulnerabilities

Original release date: May 11, 2010
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Outlook Express
Microsoft Windows Mail
Microsoft Windows Live Mail
Microsoft Office
Microsoft Visual Basic for Applications
third-party software that uses Visual Basic for Applications

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.

I. Description

Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010.

Third-party software that distributes VBE6.DLL may also be affected. If the third-party application follows the best practices for using a shared component as a side-by-side assembly, then the component will be updated by the update provided by MS10-031. Otherwise, you should contact the vendor to obtain an updated version of the application with the fixed VBE6.DLL file.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for May 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx>
Microsoft Security Bulletin MS10-031 - Critical - <http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx>
Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Revision History

May 11, 2010: Initial release

Last updated May 11, 2010