Security 10745 Published by

Microsoft published the Security Bulletin Summary for March 2008



This bulletin summary lists security bulletins released for March 2008.
With the release of the bulletins for March 2008, this bulletin summary replaces the bulletin advance notification originally issued March 6, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on March 12, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the March Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

The security bulletins for this month are as follows, in order of severity:

Bulletin Identifier: Microsoft Security Bulletin MS08-014
Bulletin Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Executive Summary: This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart.
Affected Software: Microsoft Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier: Microsoft Security Bulletin MS08-015
Bulletin Title: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart.
Affected Software: Microsoft Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier: Microsoft Security Bulletin MS08-016
Bulletin Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Executive Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart.
Affected Software: Microsoft Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier: Microsoft Security Bulletin MS08-017
Bulletin Title: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Executive Summary: This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software: Microsoft Office Web Components. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin Summary for March 2008