United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Microsoft Black Tuesday: Microsoft Excel and Movie Maker Files Threaten Windows Users.

9 March 2010 -- Microsoft's March Patch Day has gone live and it's a light one, as expected. Their Bulletin Summary for March highlights two important security bulletins, which fix code execution vulnerabilities in both Microsoft Excel (part of the Office package) and Microsoft Movie Maker. By tricking you into downloading a malicious Excel file or Movie Maker project, and convincing you to open either file in the correct application, an attacker can exploit either of these vulnerabilities to execute code on your computer, with your privileges. Since most Windows users have local administrative privileges, attackers can often use this type of flaw to gain complete control of your computer.

Although Microsoft rates these flaws as Important, they still pose a significant risk. Attackers can leverage them to gain total control of your machine. The only thing keeping these flaws from the Critical rating is probably the user interaction necessary for this type of attack to succeed (opening a file in a particular program). Since many business users run Office, I believe the Excel vulnerability poses the biggest risk. So I'd apply that update first. On the flip side, I doubt many business users leverage Movie Maker much. Nonetheless, you might as well apply that patch quickly too.

You can learn more about this security bulletin in the table provided in Microsoft's Bulletin Summary for March. Microsoft's tables (arranged in order of severity) link directly to this month's bulletins and patches. Expand the "Affected Software and Download Location" section of the Summary to find a valuable table that will help you develop your own deployment strategy.

LiveSecurity and LiveSecurity Informer subscribers will receive more detailed information about these flaws, and how to fix them, in alerts we're working on right now. -- Corey Nachreiner, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.