A Penton Media Property
March 12, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342583-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
Storage Guardian
Keys to Backing Up and Securing Data at Remote Business Sites
Are you part of a growing business operating in multiple locations? Do
you find IT resources being stretched, resulting in remote sites getting
shorted, especially when it comes to data protection? In this podcast,
David Chernicoff discusses the issues surrounding data backup to remote
sites and offers ideas and suggestions for accomplishing these backups.
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342584-0-0-0-1-2-207
----------------------------------------
ALERT
--4 Microsoft Security Bulletins for March 2008
by Orin Thomas, MVP Windows Security
Microsoft released four Microsoft Office-related security updates for
March, rating all of them as critical. Here's a brief description of
each update; for more information, go to
www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342585-0-0-0-1-2-207)
MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
The attack vector for this vulnerability is a specially created Excel
file that must be opened by the target of the attack. The most severe
consequence from an attack leveraging this vulnerability is an attacker
gaining complete control over the affected computer. This bulletin
replaces previous bulletins MS07-044, MS07-036, and MS08-013.
Applies to: Office 2000, Office XP, Office 2003, Office 2007, Office
2004 for Mac, Office 2008 for Mac
Recommendation: Microsoft rates this update as critical for Excel 2000
and important for other affected Excel versions. Given the frequency
with which organizations share Excel documents and that the
vulnerability has been publicly reported, you should prioritize the
testing and deployment of this update.
MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Code
Execution
The attack vector for this vulnerability is a specially created mailto
URI. This vulnerability is not exploitable by the target of the attack
simply opening an email message. The most severe consequence from an
attack leveraging this vulnerability is an attacker gaining complete
control over the affected computer. This bulletin replaces previous
bulletin MS07-003.
Applies to: Office 2000, Office XP, Office 2003, Office 2007
Recommendation: Microsoft rates this update as critical. This
vulnerability was privately disclosed to Microsoft, so you can give the
testing and deployment of this update a lower priority than the other
updates in this bulletin.
MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution
The attack vector for this vulnerability is a specially created Office
file that must be opened by the target of the attack. The most severe
consequence from an attack leveraging this vulnerability is an attacker
gaining complete control over the affected computer. This bulletin
replaces previous bulletins MS07-025, MS07-015, and MS08-013.
Applies to: Office 2000, Office XP, Office 2003, Office 2004 for Mac
Recommendation: Microsoft rates this update as critical for Office 2000
and important for all other versions of Office that are affected.
MS08-017: Vulnerabilities in Microsoft Office Web Components Could Allow
Remote Code Execution
The attack vector for these vulnerabilities is a specially created Web
page that, if navigated to, would allow the attacker to take complete
control of the target computer.
Applies to: Office 2000, Office XP, Visual Studio .NET 2002, Visual
Studio .NET 2003, BizTalk Server 2000, BizTalk Server 2002, Commerce
Server 2000, ISA Server 2000
Recommendation: Microsoft rates this update as critical. Given the large
number of applications and server software affected by these privately
reported vulnerabilities, you should give high priority to the testing
and deployment of this update.
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342586-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342587-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342588-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342590-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-3767-803-202-62923-342591-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment