I only see two patches at this point scheduled for the March 9 Microsoft Patch Tuesday. While they do affect both current Operating Systems and Office applications, they are classified as IMPORTANT as opposed to critical. It also indicates it MAY require a restart. I am not sure what the condition might determine MAY for the Operating System patch. But normally the MAY when referring to Office is determined by if Office has been loaded in to memory since a system reboot took place. If it had, then the memory might have to be cleared (by a reboot) to implement the Office patch.
Below is about all I know now. I will send out another update when I hear more.
I don’t want to say sleep easy.. but comparatively speaking, its not too bad.
Classification – IMPORTANT
Vulnerability – remote code execution
Windows XP SP2 and SP3
Windows 64 SP2
Vista SP1 and SP2
Vista 64 SP1 and SP2
Windows 7 – 32 and 64 bit versions
Microsoft Office – Windows platforms
Classification – IMPORTANT
Office XP SP3
Office 2003 SP3
Office 2007 SP1 and SP2
Microsoft Office – Mac platforms
Open XML converter for Mac
Other Office software affected
Microsoft Excel Viewer
Office Compatability Pack for Word, Excel and Power point 2007 file formats
Sharepoint server 2007 (both 32 and 64 bit versions)
Update March 5
Microsoft Patching Eight Vulnerabilities on Tuesday
Microsoft will issue two security updates on Tuesday addressing eight vulnerabilities in Windows and Office.
bulletins will be rated as “important,” Microsoft’s second-highest
severity rating. The vulnerabilities, however, allow attackers to
insert malicious code onto unpatched PCs. Similar vulnerabilities
usually rate a higher rating from Microsoft.
Microsoft rates something ‘important’ but also says the vulnerability
allows for remote code execution, that usually means there’s some
default state that would mitigate attacks for all users,” said Andrew
Storms, director of security operations at nCircle Network Security.
That state, he continued, could be a default setting that protects
users, or the fact that the vulnerability is contained in a component
that’s not loaded by default.
first bulletin will address vulnerabilities in Windows XP, Vista and
Windows 7, and affects the most recent service packs for XP and Vista,
SP3 and SP2, respectively. Both 32- and 64-bit editions of all three
operating systems are vulnerable, according to Microsoft’s notice.
second update will address flaws in Excel 2002, Excel 2003 and Excel
2007 on Windows; Excel 2004 and Excel 2008 on the Mac; and other Excel-
and file-conversion-related pieces of the Office suites. Storms pointed
out that the patch will even repair the version of Excel in Office 2007
SP2. “It’s the latest and greatest that’s being patched,” said Storms,
adding that clues in the notice point toward a file format problem,
most likely one in the file converter tool bundled with Office.
updates deal with flaws that can be exploited only if users are tricked
into opening a malicious file, Jerry Bryant, a senior manager with the
Microsoft Security Research Center (MSRC), said in a blog entry. “There
are no network-based attack vectors,” Bryant promised.