Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing two bulletins covering a total of two vulnerabilities. Both of the issues are rated “Critical” and affect Windows Mail, Windows Live Mail, Outlook Express, Office, and Visual Basic for Applications (VBA). Both issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action. As always, customers are advised to follow these security best practices: - Install vendor patches as soon as they are available. - Run all software with the least privileges required while still maintaining functionality. - Avoid handling files from unknown or questionable sources. - Never visit sites of unknown or questionable integrity. - Block external access at the network perimeter to all key systems unless specific access is required. Microsoft’s summary of the May releases can be found here: http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx The following is a breakdown of the issues being addressed this month: 1. MS10-031 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) CVE-2010-0815 (BID 39931) Microsoft Visual Basic for Applications Stack Memory Corruption Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10) A remote code-execution vulnerability affects Visual Basic for Applications (VBA) because of how it searches for ActiveX controls. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted document that supports VBA. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. Affects: Office XP SP3, Office 2003 SP3, Office 2007 SP1 and SP2, Visual Basic for Applications, and Visual Basic for Applications SDK 2. MS10-030 Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) CVE-2010-0816 (BID 39927) Microsoft Outlook Express And Windows Mail Common Library Integer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 8.5/10) A remote code-execution vulnerability affects the Windows Mail client software when handling specially crafted mail responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious mail server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. Affects: Outlook Express 5.5 SP2, 6, and 6 SP1, Windows Mail, and Windows Live Mail More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.