Alert (TA10-131A)
Microsoft Updates for Multiple Vulnerabilities
Systems Affected
- Microsoft Outlook Express
- Microsoft Windows Mail
- Microsoft Windows Live Mail
- Microsoft Office
- Microsoft Visual Basic for Applications
- third-party software that uses Visual Basic for Applications
Overview
Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.
Description
Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010.
Third-party software that distributes VBE6.DLL may also be affected. If the third-party application follows the best practices for using a shared component as a side-by-side assembly, then the component will be updated by the update provided by MS10-031. Otherwise, you should contact the vendor to obtain an updated version of the application with the fixed VBE6.DLL file.
Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
Solution
Apply updates from Microsoft
Microsoft has
provided updates for these vulnerabilities in the Microsoft
Security Bulletin Summary for May 2010. The security bulletin describes any
known issues related to the updates. Administrators are encouraged to note these
issues and test for any potentially adverse effects. Administrators should
consider using an automated update distribution system such as Windows
Server Update Services (WSUS).
References
- Microsoft Security Bulletin Summary for May 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx
- Microsoft Security Bulletin MS10-031 - Critical - http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx
- Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx
Revision History
- May 11, 2010: Initial release
This product is provided subject to this Notification and this Privacy & Use policy.