AusCERT - AU-2009.0008 -- AusCERT Update - [Win] - Updated - MS08-074 - Critical - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

AU-2009.0008 -- AusCERT Update - [Win] - Updated - MS08-074 - Critical - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Date: 28 January 2009
Original URL: http://www.auscert.org.au/render.html?cid=1977&it=10430
References: AL-2008.0123

Click here for PGP verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2009.0008 - [Win]
Updated - MS08-074 - Critical - Vulnerabilities in Microsoft Office Excel
Could Allow Remote Code Execution
29 January 2009

        AusCERT Update Summary
        ----------------------

Product:              Microsoft Office Excel 2007
                      Microsoft Office Excel 2007 Service Pack 1
Publisher:            Microsoft
Operating System:     Windows
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-4265 CVE-2008-4264 CVE-2008-4266

Ref:                  AL-2008.0123

Original Bulletin:    
  http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx


Microsoft revised this bulletin to communicate that for supported versions 
of Microsoft Office Excel 2007, in addition to security update package 
KB958437, customers also need to install the security update for Microsoft 
Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats 
(KB958439) to be protected from the vulnerabilities described in this bulletin. 
Customers who have already successfully installed both the KB958437 and 
KB958439 security update packages do not need to reinstall.

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation\'s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSYEUtSh9+71yA2DNAQJWjQQAkUkSaP4WmI94ZPvDszBfS8TgDL+ArEND
cDu4+Llc8gIC2WCILDye1PgnsMQyn/lRkIFGp/MpPsnCmBdTclgq6pGKu435ApwX
bIi+ilI+ZO2aaFATSD5b1Pnsu3rRV4F+ObUzEtl4lbtRePeYF6gjAcwm4Gwbkzjb
162DszxCpjA=
=P6fA
-----END PGP SIGNATURE-----