Today is patch Tuesday for March 2010, and Microsoft has released two security bulletins for this round of updates, neither of which are deemed critical. The second bulletin addresses seven different vulnerabilities across various versions of Microsoft Office Excel.

ID: MS10-016
Title: Vulnerabilities in in Windows Movie Maker Could Allow Remote Code Execution
Microsoft Severity: Important

Summary: There is a buffer overflow in the Windows Movie Maker and MS Producer 2003 which can lead to code execution. Movie Maker 2.1 is included with Windows XP SP2 and SP3, and Movie Maker 6.0 is included with Vista. Movie Maker 2.6 is an optional download for Vista and Windows 7.

Praetorian’s Recommendation: This is deemed important instead of critical due to the user having to run content which exploits the vulnerability. A user would have to be tricked into opening a Movie Maker project file (mswmm) to be exploited. This can be updated in your next patch cycle, and is not considered urgent.

ID: MS10-017
Title: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
Microsoft Severity: Important

Summary: This update addresses seven different vulnerabilities related to Microsoft Office Excel. Each vulnerability may affect one or more of the following versions: Office Excel 2003 SP3, Office Excel 2003 SP3, Office Excel 2007 SP1 and SP2, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Excel Viewer SP1 and SP2, Office Compatibility Pack for Word, Excel, and Powerpoint 2007 File Formats SP1 and SP2, and Office SharePoint Server 2007 SP1 and SP2.

Praetorian’s Recommendation: Although the same requirement exists as MS10-016 for users to open malicious files, Excel formats are more recognizable and phishing and social engineering techniques can be more successful with a known or common file format. This can be updated in your next patch cycle, but should warrant more attention than MS10-017.

Related Posts:

• iPhone 4 Ordering and Session Switching
• May’s Patch Tuesday
• Press F1 for Help, pwned.
• February’s Patch Tuesday
• Using Group Policy to Disable JavaScript in Adobe PDF Files