JPCERT-AT-2009-0008
JPCERT/CC
2009-05-13
<<< JPCERT/CC Alert 2009-05-13 >>>
May 2009 Microsoft Security Bulletin
(one critical patch)
https://www.jpcert.or.jp/at/2009/at090008.txt
I. Overview
Microsoft has released its security bulletin summary for May 2009,
which contains one security update with severity rating "Critical".
A remote attacker could use this vulnerability to execute arbitrary
code.
For further information about this vulnerability, refer to the
following URLs.
Microsoft Security Bulletin Summary for May 2009
http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx
[Critical Security Update]
MS09-017
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote
Code Execution (967340)
http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx
In addition, extended support for Microsoft Office 2000 expires on
July 14 2009. Individuals or organizations using these products
should investigate updating to a newer, supported version of Microsoft
Office.
Microsoft Support Lifecycle
http://support.microsoft.com/lifecycle/?LN=en-us&p1=2484&x=17&y=20
III. Affected products
Products affected by this vulnerability are listed below:
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- PowerPoint Viewer 2003
- PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer
2007 Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 2
- Microsoft Works 8.5
- Microsoft Works 9
* Note: as of 13 May 2009, updates for Microsoft Office 2004 for
Mac, Microsoft Office 2008 for Mac, Open XML File Format
Converter for Mac, Microsoft Works 8.0 and Microsoft Works 9.0
had not been released.
III. Solution
Use means such as Microsoft Update or Windows Update to apply the
security update immediately.
Microsoft Update
https://update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
IV. References
Microsoft Security Bulletin Summary for May 2009
http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx
US-CERT Technical Cyber Security Alert TA09-132A
Microsoft PowerPoint Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA09-132A.html
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
https://www.jpcert.or.jp/
Top