Microsoft released four Microsoft Office-related security updates for March, rating all of them as critical. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially created Excel file that must be opened by the target of the attack. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS07-044, MS07-036, and MS08-013.
Applies to: Office 2000, Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac
Recommendation: Microsoft rates this update as critical for Excel 2000 and important for other affected Excel versions. Given the frequency with which organizations share Excel documents and that the vulnerability has been publicly reported, you should prioritize the testing and deployment of this update.
MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially created mailto URI. This vulnerability is not exploitable by the target of the attack simply opening an email message. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-003.
Applies to: Office 2000, Office XP, Office 2003, Office 2007
Recommendation: Microsoft rates this update as critical. This vulnerability was privately disclosed to Microsoft, so you can give the testing and deployment of this update a lower priority than the other updates in this bulletin.
MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially created Office file that must be opened by the target of the attack. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS07-025, MS07-015, and MS08-013.
Applies to: Office 2000, Office XP, Office 2003, Office 2004 for Mac
Recommendation: Microsoft rates this update as critical for Office 2000 and important for all other versions of Office that are affected.
MS08-017: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution
The attack vector for these vulnerabilities is a specially created Web page that, if navigated to, would allow the attacker to take complete control of the target computer.
Applies to: Office 2000, Office XP, Visual Studio .NET 2002, Visual Studio .NET 2003, BizTalk Server 2000, BizTalk Server 2002, Commerce Server 2000, ISA Server 2000
Recommendation: Microsoft rates this update as critical. Given the large number of applications and server software affected by these privately reported vulnerabilities, you should give high priority to the testing and deployment of this update.
