Microsoft Patch Tuesday March 9th 2010.
March 9th 2010.
By: Greg Lambert
Application Compatibility Update
Executive Summary
With this March Microsoft Patch Tuesday Security Update, we see a light or relatively minor release of Microsoft Security updates with two application level updates rated as Important. Both the Microsoft Excel and Microsoft Movie Maker patches released this month will likely require a reboot of the target system.
Our sample of over 2,000 applications are analysed for application level conflicts with Microsoft Security Updates and potential dependencies, or down-level conflicts.
Based on the results of our AOK Application Compatibility Lab only one patch appears to have the potential for a marginal impact on a standard corporate or enterprise application portfolio; MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution. We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the application package with the following snap-shot image.
MS10-003 Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution.
Testing Summary- MS10-016 : "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)"
- MS10-014 : "Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)"
| Patch Name | Total
Issues | Matches
Affected | Reboot | Rating | RAG |
|---|
| Microsoft Security Bulletin MS10-016 | <1% | <1% | YES | Marginal impact and negligible testing profile |  |
| Microsoft Security Bulletin MS10-014 | <1% | <1% | YES | Marginal impact and negligible testing profile | |
Legend: | No Issues Detected |
 | Potentially fixable application Impact |
 | Serious Compatibility Issue |
Security Update Detailed Summary| MS10-016 | Vulnerability in Windows Movie Maker Could Allow Remote Code Execution |
| Description | This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Moviemk.exe |
| Impact | Important – Remote Code Execution |
| MS10-014 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution |
| Description | This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Excel.exe, Excel.man, Xlcall32.dll |
| Impact | Important – Remote Code Execution |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
