[BigFix-Announcements-Japan] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (Japanese)'

[autonotify at us.ibm.com]

Fixlet Site - 'Patches for Windows (Japanese)'
Current Version: 611	Published: Fri, 24 Oct 2014 09:23:52  GMT

New Fixlets:
============

***************************************************************
Title: 3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Enable OLE packager Shim Workaround - PowerPoint 2007 / PowerPoint 2010 / PowerPoint 2013 (Japanese)
Severity: N/A
Fixlet ID: 301006001
Fixlet Link: https://technet.microsoft.com/library/security/3010060

Fixlet Description: Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed. Applying the Microsoft Fix it solution, "OLE packager Shim Workaround", prevents exploitation of the vulnerability.Note: Affected computers may report back as 'Pending Restart' once the update has run successfully, but will not report back their final status until the computer has been restarted.

***************************************************************
Title: 3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Disable OLE packager Shim Workaround - PowerPoint 2007 / PowerPoint 2010 / PowerPoint 2013 (Japanese)
Severity: N/A
Fixlet ID: 301006003
Fixlet Link: https://technet.microsoft.com/library/security/3010060

Fixlet Description: Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed. Applying the Microsoft Fix it solution, "OLE packager Shim Workaround", prevents exploitation of the vulnerability.Note: Affected computers may report back as 'Pending Restart' once the update has run successfully, but will not report back their final status until the computer has been restarted.