[Bigfix-announcements-simplified-chinese] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (Simplified Chinese)'

autonotify at us.ibm.com autonotify at us.ibm.com
Wed Dec 21 04:45:55 PST 2011 

Fixlet Site - 'Patches for Windows (Simplified Chinese)'
Current Version: 433	Published: Wed, 21 Dec 2011 06:18:00  GMT

New Fixlets:
============

***************************************************************
Title: MS11-045: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Microsoft Excel 2007 SP2 - Office 2007 SP2 (Superseded) (Simplified Chinese)
Severity: Important
Fixlet ID: 1104511
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-045.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Note: This patch has been superseded by MS11-072.Microsoft has released a security update that resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }

***************************************************************
Title: MS11-045: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (Superseded) (Simplified Chinese)
Severity: Important
Fixlet ID: 1104531
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-045.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Note: This patch has been superseded by MS11-072.Microsoft has released a security update that resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }

More information about the BigFix-Announcements-Simplified-Chinese mailing list