[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Enterprise Security'
autonotify at us.ibm.com
autonotify at us.ibm.com
Wed Nov 10 02:00:36 PST 2010
Fixlet Site - 'Enterprise Security'
Current Version: 1420 Published: Tue, 09 Nov 2010 23:44:43 GMT
New Fixlets:
============
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office XP SP3 (Local/Network Install)
Severity: Important
Fixlet ID: 1008701
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office XP SP3 (Administrative Install)
Severity: Important
Fixlet ID: 1008703
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)
Severity: Important
Fixlet ID: 1008706
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2003 SP3 (Administrative Install)
Severity: Important
Fixlet ID: 1008708
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2007 SP2
Severity: Critical
Fixlet ID: 1008711
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2010
Severity: Critical
Fixlet ID: 1008716
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office 2010 (x64)
Severity: Critical
Fixlet ID: 1008721
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Office XP SP3 (Local/Network Install)
Severity: Important
Fixlet ID: 1008801
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Office XP SP3 (Administrative Install)
Severity: Important
Fixlet ID: 1008803
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)
Severity: Important
Fixlet ID: 1008806
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Office 2003 SP3 (Administrative Install)
Severity: Important
Fixlet ID: 1008808
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - PowerPoint Viewer 2007 SP2
Severity: Important
Fixlet ID: 1008811
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-089: Vulnerabilities in Forefront Unified Access Gateway 2010 (UAG) Could Allow Elevation of Privilege
Severity: Important
Fixlet ID: 1008901
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx
Fixlet Description: Microsoft has released a security update that resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: Bigfix testing has confirmed this security patch only applies correctly to systems only when manually run.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-089: Vulnerabilities in Forefront Unified Access Gateway 2010 Update 1 (UAG) Could Allow Elevation of Privilege
Severity: Important
Fixlet ID: 1008903
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx
Fixlet Description: Microsoft has released a security update that resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: Bigfix testing has confirmed this security patch only applies correctly to systems only when manually run.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS10-089: Vulnerabilities in Forefront Unified Access Gateway 2010 Update 2 (UAG) Could Allow Elevation of Privilege
Severity: Important
Fixlet ID: 1008905
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx
Fixlet Description: Microsoft has released a security update that resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: Bigfix testing has confirmed this security patch only applies correctly to systems only when manually run.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
More information about the BigFix-Announcements
mailing list