[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (English)'
autonotify at us.ibm.com
autonotify at us.ibm.com
Thu Nov 15 02:05:10 PST 2012
Fixlet Site - 'Patches for Windows (English)'
Current Version: 1684 Published: Thu, 15 Nov 2012 08:15:22 GMT
New Fixlets:
============
***************************************************************
Title: MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Installation)
Severity: Important
Fixlet ID: 1204606
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-046
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Office 2003 SP3 (Administrative Installation)
Severity: Important
Fixlet ID: 1204608
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-046
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
More information about the BigFix-Announcements
mailing list