FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
March 11, 2008
"...The security bulletins for this month are as follows, in order of severity:

Critical (4)

Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
- http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-015
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
- http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-016
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
- http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-017
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
- http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office Web Components...


Other Information -
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft has released -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released three non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

FYI...

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4124
Last Updated: 2008-03-11 18:33:40 UTC

.

FYI...

MS08-014 causes subtle Excel calculation error
- http://isc.sans.org/diary.html?storyid=4141
Last Updated: 2008-03-14 18:15:22 UTC - Microsoft has released KB 950340*... that identifies a potential calculation issue in Excel -after- the patch for MS08-014 has been applied. An updated patch is likely forthcoming.
Source: http://blogs.technet.com/msrc/archive/2008/03/13/update-march-2008-monthly-release.aspx

* http://support.microsoft.com/kb/950340
Last Review: March 14, 2008
Revision: 1.1
"...WORKAROUND
To work around this issue, run the function on each cell individually instead of on the array of cells..."

- http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
Updated: March 13, 2008
• V2.0 (March 13, 2008): Bulletin updated. FAQ added about known issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.

FYI...

- http://www.us-cert.gov/current/#microsoft_updates_march_security_bulletin
updated March 17, 2008 - " Microsoft has made revisions to all of the March Security Bulletins. These revisions:
* Clarify why a non-vulnerable version of Office was offered during this update.
* Correct the registry key for verifying the update for ISA Server.
* Remove MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
* Update vulnerability FAQs
* Update file information tables for Outlook 2000 and 2003.
Microsoft has also re-released MS08-014 to include additional information about issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3..."

FYI...

March 2008 MS08-014 Re-release
- http://blogs.technet.com/msrc/archive/2008/03/19/march-2008-ms08-014-re-release.aspx
March 19, 2008 - "...we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only... The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function). For additional details, please refer to KB950340*. If you're -not- running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action. If you are running Microsoft Excel 2003 Service Pack 2 or Service Pack 3, you should use the guidance provided in Knowledge Base article KB950340* to deploy the new update."
* http://support.microsoft.com/kb/950340