Cisco Event Response: Microsoft Security Bulletin for March 2008

March 11, 2008

Microsoft released the March Security Update on March 11, 2008. Microsoft released the March Security Update on March 11, 2008. Four bulletins were released that address twelve individual vulnerabilities. Microsoft rated all four bulletins as Critical. The vulnerabilities, which exist in Microsoft Excel, Outlook, Office, and Web Components all require some level of user interaction in order to exploit.

Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for March 2008

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures associated with this Microsoft update:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS07-014 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution	Microsoft Office Excel Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats Microsoft Office for Mac	Microsoft Office Excel Malformed Header Handling Arbitrary Code Execution Vulnerability	CVE-2008-0081	6264-0	9.3
		Microsoft Office Excel Data Validation Records Vulnerability	CVE-2008-0111	–	9.3
		Microsoft Office Excel .slk File Import Processing Vulnerability	CVE-2008-0112	6929-0	9.3
		Microsoft Office Excel Style Record Data Validation Vulnerability	CVE-2008-0114	–	9.3
		Microsoft Office Excel Formula Parsing Vulnerability	CVE-2008-0115	–	9.3
		Microsoft Office Excel Rich Text Validation Vulnerability	CVE-2008-0116	–	9.3
		Microsoft Excel Conditional Format Validation Vulnerability	CVE-2008-0117	–	9.3
Microsoft Security Bulletin MS07-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution	Microsoft Office Outlook	Microsoft Outlook mailto URI Arbitrary Code Execution Vulnerability	CVE-2008-0110	6928-0	9.3
Microsoft Security Bulletin MS07-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution	Microsoft Office Microsoft Office Excel Viewer Microsoft Office for Mac	Microsoft Office Excel Viewer Memory Corruption Vulnerability	CVE-2008-0113	6787-0	9.3
		Microsoft Office PowerPoint File Memory Corruption Vulnerability	CVE-2008-0118	6786-0	9.3
Microsoft Security Bulletin MS07-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution	Microsoft Office Web Components	Microsoft Office Web Components ActiveX Control URL Processing Vulnerability	CVE-2006-4695	6930-0	9.3
	Microsoft Office Web Components	Microsoft Office Web Components DataSource Processing Vulnerability	CVE-2007-1201	6278-0 6278-1 6278-2	9.3

Return to Cisco Security Center