Microsoft Security Bulletin MS10-031 (KB978213)
The Microsoft Patch Tuesday has arrived once again, this time Microsoft has come up with two critical patches (MS10-030 and MS10-031) addressing various vulnerabilities that could allow remote code execution without user consent.We have already covered about MS10-030(KB978542) in an earlier post, now let’s talk about MS10-031.
This new security update KB978213 resolves a privately reported vulnerability in Microsoft Visual Basic.Similar to the latest vulnerability found in Outlook Express & Windows Mail (addressed in MS10-030), this particular vulnerability too could allow remote code execution, especially when an user with admin user rights logged on and runs the Visual basic for Applications, through the above said vulnerability, the attacker can pass a specially crafted file to the VB for apps runtime, allowing the attacker to take the control of the victim’s computer, the attacker now gains most of the admin rights, he may install new programs, or view/change/delete user sensitive data or he may even create a new user with full administrative rights.
This update has been rated “Critical Update” for all versions of MS Visual Basic for Applications SDK and other third-party apps that use MS VBA.
Rated ‘Important Update’ for: Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System
Affected software include: Microsoft Office XP Service Pack 3, MS Office 2003 Service Pack 3, 2007 Microsoft Office System Service Pack 1&2.
You should install this critical update patch without delay.You may also be interested in downloading Visual Studio 2010 to keep your Visual Basic up-to-date.
To receive more update about Windows Updates, subscribe to our RSS feed via Email.