Last November, Microsoft released security bulletin MS10-087 (http://www NULL.microsoft NULL.com/technet/security/Bulletin/MS10-087 NULL.mspx), which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-3333 (http://cve NULL.mitre NULL.org/cgi-bin/cvename NULL.cgi?name=CVE-2010-3333), “RTF Stack Buffer Overflow Vulnerability,” which could lead to remote code execution via specially crafted RTF data. A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware.

The notice that was posted on the Microsoft Protection Center blog ( http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx (http://blogs NULL.technet NULL.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087 NULL.aspx) ) concerns a flaw in the Microsoft Office program that was fixed in November. The bad guys have now found a way to exploit the flaw on computers that do NOT have the updated software. This affects you no matter which version of Office or Windows you are running.

Symantec underlined the seriousness of the flaw to CNET’s Elinor Mills in November:

“One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious e-mail to be infected,” Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. “All that is required is for the content of the e-mail to appear in Outlook’s Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected.”

So what does this mean to you…….It means that if you receive an email, even if its obvious that the email is bad and you don’t click on it, just by it appearing in the reading pane section, will cause your computer to get infected with malware.

How do you make sure you are protected?

Windows Vista / Windows 7

If you are running Windows Vista or Windows 7 go to start –> Control Panel –> Windows Update

Once in Windows Update –>  click on Check for updates –> Once the scan is complete –> system will tell you how many updates you need –> now click on Install updates.

Once you have successfully updated all Windows / Office software your Windows update should look like this.

Windows XP

In Windows XP –> Using Internet Explorer –> Visit the Microsoft Update website (LINK) http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us (http://www NULL.update NULL.microsoft NULL.com/microsoftupdate/v6/default NULL.aspx?ln=en-us)

(IMPORTANT NOTE: In XP – Microsoft has 2 websites for updates. One is called Windows Updates and one is called Microsoft Updates. You want to make sure that you are on the one that says Microsoft Updates as the Windows Updates site does NOT give you Office updates)

Once you are on the site –> Click on Custom and let it scan your pc.  (Note you may be asked to run an ActiveX file if this is the 1st time you have been to the site. Just make sure you say you in this case specifically)

You may also get a message about a needed download –> if you do just click on “Download and Install Now”

Once Microsoft Update completes its scan it will show you what updates you are missing

Look under the “High Priority” updates and make sure that you have selected them all

Followed up clicking on “Review and install updates”

This will bring you to the confirmation page.  Make sure you have all missing updates selected. You will see 1 final “Install Updates”. Click on it –>

Followed by “I Accept” under the agreements area –> and then watch your updates download and install.

After the updates install –> Reboot pc –> and visit site again to see if you have any remaining updates.  Continue the steps until you get 0 (zero) remaining “High Priority” updates.

Once you are at 0 (Zero) now your Windows / Office software is up to date.

(FINAL NOTE: This does NOT mean you are free and clear, as always you need to take care of precautions when surfing the Internet.  There are still many other ways you can have your computer compromised)