MVP Jubo Security Blog : Security Bulletins

Microsoft Security Bulletin Summary for November 2009

jubo — Wed, 11 Nov 2009 23:02:00 GMT

Yesterday, November 10, was once again patch-tuesday. Microsoft released another 6 security bulletins, addressing a total of 15 vulnerabilities. Three of them rated as "Critical" and three as "Important". Here's the list:

Critical:

MS09-063 - Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
MS09-064 - Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
MS09-065 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Important:

MS09-066 - Vulnerability in Active Directory Could Allow Denial of Service (973309)
MS09-067 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
MS09-068 - Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security website.

See also the MSRC blog: November 2009 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

If your computer has not updated itself yet, then it's now time to move yor mouse to the Microsoft Update website to start downloading the patches.

Have a wonderful day! The sun was out here today in Washington after days and days of rain...

Microsoft Security Bulletin Summary for October 2009

jubo — Thu, 22 Oct 2009 17:11:00 GMT

Yes, it has been a while but have been on a trip to Europe and visited family. In the meantime Microsoft released a big security update for patch Tuesday earlier this month. There are 8 "critical" and 5 rated as "Important". There can be more when you check for them depending on the configuration of your computer. Here's the list:

Critical:

MS09-050 - Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
MS09-052 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
MS09-054 - Cumulative Security Update for Internet Explorer (974455)
MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)
MS09-060 - Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Important:

MS09-053 - Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
MS09-056 - Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-057 - Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-058 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-059 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: October 2009 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Even though this is a bit late, and I really hope you already have updated your computer(s). But if not then you know the drill! Point your mouse to the Microsoft Update website and start updating.

Have a wonderful day... From a Barnes & Noble Starbucks Cafe in the Evergreen State...

Microsoft Security Bulletin Summary for September 2009

jubo — Wed, 09 Sep 2009 04:26:00 GMT

Today Microsoft released 5 critical updates. If you have not updated your computer(s) yet, then check with Microsoft Update website.

Critical:

MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
MS09-049 - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
MS09-047 - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
MS09-048 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
MS09-046 - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: September 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Well, you know the drill... point your mouse to the Microsoft Update website and start updating.

Have a wonderful day!

Microsoft Security Bulletin Summary for August 2009

jubo — Tue, 11 Aug 2009 17:54:00 GMT

Today, August 11th, Microsoft released 5 "critical" updates and 4 "important" updates.

Critical:

MS09-043 - Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
MS09-044 - Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
MS09-039 - Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
MS09-038 - Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

Important:

MS09-041 - Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
MS09-040 - Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
MS09-036 - Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
MS09-042 - Vulnerability in Telnet Could Allow Remote Code Execution (960859)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: August 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Well, you know the drill... point your mouse to the Microsoft Update website and start updating. And I'll see you next time from a Starbucks store somewhere in this beautiful Washington state where we had the first rain after several weeks of beautiful sunshine...

Microsoft Security Bulletin Advance Notification for July 2009

jubo — Sun, 26 Jul 2009 03:09:00 GMT

Microsoft released an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.

This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009.

Click for more information here.

Microsoft Security Bulletin Summary for July 2009

jubo — Thu, 16 Jul 2009 18:22:00 GMT

A little late, but here it is. Microsoft released another couple of updates on the usual "Patch Tuesday", July 4th. There are three "critical" and three "important" updates to download and to install.

Critical:

MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)

Important:

MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
MS09-030 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)

As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security website.

Have a wonderful day! From a Starbucks store in sunny Seattle....

Microsoft Security Bulletin Summary for June 2009

jubo — Thu, 18 Jun 2009 22:06:53 GMT

In between al the housework and painting Microsoft released 10, but could be more for your configuration, updates and patches for the month of June. There are six “critical”, three “important” and one “moderate” patches.

Critical:

MS09-018 - Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
MS09-022 - Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
MS09-019 - Cumulative Security Update for Internet Explorer (969897)
MS09-027 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
MS09-021 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
MS09-024 - Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

Important:

MS09-026 - Vulnerability in RPC Could Allow Elevation of Privilege (970238)
MS09-025 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
MS09-020 - Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Moderate:

MS09-023 - Vulnerability in Windows Search Could Allow Information Disclosure (963093)

As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

See also the MSRC blog: June 2009 Bulletin Release

Hope you have already updated your machine. If not then you know where to find Microsoft Update.

Have a wonderful day! It’s the 29th day, and counting…, without rain in the Seattle area… I love it.. ;)

Microsoft Security Bulletin Summary for May 2009

jubo — Mon, 18 May 2009 17:04:43 GMT

Because of all that moving around, from one continent to the other, and all the reconstruction of the house, I’ve not been able to post the monthly updates here. But if you haven’t done it already then you know the drill: just go to Microsoft Update to check for updates and patches. When I checked a few days ago, I also found out that there’s Service Pack 2 for Microsoft Office 2007. So, if you don’t have it yet, then go and get it.

In the meanwhile, for the month of May there are some critical updates for Microsoft Office PowerPoint:

MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

See also the MSRC blog: May 2009 Bulletin Release

Have a great day!

Microsoft Security Bulletin Summary for February 2009

jubo — Thu, 12 Feb 2009 09:09:30 GMT

Here in Holland, just a few days before the big move to the US, there’s still some time left to update the only old, old laptop I still have. A few days ago Microsoft released a few updates/patches and if you haven’t updated your computer yet, then it’s time to do the same thing as I do: visit Microsoft Update. In the Security Bulletin there are two “critical” and two “important” updates:

Critical:

MS09-002 - Cumulative Security Update for Internet Explorer (961260)
MS09-003 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Important:

MS09-004 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
MS09-005 - Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Have a wonderful day. Until next time from the other side of the pond…

Microsoft Security Bulletin Summary for November 2008

jubo — Thu, 13 Nov 2008 08:56:27 GMT

On November 11th Microsoft released another few security updates. This time, according to the security bulletin, 1 “critical” and 1 “important” update. But, depending on your configuration, there can be more. See also the “New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows”, and, of course, there’s always the Microsoft Windows Malicious Software Removal Tool.

Critical:

MS08-069 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Important:

MS08-068 - Vulnerability in SMB Could Allow Remote Code Execution (957097)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: November 2008 Bulletin Release and for a more details regarding the MS08-068 SMB Credential issue, see the Security Vulnerability Research & Defense blog.

Updated all the machines I maintained and so far no issues here… Have a wonderful day!

Out-of-band security update: MS08-067 – Critical

jubo — Thu, 23 Oct 2008 17:38:00 GMT

Last night, European time, Microsoft released an out-of-band security update. This update resolves a vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.

For more information check the Microsoft Security Bulletin MS08-067. See also Microsoft Security Response Center (MSRC) post: Additional Microsoft Security Bulletin Webcasts and Information Available for MS08-067. For an in-dept technical version check the Microsoft Security Vulnerability Research & Defense blog: More detail about MS08-067, the out-of-band netapi32.dll security update.

In the meantime, move your mouse to the Microsoft Update web site and start patching your system. Me, myself and I have installed it on Windows XP Pro machines and Server 2003 machines without any problem.

Microsoft Security Bulletin Summary for October 2008

jubo — Wed, 15 Oct 2008 10:26:55 GMT

Lots of updates this week! Yesterday Microsoft released 4 "critical", 6 "important" and 1 "moderate" updates. Needless to say that if you haven't updated yet then move your mouse over to Microsoft Update web site and start downloading and update your system. Here's the list:

Critical:

MS08-060 - Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
MS08-058 - Cumulative Security Update for Internet Explorer (956390)
MS08-059 - Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
MS08-057 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

Important:

MS08-066 - Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
MS08-061 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
MS08-062 - Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
MS08-063 - Vulnerability in SMB Could Allow Remote Code Execution (957095)
MS08-064 - Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
MS08-065 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

Moderate:

MS08-056 - Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

All this and of course the update of the Windows Malicious Software Removal Tool. A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: October 2008 Monthly Bulletin Release and for a more technical version, the Security Vulnerability Research & Defense blog.

So far installed on 5 XP Pro SP3 machines without any problems.

Stay on the safe side and have a great day!

Microsoft Security Bulletin Summary for September 2008

jubo — Fri, 12 Sep 2008 07:04:10 GMT

On September 9, Microsoft released four security patches and all of them are "critical". So, if you haven't updated it yet then it's time to do so now. Move your mouse to the Microsoft Update web site to download and install the updates.

Critical:

MS08-054 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
MS08-053 - Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-055 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: September 2008 Monthly Bulletin Release and for a more technical version, the Security Vulnerability Research & Defense blog.

Stay safe and have a great weekend!!

Microsoft Security Bulletin Summary for August 2008

jubo — Thu, 14 Aug 2008 23:23:00 GMT

If you haven't updated your Windows version yet, then it's time to do this now. You'll be busy for a few moments because on August 12th, Microsoft released no less than 11 updates/patches. Can be more depending on your configuration. Of the 11 patches 6 of them are classified as "critical" and 5 are "important".

Critical:

MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
MS08-045 - Cumulative Security Update for Internet Explorer (953838)
MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

Important:

MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
MS08-048 - Security Update for Outlook Express and Windows Mail (951066)
MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: August 2008 Monthly Bulletin Release

No need to tell you what to do... move your mouse to: Microsoft Update to see if you have to get a few patches...

Happy Friday...

Microsoft Security Bulletin Summary for July 2008

jubo — Wed, 09 Jul 2008 08:23:12 GMT

Patch Tuesday or patch Wednesday... it all depends on which part of the world you're in. For me it's patch Wednesday and yes, yesterday Microsoft released their monthly bulletin with 4 "important" updates.

On July 8th, Microsoft released the following updates:

Important:

MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also: Microsoft Security Response Center (MSRC) blog

So, you all know the drill! If it's not downloaded by automatic updates then move your mouse pointer to Microsoft Update...

Patch Tuesday: Advanced Notification

jubo — Fri, 04 Jul 2008 07:08:28 GMT

Last time I was a bit late to tell you about the Windows Updates, but this time we have an advanced notification. On July 8th, Microsoft is releasing 4 "important" updates.

For more detailed information check TechNet and the post at the blog of Microsoft Security Response Center: July 2008 Advance Notification.

If you want to get these advanced notifications by email, RSS or Messenger then signup at: Microsoft Technical Security Notifications.

Have a wonderful day...

Microsoft Security Bulletin Summary for June 2008

jubo — Wed, 25 Jun 2008 07:21:22 GMT

It's a bit late, Microsoft already posted their patches for this month. So, if you haven't done that yet then it's a good idea to point your mouse to Windows Update and start getting those updates.

On June 10th, Microsoft released the following updates:

Critical:

MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
MS08-031 - Cumulative Security Update for Internet Explorer (950759)
MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Important:

MS08-034 - Vulnerability in WINS Could Allow Elevation of Privilege (948745)
MS08-035 - Vulnerability in Active Directory Could Allow Denial of Service (953235)
MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

Moderate:

MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also: Microsoft Security Response Center (MSRC) blog

Microsoft Security Bulletin Summary for May 2008

jubo — Wed, 14 May 2008 07:20:00 GMT

Yesterday, May 13th, Microsoft released 3 "critical" and 1 "moderate" update. If the automatic update didn't get them yet, then it's time to move your mouse over to Microsoft Update and start updating your computer. If you haven't installed SP3 for Windows XP yet, then Microsoft Update will offer you this too.

This months updates:

Critical:

MS08-026 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
MS08-027 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
MS08-028 - Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)

Moderate:

MS08-029 - Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also: Microsoft Security Response Center (MSRC) and Security Vulnerability Research & Defense blog: MS08-026: How to prevent Word from loading RTF files.

Microsoft Security Bulletin Summary for April 2008

jubo — Fri, 11 Apr 2008 07:08:23 GMT

On April 9th, Microsoft released 5 "critical" and 3 "important" updates. If you didn't get them yet then it's time to move your mouse to Microsoft Update and start updating your computer. Installed them on my computers and the ones I maintain without any problems.

Critical:

MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
MS08-023 - Security Update of ActiveX Kill Bits (948881)
MS08-024 - Cumulative Security Update for Internet Explorer (947864)

Important:

MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

Microsoft Security Bulletin Summary for March 2008

jubo — Wed, 12 Mar 2008 08:06:00 GMT

Yesterday, March 11th, Microsoft released 4 critical updates. So far I have it installed on five XP Pro SP2 machines without any problems. If you haven't done it yet then point your mouse to Microsoft Update to download and install these patches:

MS08-014 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
MS08-015 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
MS08-016 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
MS08-017 - Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.