Microsoft released two security bulletins for March, one related to Microsoft Office and another about certain Windows versions that have weak permissions defined for certain services.
The security update for MS06-012--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) involves specially formed Office documents and is a bigger risk because it allows remote code execution and targets the more difficult-to-control workstation environment. This security update patches a number of vulnerabilities associated with various Office and Microsoft Works Suite programs, and you should be concerned if you have systems with Office 2003/XP/2000 or Microsoft Works Suite 2006/2005/2004/2003/2002/2001/2000 or even Microsoft Excel for Mac.
With regard to the other bulletin, users of Windows Server 2003 Service Pack 1 (SP1), Windows XP SP2, and Windows 2000 SP4 can relax. Only organizations that have systems with XP SP1 and Windows 2003 without SP1 are vulnerable to the exposure described in MS06-011--Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798). I recommend applying this security update only to highly sensitive servers on which you've already made a commitment to full overall hardening. For full details about these bulletins, go to
http://www.ultimatewindowssecurity.com/msbulletins.html
