Microsoft Security Bulletin Summary for April 12 2011

Microsoft Security Bulletin Summary for April 12 2011

Microsoft Security Bulletin Summary for April 12 2011
Published: April 12 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

Critical (9)
Microsoft Security Bulletin MS11-018
Cumulative Security Update for Internet Explorer (2497640)
http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx

Microsoft Security Bulletin MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx

Microsoft Security Bulletin MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
http://www.microsoft.com/technet/security/bulletin/ms11-020.mspx

Microsoft Security Bulletin MS11-027
Cumulative Security Update of ActiveX Kill Bits (2508272)
http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

Microsoft Security Bulletin MS11-028
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx

Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx

Microsoft Security Bulletin MS11-030
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Microsoft Security Bulletin MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
http://www.microsoft.com/technet/security/bulletin/ms11-031.mspx

Microsoft Security Bulletin MS11-032
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (250761
http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx

Important (
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx

Microsoft Security Bulletin MS11-022
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
http://www.microsoft.com/technet/security/bulletin/ms11-022.mspx

Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx

Microsoft Security Bulletin MS11-024
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (252730
http://www.microsoft.com/technet/security/bulletin/ms11-024.mspx

Microsoft Security Bulletin MS11-025
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx

Microsoft Security Bulletin MS11-026
Vulnerability in MHTML Could Allow Information Disclosure (250365
http://www.microsoft.com/technet/security/bulletin/ms11-026.mspx

Microsoft Security Bulletin MS11-033
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
http://www.microsoft.com/technet/security/bulletin/ms11-033.mspx

Microsoft Security Bulletin MS11-034
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx










Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
Event ID: 1032455069



Starts: Wednesday, April 13, 2011 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration:60 Minutes

Language(s): English.
Product(s): Other.
Audience(s): IT Decision Maker, IT Generalist.

Join us for a brief overview of the technical details of the April security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principal Security SDE Lead, MSRC, Microsoft Corporation

Register now for the April security bulletin webcast.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Quick Details

--------------------------------------------------------------------------------

Version:3.18Date Published:4/12/2011


http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

Microsoft Security Advisory (2506014)
Update for the Windows Operating System Loader
Published: April 12, 2011

Revisions
• V1.0 (April 12, 2011): Advisory published.

http://www.microsoft.com/technet/security/advisory/2506014.mspx

 

April 2011 Security Release ISO Image
Brief Description

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 12th, 2011.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=55a462c8-7ef8-4cf0-974d-3babbfcf69c5

 

Microsoft Security Bulletin MS11-031 - Critical
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.
•

V1.1 (April 20, 2011): Bulletin updated to clarify that the JScript 5.8 and VBScript 5.8 update (KB2510531) also replaces MS09-045, in addition to MS10-022, for all supported editions of Windows XP, Windows Server 2003, and Windows Vista.

http://www.microsoft.com/technet/security/bulletin/MS11-031.mspx?pubDate=2011-04-20




Microsoft Security Bulletin MS11-024 - Important
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (252730
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.
•

V1.1 (April 20, 2011): Added a link to Microsoft Knowledge Base Article 2527308 under Known Issues in the Executive Summary.
http://www.microsoft.com/technet/security/bulletin/MS11-024.mspx?pubDate=2011-04-20



Microsoft Security Bulletin MS11-022 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.

V1.1 (April 20, 2011): Corrected the bulletin replacement information for the Microsoft PowerPoint Web App update (KB2520047). This is an informational change only. There were no changes to the detection logic or the update files.
http://www.microsoft.com/technet/security/bulletin/MS11-022.mspx?pubDate=2011-04-20



Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
Published: September 28, 2010 | Updated: April 20, 2011

Revisions
•

V1.0 (September 28, 2010): Bulletin published.
•

V2.0 (September 30, 2010): Revised this bulletin to announce that the updates are now available through all distribution channels, including Windows Update and Microsoft Update. Also added an update FAQ to describe additional clarifications and corrections to the bulletin.
•

V2.1 (October 13, 2010): Added three update FAQs to clarify affected software.
•

V2.2 (November 3, 2010): Added a note to the Affected Software table to clarify that the .NET Framework 4.0 Client Profile is not affected.
•

V3.0 (December 14, 2010): Added an update FAQ to announce that new update packages are available for .NET Framework 4.0 (KB2416472) to correct an issue in the setup that could interfere with the successful installation of other updates and/or products. Customers who have already successfully updated their systems do not need to take any action.
•

V4.0 (February 22, 2011): Announced a detection change to offer the Microsoft .NET Framework 4.0 (KB2416472) update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.
•

V4.1 (April 20, 2011): Corrected registry key verification for Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP and Windows Server 2003.
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx?pubDate=2011-04-20

 

Microsoft Security Bulletin MS11-025 - Important
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
Published: April 12, 2011 | Updated: April 21, 2011

Version: 2.0
Revisions
• V1.0 (April 12, 2011): Bulletin published.

• V1.1 (April 12, 2011): Clarified the update FAQ, "I am a third-party application developer and I use Visual C++. How do I update my application?"

• V2.0 (April 21, 2011): Rereleased bulletin to reoffer the updates to address a detection issue. There were no changes to the security update files in this bulletin. Customers who have already successfully updated their systems do not need to reinstall this update.

http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx

 

Microsoft Security Bulletin MS11-017 - Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
Published: March 08, 2011 | Updated: May 04, 2011

Version: 1.5

Revisions
•

V1.0 (March 8, 2011): Bulletin published.
•

V1.1 (March 8, 2011): Corrected the Systems Management Server table entries for SMS 2.0 and SMS 2003 with SUIT for Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2. These are informational changes only. There were no changes to the security update files or detection logic.
•

V1.2 (March 9, 2011): Corrected the Non-Affected Software component entries for the service pack 1 versions of Windows 7 and Windows Server 2008 R2 from Remote Desktop Connection 7.0 Client to Remote Desktop Connection 7.1 Client. These are informational changes only. There were no changes to the security update files or detection logic.
•

V1.3 (April 13, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 6.0 Client on supported editions of Windows Server 2003 and Remote Desktop Connection 6.1 Client on supported editions of Windows Vista. This is a bulletin change only. There were no changes to the detection or security update files.
•

V1.4 (April 15, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 6.0 Client on supported editions of Windows Server 2003 and Remote Desktop Connection 6.1 Client on supported editions of Windows Server 2008. This is a bulletin change only. There were no changes to the detection or security update files.
•

V1.5 (May 4, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 5.2 Client on supported editions of Windows XP Service Pack 3. This is a bulletin change only. There were no changes to the detection or security update files.

http://www.microsoft.com/technet/security/bulletin/MS11-017.mspx?pubDate=2011-05-04