Microsoft Security Bulletin Summary for Janaury 11 2011

Discussion in 'other security issues & news' started by NICK ADSL UK, Jan 11, 2011.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,495
    Location:
    UK
    Microsoft Security Bulletin Summary for Janaury 11 2011

    Microsoft Security Bulletin Summary for Janaury 11 2011
    Published: Janaury 11 2011


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx


    Critical (1)
    Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
    http://www.microsoft.com/technet/security/bulletin/MS11-002.mspx

    important (1)

    Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
    http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx



    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,495
    Location:
    UK
    TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200)
    Event ID: 1032454958



    Language(s): English.
    Product(s): Other.
    Audience(s): IT Decision Maker, IT Generalist.



    Event Overview

    Join us for a brief overview of the technical details of the January security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation


    Register now for the January security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,495
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,495
    Location:
    UK
    Microsoft Security Advisory Notification - Jan 11, 2011
    Security Advisories Updated or Released Today



    Microsoft Security Advisory (973811)
    Extended Protection for Authentication
    Published: August 11, 2009 | Updated: January 11, 2011

    Revisions:

    • V1.0 (August 11, 2009): Advisory published.

    • V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054 relating to WinINET.

    • V1.2 (December 8, 2009): Updated the FAQ with information about three non-security updates relating to Windows HTTP Services, HTTP Protocol Stack, and Internet Information Services.

    • V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917.

    • V1.4 (April 14, 2010): Updated the Suggested Actions section to direct customers to the "What other actions is Microsoft taking to implement this feature?" entry in the section, Frequently Asked Questions.

    • V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication.

    • V1.6 (September 14, 2010): Updated the FAQ with information about a non-security update enabling Outlook Express and Windows Mail to opt in to Extended Protection for Authentication.

    • V1.7 (October 12, 2010): Updated the FAQ with information about a non-security update enabling Windows Server Message Block (SMB) to opt in to Extended Protection for Authentication.

    • V1.8 (December 14, 2010): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

    • V1.9 (December 17, 2010): Removed the FAQ entry, originally added December 14, 2010, about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

    • V1.10 (January 11, 2011): Updated the FAQ with information about a new release enabling Microsoft Office Live Meeting Service Portal to opt in to Extended Protection for Authentication.


    http://www.microsoft.com/technet/security/advisory/973811.mspx



    Microsoft Security Advisory (2488013)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    Published: December 22, 2010 | Updated: January 11, 2011


    Revisions
    • V1.0 (December 22, 2010): Advisory published.

    • V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.

    • V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks.

    • V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround.

    http://www.microsoft.com/technet/security/advisory/2488013.mspx



    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    Published: August 23, 2010 | Updated: January 11, 2011


    Revisions
    • V1.0 (August 23, 2010): Advisory published.

    • V1.1 (August 31, 2010): Added a link to Microsoft Knowledge Base Article 2264107 to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares.

    • V2.0 (November 9, 2010): Added Microsoft Security Bulletin MS10-087, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.

    • V3.0 (December 14, 2010): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS10-093, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;" MS10-094, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;" MS10-095, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;" MS10-096, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and MS10-097, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."

    • V4.0 (January 11, 2011): Added Microsoft Security Bulletin MS11-001, "Vulnerability in Windows Backup Manager Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.

    http://www.microsoft.com/technet/security/advisory/2269637.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,495
    Location:
    UK
    Microsoft Security Advisory (2501696)
    Microsoft Security Advisory: Vulnerability in MHTML could allow information disclosure
    Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
    http://www.microsoft.com/technet/security/advisory/2501696.mspx

    To have us fix this problem for you, go to the "Fix it for me" section.
    Fix it for meThe fixit solution described in this section is not intended to be a replacement...

    http://support.microsoft.com/kb/2501696#FixItForMe
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.