Microsoft Security Bulletin Summary for July 12 2011

Microsoft Security Bulletin Summary for July 12 2011

Microsoft Security Bulletin Summary for July 12 2011
Published: July 12 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

Critical (1)
Microsoft Security Bulletin MS11-053 - Critical
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
Published: July 12, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-053.mspx

Important (3)

Microsoft Security Bulletin MS11-054 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
Published: July 12, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-054.mspx

Microsoft Security Bulletin MS11-056 - Important
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (250793
Published: July 12, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx

Microsoft Security Bulletin MS11-055 - Important
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
Published: July 12, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-055.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information about Microsoft Security Bulletins for July (Level 200)
Event ID: 1032487855

Language(s): English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker and IT Generalist.

Join us for a brief overview of the technical details of the Microsoft security bulletins for July. We intend to address your concerns in this webcast; therefore, most of the webcast is devoted to attendees asking questions and getting answers from Microsoft security experts.


Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation


Register now for the july security bulletin webcast.

 

please take note


2532531

http://support.microsoft.com/kb/2532531/MS11-053:
Description of the update for Bluetooth Stack for Windows 7 and Windows Vista Service Pack 2: July 12, 2011 Known issues in security update 2532531:

* If you are running Windows 7, we recommend that you install update
2552343 before you install this security update. Your system is
automatically offered update 2552343 when you use Microsoft Update.
* After you install this security update, you may be prompted to
install this security update again when you scan the system by
using Windows Update, Microsoft Update, Microsoft Windows Server
Update Services (WSUS) server or Microsoft Baseline Security
Analyzer (MBSA). This issue may occur if you installed this
security update, but you have not installed update 2552343. To
resolve this issue, approve the installation of update 2552343 in
WSUS or install update 2552343

http://support.microsoft.com/kb/2552343

 

Title: Microsoft Security Bulletin Re-Releases
Issued: July 12, 2011

Microsoft Security Bulletin MS08-069 – Critical
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (95521
Published: November 11, 2008 | Updated: July 12, 2011

Revisions
• V1.0 (November 11, 200: Bulletin published.

• V1.1 (December 10, 200: Removed the kill bit workaround from Workarounds for MSXML DTD Cross-Domain Scripting Vulnerability - CVE-2008-4029. Also added a note to the Supported Security Update Installation Switches tables clarifying that the /overwriteoem installation switch is not applicable for Microsoft XML Core Services 4.0 or Microsoft XML Core Services 6.0 when installed on Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2.

• V1.2 (December 17, 200: Added log file entries in the Security Update Deployment section Reference table for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition, and Windows Server 2003 x64 Edition Service Pack 2.

• V2.0 (April 29, 2009): Added Microsoft XML Core Services 4.0 (KB954430) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2 as affected software. Also added as non-affected software: Microsoft XML Core Services 3.0 and Microsoft XML Core Services 6.0 on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB954430 do not need to reinstall.

• V3.0 (October 13, 2009): Added Microsoft XML Core Services 4.0 (KB954430) when installed on 32-bit and x64-based editions of Windows 7 and on x64-based and Itanium-based editions of Windows Server 2008 R2 as affected software. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB954430 do not need to reinstall.

• V4.0 (July 12, 2011): Added Microsoft XML Core Services 4.0 (KB954430) when installed on 32-bit and x64-based editions of Windows 7 Service Pack 1 and on x64-based and Itanium-based editions of Windows Server 2008 R2 Service Pack 1 as affected software. This is a detection change only; there were no changes to the binaries. The latest MBSA and SMS support this rerelease. Customers who have already successfully installed KB954430 do not need to reinstall.

http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

 

Microsoft Security Bulletin Minor Revisions - July 27, 2011
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-027 - Critical
* MS09-035 - Moderate

Bulletin Information:
=====================

* MS11-027 - Critical


http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

- Reason for Revision: V1.1 (July 27, 2011): Added class
identifiers for the Microsoft WMITools ActiveX Control
described in this bulletin's vulnerability section for
CVE-2010-3973. This is an informational change only.
Customers who have already applied the "Prevent COM objects
from running in Internet Explorer" workaround for this
vulnerability should reapply this workaround with the
additional class identifiers.
- Originally posted: April 12, 2011
- Updated: July 27, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-035 - Moderate

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

- Reason for Revision: V3.1 (July 27, 2011): Corrected the update
verification information for Microsoft Visual C++ 2005
Service Pack 1 Redistributable Package, Microsoft Visual C++
2008 Redistributable Package, and Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package. Removed the registry
key information in favor of product codes. This is an
informational change only.
- Originally posted: July 28, 2009
- Updated: July 27, 2011
- Bulletin Severity Rating: Moderate
- Version: 3.1