Microsoft Security Bulletin Advance Notification for July 2011

ronjor · Jul 7, 2011

Published: July 07, 2011

Microsoft Security Bulletin Advance Notification issued: July 7, 2011
Microsoft Security Bulletins to be issued: July 12, 2011

This is an advance notification of security bulletins that Microsoft is intending to release on July 12, 2011.

This bulletin advance notification will be replaced with the July bulletin summary on July 12, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on July 13, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the July Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Click to expand...

https://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

Note: See Executive Summaries within the bulletin for information.

ronjor · Jul 12, 2011

Microsoft Security Bulletin Summary for July 2011
Published: July 12, 2011

Version: 1.0

This bulletin summary lists security bulletins released for July 2011.

With the release of the security bulletins for July 2011, this bulletin summary replaces the bulletin advance notification originally issued July 7, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on July 13, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the July Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Click to expand...

https://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

ronjor · Jul 12, 2011

As I previously mentioned in the Advance Notification Blog on Thursday, today we are releasing four security bulletins, one of which is rated as Critical, and three of which are rated Important. These bulletins will increase protection by addressing 22 vulnerabilities in the following Microsoft products. We’ve marked one bulletin, MS11-053, as our highest deployment priority for the month:

MS11-053 (Bluetooth Stack). This security bulletin resolves one privately reported vulnerability in the Windows Bluetooth Stack. This bulletin is rated Critical for Windows Vista and Windows 7 platforms. All prior versions of Windows are unaffected.

Despite its high deployment priority, we have assigned MS11-053 an Exploitability Index rating of 2. For more information on that decision, please see the SRD blog. We encourage all customers to apply this bulletin first, before deploying the rest of our July updates as soon as possible. Of note, consumers with Automatic Update enabled on their computers will not need to take any action; the tool ensures that the updates are applied and the systems protected.

The SRD blog also has insight from MSRC Engineering concerning MS11-056, an Important-level bulletin addressing five issues in Windows’ client/server runtime subsystem.
Click to expand...

http://blogs.technet.com/b/msrc/

MessageBoxA · Jul 12, 2011

Wow,

Look at that... 14 Win32k.sys vunerabilities discovered by Tarjei. It is amazing that a multi-billion dollar company like Microsoft cannot scan ther own binaries for Null Pointer de-references and use-after-free pointers/handles.

I love how they add: "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users."

That statement is somewhat misleading.

I don't really understand why researchers like ~Link removed~ about a vunerability the same day the patch is released. He gives enough details in his blog to build a working exploit. He should wait a while longer before going public with details.

Log in or Sign up

Microsoft Security Bulletin Advance Notification for July 2011

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

MessageBoxA Registered Member

Log in or Sign up

Microsoft Security Bulletin Advance Notification for July 2011

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

MessageBoxA Registered Member

Useful Searches