Microsoft Security Bulletin Summary for April 12 2011

Discussion in 'other security issues & news' started by NICK ADSL UK, Apr 12, 2011.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for April 12 2011

    Microsoft Security Bulletin Summary for April 12 2011
    Published: April 12 2011


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

    Critical (9)
    Microsoft Security Bulletin MS11-018
    Cumulative Security Update for Internet Explorer (2497640)
    http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx

    Microsoft Security Bulletin MS11-019
    Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
    http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx

    Microsoft Security Bulletin MS11-020
    Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
    http://www.microsoft.com/technet/security/bulletin/ms11-020.mspx

    Microsoft Security Bulletin MS11-027
    Cumulative Security Update of ActiveX Kill Bits (2508272)
    http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

    Microsoft Security Bulletin MS11-028
    Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
    http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx

    Microsoft Security Bulletin MS11-029
    Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
    http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx

    Microsoft Security Bulletin MS11-030
    Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
    http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

    Microsoft Security Bulletin MS11-031
    Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
    http://www.microsoft.com/technet/security/bulletin/ms11-031.mspx

    Microsoft Security Bulletin MS11-032
    Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (250761:cool:
    http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx

    Important (:cool:
    Microsoft Security Bulletin MS11-021
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
    http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx

    Microsoft Security Bulletin MS11-022
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
    http://www.microsoft.com/technet/security/bulletin/ms11-022.mspx

    Microsoft Security Bulletin MS11-023
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
    http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx

    Microsoft Security Bulletin MS11-024
    Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (252730:cool:
    http://www.microsoft.com/technet/security/bulletin/ms11-024.mspx

    Microsoft Security Bulletin MS11-025
    Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
    http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx

    Microsoft Security Bulletin MS11-026
    Vulnerability in MHTML Could Allow Information Disclosure (250365:cool:
    http://www.microsoft.com/technet/security/bulletin/ms11-026.mspx

    Microsoft Security Bulletin MS11-033
    Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
    http://www.microsoft.com/technet/security/bulletin/ms11-033.mspx

    Microsoft Security Bulletin MS11-034
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
    http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx










    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
    Event ID: 1032455069




    Starts: Wednesday, April 13, 2011 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration:60 Minutes


    Language(s): English.
    Product(s): Other.
    Audience(s): IT Decision Maker, IT Generalist.

    Join us for a brief overview of the technical details of the April security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principal Security SDE Lead, MSRC, Microsoft Corporation

    Register now for the April security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS11-031 - Critical
    Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
    Published: April 12, 2011 | Updated: April 20, 2011

    Revisions


    V1.0 (April 12, 2011): Bulletin published.


    V1.1 (April 20, 2011): Bulletin updated to clarify that the JScript 5.8 and VBScript 5.8 update (KB2510531) also replaces MS09-045, in addition to MS10-022, for all supported editions of Windows XP, Windows Server 2003, and Windows Vista.

    http://www.microsoft.com/technet/security/bulletin/MS11-031.mspx?pubDate=2011-04-20




    Microsoft Security Bulletin MS11-024 - Important
    Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (252730:cool:
    Published: April 12, 2011 | Updated: April 20, 2011

    Revisions


    V1.0 (April 12, 2011): Bulletin published.


    V1.1 (April 20, 2011): Added a link to Microsoft Knowledge Base Article 2527308 under Known Issues in the Executive Summary.
    http://www.microsoft.com/technet/security/bulletin/MS11-024.mspx?pubDate=2011-04-20



    Microsoft Security Bulletin MS11-022 - Important
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
    Published: April 12, 2011 | Updated: April 20, 2011

    Revisions


    V1.0 (April 12, 2011): Bulletin published.

    V1.1 (April 20, 2011): Corrected the bulletin replacement information for the Microsoft PowerPoint Web App update (KB2520047). This is an informational change only. There were no changes to the detection logic or the update files.
    http://www.microsoft.com/technet/security/bulletin/MS11-022.mspx?pubDate=2011-04-20



    Microsoft Security Bulletin MS10-070 - Important
    Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
    Published: September 28, 2010 | Updated: April 20, 2011

    Revisions


    V1.0 (September 28, 2010): Bulletin published.


    V2.0 (September 30, 2010): Revised this bulletin to announce that the updates are now available through all distribution channels, including Windows Update and Microsoft Update. Also added an update FAQ to describe additional clarifications and corrections to the bulletin.


    V2.1 (October 13, 2010): Added three update FAQs to clarify affected software.


    V2.2 (November 3, 2010): Added a note to the Affected Software table to clarify that the .NET Framework 4.0 Client Profile is not affected.


    V3.0 (December 14, 2010): Added an update FAQ to announce that new update packages are available for .NET Framework 4.0 (KB2416472) to correct an issue in the setup that could interfere with the successful installation of other updates and/or products. Customers who have already successfully updated their systems do not need to take any action.


    V4.0 (February 22, 2011): Announced a detection change to offer the Microsoft .NET Framework 4.0 (KB2416472) update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.


    V4.1 (April 20, 2011): Corrected registry key verification for Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP and Windows Server 2003.
    http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx?pubDate=2011-04-20
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS11-025 - Important
    Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
    Published: April 12, 2011 | Updated: April 21, 2011

    Version: 2.0
    Revisions
    • V1.0 (April 12, 2011): Bulletin published.

    • V1.1 (April 12, 2011): Clarified the update FAQ, "I am a third-party application developer and I use Visual C++. How do I update my application?"

    • V2.0 (April 21, 2011): Rereleased bulletin to reoffer the updates to address a detection issue. There were no changes to the security update files in this bulletin. Customers who have already successfully updated their systems do not need to reinstall this update.

    http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS11-017 - Important
    Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
    Published: March 08, 2011 | Updated: May 04, 2011

    Version: 1.5

    Revisions
    •

    V1.0 (March 8, 2011): Bulletin published.
    •

    V1.1 (March 8, 2011): Corrected the Systems Management Server table entries for SMS 2.0 and SMS 2003 with SUIT for Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2. These are informational changes only. There were no changes to the security update files or detection logic.
    •

    V1.2 (March 9, 2011): Corrected the Non-Affected Software component entries for the service pack 1 versions of Windows 7 and Windows Server 2008 R2 from Remote Desktop Connection 7.0 Client to Remote Desktop Connection 7.1 Client. These are informational changes only. There were no changes to the security update files or detection logic.
    •

    V1.3 (April 13, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 6.0 Client on supported editions of Windows Server 2003 and Remote Desktop Connection 6.1 Client on supported editions of Windows Vista. This is a bulletin change only. There were no changes to the detection or security update files.
    •

    V1.4 (April 15, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 6.0 Client on supported editions of Windows Server 2003 and Remote Desktop Connection 6.1 Client on supported editions of Windows Server 2008. This is a bulletin change only. There were no changes to the detection or security update files.
    •

    V1.5 (May 4, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 5.2 Client on supported editions of Windows XP Service Pack 3. This is a bulletin change only. There were no changes to the detection or security update files.

    http://www.microsoft.com/technet/security/bulletin/MS11-017.mspx?pubDate=2011-05-04
     
Loading...
Thread Status:
Not open for further replies.