Microsoft Security Bulletin Summary for February 8 2011

Discussion in 'other security issues & news' started by NICK ADSL UK, Feb 8, 2011.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for February 8 2011

    Microsoft Security Bulletin Summary for February 8 2011
    Published: February 8 2011


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms11-feb.mspx

    Critical (3)
    Microsoft Security Bulletin MS11-003
    Cumulative Security Update for Internet Explorer (2482017)
    http://www.microsoft.com/technet/security/bulletin/ms11-003.mspx

    Microsoft Security Bulletin MS11-006
    Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
    http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx

    Microsoft Security Bulletin MS11-007
    Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
    http://www.microsoft.com/technet/security/bulletin/ms11-007.mspx




    important (9)
    Microsoft Security Bulletin MS11-004
    Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
    http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx

    Microsoft Security Bulletin MS11-005
    Vulnerability in Active Directory Could Allow Denial of Service (2478953)
    http://www.microsoft.com/technet/security/bulletin/ms11-005.mspx

    Microsoft Security Bulletin MS11-008
    Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
    http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx

    Microsoft Security Bulletin MS11-009
    Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
    http://www.microsoft.com/technet/security/bulletin/ms11-009.mspx

    Microsoft Security Bulletin MS11-010
    Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
    http://www.microsoft.com/technet/security/bulletin/ms11-010.mspx

    Microsoft Security Bulletin MS11-011
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
    http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx

    Microsoft Security Bulletin MS11-012
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (247962:cool:
    http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx

    Microsoft Security Bulletin MS11-013
    Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
    http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx

    Microsoft Security Bulletin MS11-014
    Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
    http://www.microsoft.com/technet/security/bulletin/ms11-014.mspx




    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft February Security Bulletins (Level 200)
    Event ID: 1032455047


    Language(s): English.
    Product(s): Other.
    Audience(s): IT Decision Maker, IT Generalist.


    Event Overview
    Join us for a brief overview of the technical details of the February security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principal Security SDE Lead, MSRC, Microsoft Corporation



    Register now for the February security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (967940)
    Update for Windows Autorun
    Published: February 24, 2009 | Updated: February 08, 2011

    Version: 2.0

    Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

    Microsoft released the following updates related to this advisory.

    • The update released by Microsoft on February 24, 2009:



    Revisions:

    • V1.0 (February 24, 2009): Advisory published.

    • V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029.

    • V2.0 (February 8, 2011): Summary and update FAQ revised to notify users that the 971029 update to Autorun that restricts AutoPlay functionality to CD and DVD media will be offered via automatic updating.

    http://www.microsoft.com/technet/security/advisory/967940.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (2490606)
    Microsoft Security Advisory (2490606)
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
    Published: January 04, 2011 | Updated: February 08, 2011

    Revisions
    • V1.0 (January 4, 2011): Advisory published.

    • V1.1 (January 5, 2011): Added a link to the automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround.

    • V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems.

    • V2.0 (February 8, 2011): Advisory updated to reflect publication of security bulletin.


    http://www.microsoft.com/technet/security/advisory/2490606.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    - Reason for Revision: V3.0 (February 22, 2011): Announced a
    detection change to offer the Microsoft .NET Framework 4.0
    update packages to customers who install Microsoft .NET
    Framework 4.0 after installing Windows 7 for x64-based
    Systems Service Pack 1, Windows Server 2008 R2 for x64-based
    Systems Service Pack 1, or Windows Server 2008 R2 for
    Itanium-based Systems Service Pack 1. Customers who have
    already successfully updated their systems do not need to
    take any action.
    - Originally posted: October 12, 2010
    - Updated: February 22, 2011
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx

    * MS10-070 - Important


    - Reason for Revision: V4.0 (February 22, 2011): Announced a
    detection change to offer the Microsoft .NET Framework 4.0
    (KB2416472) update packages to customers who install
    Microsoft .NET Framework 4.0 after installing Windows 7 for
    32-bit Systems Service Pack 1, Windows 7 for x64-based
    Systems Service Pack 1, Windows Server 2008 R2 for x64-based
    Systems Service Pack 1, or Windows Server 2008 R2 for
    Itanium-based Systems Service Pack 1. Customers who have
    already successfully updated their systems do not need to
    take any action.
    - Originally posted: September 28, 2010
    - Updated: February 22, 2011
    - Bulletin Severity Rating: Important
    - Version: 4.0
    http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS11-011 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
    Published: February 08, 2011 | Updated: March 02, 2011

    Revisions


    V1.0 (February 8, 2011): Bulletin published.

    V1.1 (March 2, 2011): Added a link to Microsoft Knowledge Base Article 2393802 under Known Issues in the Executive Summary.
    http://www.microsoft.com/technet/security/bulletin/MS11-011.mspx?pubDate=2011-03-02



    Microsoft Security Bulletin MS10-092 - Important
    Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
    Published: December 14, 2010 | Updated: March 02, 2011

    Revisions


    V1.0 (December 14, 2010): Bulletin published.

    V1.1 (March 2, 2011): Added a link to Microsoft Knowledge Base Article 2305420 under Known Issues in the Executive Summary
    http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx?pubDate=2011-03-02
     
Loading...
Thread Status:
Not open for further replies.