Microsoft Security Bulletins May 2011
Important Denial of ServiceRequires restartMicrosoft Windows MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) This security update resolves a privately reported vulnerability in ASP.NET Chart controls. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! and Canada can receive technical support from Security Support or 1-866-PCSAFETY (1-866-727-2338). Microsoft is hosting a webcast to address customer questions on the out-of-band security bulletin on December 29, 2011, at 1:00 PM Pacific Time (US & Canada). Source
Some software updates may not be detected by these tools. Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates". Other versions are past their support life cycle. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability.
- Security updates are available from Microsoft Update and Windows Update.
- Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Important Remote Code ExecutionMay require restartMicrosoft Windows MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) This security update resolves a publicly disclosed vulnerability in certain applications
- For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
- This bulletin spans more than one software category.
- Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279.
- By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users.
- Microsoft is hosting a webcast to address customer questions on these bulletins on January 12, 2011, at 11:00 AM Pacific Time (US & Canada).
The vulnerabilities are listed in order of bulletin ID then CVE ID. See MS11-036 for details. How do I use this table? V1.1 (March 16, 2011): Removed an erroneous reference to Windows XP Home Edition Service Pack 3 and Windows XP Tablet PC Edition Service Pack 3 as not affected in the notes
To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners. for reporting an issue described in MS11-063 Nico Leidecker and James Forshaw of Context Information Security for reporting an issue described in MS11-066 Adam Bixby of Gotham Digital Science for reporting You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit. You’ll be auto redirected in 1 second.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. For more information about how to contact Microsoft for support issues, visit International Help and Support. There is no charge for support that is associated with security updates. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user.
IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. Important Information DisclosureMay require restartMicrosoft .NET Framework, Microsoft Developer Tools MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) This security update resolves a privately reported vulnerability in Microsoft Report Viewer. Note for MS11-069  .NET Framework 4 and .NET Framework 4 Client Profile affected. For information about SMS, visit the Microsoft Systems Management Server TechCenter.
If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed. this contact form The vulnerabilities could not be exploited remotely or by anonymous users. Updates from Past Months for Windows Server Update Services. Bulletin IDVulnerability TitleCVE IDCode Execution Exploitability Assessment for Latest Software ReleaseCode Execution Exploitability Assessment for Older Software ReleasesDenial of Service Exploitability AssessmentKey Notes MS11-037 MHTML Mime-Formatted Request Vulnerability CVE-2011-1894 3 –
Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. For information about SMS, visit the Microsoft Systems Management Server TechCenter. http://supportcanonprinter.com/microsoft-security/microsoft-security-essentials-64-bit.html Microsoft Security Bulletin Summary for March 2011 Published: March 08, 2011 | Updated: March 16, 2011 Version: 1.1 This bulletin summary lists security bulletins released for March 2011.
For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable. Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates.
See bulletin for details.
This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates. Important Information DisclosureRequires restartMicrosoft Windows MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663) This security update resolves a privately reported vulnerability in Microsoft Windows. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used
Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack) to install these updates. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS11-027 Cumulative Security Update of ActiveX K ill Bits (2508272) This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. Additionally, bulletin information in the Common Vulnerability Reporting Framework (CVRF) format is available. Check This Out An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
for reporting two issues described in MS11-018 Stephen Fewer of Harmony Security, working with TippingPoint's Zero Day Initiative, for reporting an issue described in MS11-018 Alin Rad Pop of Secunia Research for Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. International customers can receive support from their local Microsoft subsidiaries. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site.