Microsoft Security Bulletin: April 2011 Release

securitybulletin
This week is a big week for security updates as we are releasing 17 new security bulletins. Please see the details below and apply where needed in your environments.

New Security Bulletins

Microsoft is releasing the following 17 new security bulletins for newly discovered vulnerabilities:

Bulletin ID

Bulletin Title

Maximum Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS11-018

Cumulative Security Update for Internet Explorer (2497640)

Critical

Remote Code Execution

Requires restart

Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-019

Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-020

Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-021

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

Important

Remote Code Execution

May require restart

Microsoft Excel 2002, Excel 2003, Excel 2007, Excel 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

MS11-022

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

Important

Remote Code Execution

May require restart

Microsoft PowerPoint 2002, PowerPoint 2003, PowerPoint 2007, PowerPoint 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, PowerPoint Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and PowerPoint Web App.

MS11-023

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

Important

Remote Code Execution

May require restart

Microsoft Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac.

MS11-024

Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

Important

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-025

Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

Important

Remote Code Execution

May require restart

Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual C++ 2005 SP1 Redistributable Package, Visual C++ 2008 SP1 Redistributable Package, and Visual C++ 2010 Redistributable Package.

MS11-026

Vulnerability in MHTML Could Allow Information Disclosure (2503658)

Important

Information Disclosure

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-027

Cumulative Security Update of ActiveX Kill Bits (2508272)

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-028

Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-029

Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office XP.

MS11-030

Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-031

Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-032

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS11-033

Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

Important

Remote Code Execution

May require restart

Microsoft Windows XP and Windows Server 2003.

MS11-034

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

Important

Elevation of Privilege

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Summaries for new bulletin(s) may be found at https://www.microsoft.com/technet/security/bulletin/MS11-apr.mspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Centre. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.

Jeffa

Technorati Tags: Patching,Updates,Security Bulletins

 

Digg This