Home > Microsoft Security > Microsoft Security Bulletins May 2011

Microsoft Security Bulletins May 2011

Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. This documentation is archived and is not being maintained. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). MS11-099 Internet Explorer Insecure Library Loading Vulnerability CVE-2011-2019 1 - Exploit code likelyNot affectedNot applicable(None) MS11-100 Collisions in HashTable May Cause DoS Vulnerability CVE-2011-3414 3 - Exploit code unlikely 3 - this contact form

Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems. This bulletin spans more than one software category. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) This security update resolves a privately reported vulnerability in Microsoft Windows. This documentation is archived and is not being maintained. https://technet.microsoft.com/en-us/library/security/ms11-may.aspx

Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and This can trigger incompatibilities and increase the time it takes to deploy security updates. The TechNet Security Center provides additional information about security in Microsoft products.

  1. Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) This security update resolves a publicly disclosed
  2. Microsoft Security Bulletin Summary for March 2011 Published: March 08, 2011 | Updated: March 16, 2011 Version: 1.1 This bulletin summary lists security bulletins released for March 2011.
  3. Detection and Deployment Tools and Guidance Security Central Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization.
  4. Revisions V1.0 (May 10, 2011): Bulletin Summary published.
  5. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment.
  6. Security updates are available from Microsoft Update and Windows Update.

By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. Note You may have to install several security updates for a single vulnerability. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Bulletin IDVulnerability TitleCVE IDExploitability Index AssessmentKey Notes MS11-025 MFC Insecure Library Loading Vulnerability CVE-2010-3190 1 - Consistent exploit code likelyThis vulnerability has been disclosed publicly MS11-028 .NET Framework Stack Corruption Vulnerability The content you requested has been removed. Systems Management Server 2003 Microsoft Systems Management Server (SMS) delivers a highly-configurable enterprise solution for managing updates. https://technet.microsoft.com/en-us/library/security/ms11-jun.aspx The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. .NET Framework 4 Client Profile is a subset of .NET

Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or

This update also includes kill bits for four third-party ActiveX controls. https://technet.microsoft.com/en-us/library/security/ms11-aug.aspx The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. V1.1 (December 13, 2011): For MS11-099, corrected the severity ratings in the Affected Software table. By default, WINS is not installed on any affected operating system.

The content you requested has been removed. weblink This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation Important Remote Code ExecutionMay require restartMicrosoft Windows MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) This security update resolves a publicly disclosed vulnerability in certain applications Note for MS11-069 [1] .NET Framework 4 and .NET Framework 4 Client Profile affected.

Moderate Denial of ServiceRequires restartMicrosoft Windows MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. Security updates are also available at the Microsoft Download Center. http://3swindows.com/microsoft-security/microsoft-security-essentials-32-bit.html Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.

Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4.0 and .NET Framework 4.0 Client Profile. .NET Framework 4.0 Client Profile is a subset of .NET For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation.

Important Remote Code ExecutionMay require restartMicrosoft Office MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) This security update resolves a privately reported vulnerability in Microsoft Windows.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Other Information Microsoft Windows Malicious Software Removal Tool Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, With the release of the security bulletins for April 2011, this bulletin summary replaces the bulletin advance notification originally issued April 7, 2011. System Center Configuration Manager 2007 Configuration Manager 2007 Software Update Management simplifies the complex task of delivering and managing updates to IT systems across the enterprise.

Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity. Windows Operating System and Components Table 1 Windows XP Bulletin Identifier MS11-057 MS11-058 MS11-059 MS11-061 MS11-062 MS11-063 Aggregate Severity Rating Critical NoneNoneNone Important Important Windows XP Service Pack 3 Internet Explorer Updates for consumer platforms are available from Microsoft Update. http://3swindows.com/microsoft-security/microsoft-security-essentials-xp.html Security updates are available from Microsoft Update and Windows Update.

With Configuration Manager 2007, IT administrators can deliver updates of Microsoft products to a variety of devices including desktops, laptops, servers, and mobile devices. How do I use this table? Critical Remote Code ExecutionRequires restartMicrosoft Windows MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin.

For more information about this procedure, see Deploying Software Updates Using the SMS Software Distribution Feature. Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. There is no charge for support calls that are associated with security updates. Security updates are also available at the Microsoft Download Center.

Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment. Note for MS11-029 See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier. Microsoft Security Bulletin Summary for January 2011 Published: January 11, 2011 Version: 1.0 This bulletin summary lists security bulletins released for January 2011. Important Remote Code ExecutionMay require restartMicrosoft Office Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month.

The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. You’ll be auto redirected in 1 second. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment.

Critical Remote Code ExecutionRequires restartMicrosoft Windows,Internet Explorer MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455) This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application.

Updates for consumer platforms are available from Microsoft Update.