This week is a big week for security updates as we are releasing 17 new security bulletins. Please see the details below and apply where needed in your environments.
New Security Bulletins
Microsoft is releasing the following 17 new security bulletins for newly discovered vulnerabilities:
Bulletin ID
Bulletin Title
Maximum Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software
MS11-018
Cumulative Security Update for Internet Explorer (2497640)
Critical
Remote Code Execution
Requires restart
Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
Important
May require restart
Microsoft Excel 2002, Excel 2003, Excel 2007, Excel 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
MS11-022
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
Microsoft PowerPoint 2002, PowerPoint 2003, PowerPoint 2007, PowerPoint 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, PowerPoint Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and PowerPoint Web App.
MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
Microsoft Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac.
MS11-024
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
MS11-025
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual C++ 2005 SP1 Redistributable Package, Visual C++ 2008 SP1 Redistributable Package, and Visual C++ 2010 Redistributable Package.
MS11-026
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
Information Disclosure
MS11-027
Cumulative Security Update of ActiveX Kill Bits (2508272)
MS11-028
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office XP.
MS11-030
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
MS11-032
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
MS11-033
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
Microsoft Windows XP and Windows Server 2003.
MS11-034
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
Elevation of Privilege
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS11-apr.mspx.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Centre. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
Jeffa