Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Hello all --
Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:
Our other two bulletins are somewhat similar in nature, both addressing the DLL-preloading issue described in Security Advisory 2269637, and both carrying an Important-level severity rating and an Exploitability Index rating of 1.
We continue to address DLL-preloading issues as they are discovered; however, it's important to note that we have not seen exploitation of these issues in the wild.
In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on MS11-015:
As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).
More information about this month's security updates can be found on the Microsoft Security Bulletin summary web page.
As we often do in the wake of a Service Pack release, we've gotten deployment questions about Windows 7 SP1. To assist customers in that process, our TechNet site has posted an SP1 deployment guide to aid you in testing and deployment. You'll also find release notes and links to handy information -- for example, a spreadsheet that contains a list of all the hotfixes and security updates that are included in the Service Pack -- as well as information on new features and functionality.
We'd also like to update you on Security Advisory 2501696, which describes an MHTML-related vulnerability in Microsoft Windows. Microsoft is actively monitoring the threat landscape in conjunction with our Microsoft Active Protections Program (MAPP) partners. We are currently working to provide a solution through our monthly security update release process and will continue to monitor the issue as we prepare that.
Finally, we mentioned previously that changes are coming to the system we use for publishing our bulletins and security advisories. We still expect those changes to go live in June of this year. The main impact to customers will be a URL change from microsoft.com/technet/security to technet.microsoft.com/security. We are planning to have both the old and new sites available simultaneously for a period of time.
Please join the monthly technical webcast with your hosts, Jerry Bryant and Dustin Childs, to learn more about the March 2011 security bulletins. The webcast is scheduled for Wednesday, March 9, 2011 at 11:00 a.m. PST (UTC -8). Registration is available here.
For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.
Angela GunnTrustworthy Computing.