Software Updates – June 17, 2011

by PCSentry on 06/17/2011

Security updates for the following applications have been released:

  • Adobe Acrobat 10.1.0 Pro and Standard
  • Adobe Acrobat 8.3.0 Pro and Standard
  • Adobe Acrobat 9.4.5 Pro and Standard
  • Adobe Air 2.7.0.19480
  • Adobe Flash Player 10.3.181.26
  • Adobe Flash Player 10.3.181.26 for Firefox, Safari, Opera
  • Adobe Reader 10.1.0
  • Adobe Reader 8.3.0
  • Adobe Reader 9.4.5
  • Adobe Shockwave Player 11.6.0.626
  • Google Chrome 12.0.742.100 – Stable channel – System level install
  • Skype 5.3.0.120
  • WinRAR 4.00 x32
  • WinRAR 4.00 x64
  • WinRAR 3.93 x32
  • WinRAR 3.93 x64
  • WinZip 15.5.9510

For devices part of PCSentry’s automatic update process, applicable security updates will be automatically downloaded and installed according to the following schedule:

  • TEST devices on Monday, June 20, 2011
  • PROD devices on Wednesday, June 22, 2011

If you desire an accelerated deployment of these updates, please contact PCSentry via email or log a service request.  For devices that are not on an automatic update schedule, please submit a request to install the updates at your convenience.

If the installation of updates causes instability or other issues on TEST devices, contact PCSentry as soon as possible to delay the installation of updates on PROD devices.

More information on each product update

 

Bulletin ID: APSB11-16 Title: Adobe Acrobat 10.1.0 Pro and Standard Severity: Critical
The Adobe Acrobat 10.1.0 Pro and Standard update addresses a critical security vulnerability. Please see Security Bulletin APSB11-16 for details.
Applies to:
Adobe Acrobat Pro and Standard

 

Bulletin ID:
APSB11-16		 Title:
Adobe Acrobat 8.3.0 Pro and Standard		 Severity:
Critical
The Adobe Acrobat 8.3.0 Pro and Standard update addresses a critical security vulnerability. Please see Security Bulletin APSB11-16 for details.
Applies to:
Adobe Acrobat Pro and Standard

 

Bulletin ID:
APSB11-16		 Title:
Adobe Acrobat 9.4.5 Pro and Standard		 Severity:
Critical
The Adobe Acrobat 9.4.5 Pro and Standard update addresses a critical security vulnerability. Please see Security Bulletin APSB11-16 for details.
Applies to: Adobe Acrobat Pro and Standard

 

Bulletin ID:
ADOBEAIR27		 Title:
Adobe Air 2.7.0.19480		 Severity:
Critical
Adobe Air 2.7 includes fixes that improve the security, stability, performance, and compatibility of AIR.
Applies to:
Adobe Air

 

Bulletin ID: APSB11-18 Title: Adobe Flash Player 10.3.181.26 Severity: Critical
This release contains fixes for critical vulnerabilities identified in Security Bulletin APSB11-18. All users are encouraged to update to the new players version 10.3.181.26.
Applies to: Adobe Flash Player 10

 

Bulletin ID: APSB11-18 Title: Adobe Flash Player 10.3.181.26 for Firefox, Safari, Opera Severity: Critical
This release contains fixes for critical vulnerabilities identified in Security Bulletin APSB11-18. All users are encouraged to update to the new players version 10.3.181.26.
Applies to: Adobe Flash Player 10

 

Bulletin ID: APSB11-16 Title: Adobe Reader 10.1.0 Severity: Critical
Critical vulnerabilities have been identified in Adobe Reader X and earlier versions. Adobe recommends users of Adobe Reader X and earlier versions for Windows update to Adobe Reader X .
Applies to: Adobe Reader

 

Bulletin ID: APSB11-16 Title: Adobe Reader 8.3.0 Severity: Critical
The Adobe Reader 8.3.0 update addresses a critical security vulnerability. Please see Security Bulletin APSB11-16 for details.
Applies to: Adobe Reader

 

Bulletin ID: APSB11-16 Title: Adobe Reader 9.4.5 Severity: Critical
The Adobe Reader 9.4.5 update addresses a critical security vulnerability. Please see Security Bulletin APSB11-16 for details.
Applies to: Adobe Reader

 

Bulletin ID: APSB11-17 Title: Adobe Shockwave Player 11.6.0.626 Severity: Critical
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits them, to run malicious code on the affected system.
Applies to: Adobe Shockwave Player

 

Bulletin ID: GC_12_0_742_100 Title: Google Chrome 12.0.742.100 – Stable channel – System level install Severity: Critical
This release contains an updated version of Adobe Flash.
Applies to: Google Chrome

 

Bulletin ID: SKYPE530120 Title: Skype 5.3.0.120 Severity:
With this newly released build the Extras Manager from Skype was removed, there are also the stability improvements.
Applies to: Skype

 

Bulletin ID: winrar400 Title: WinRAR 4.00 x32 Severity: Critical
This latest version of WinRAR decompresses multimedia files 30% faster, saves your archive passwords for reuse and offers optimized Unicode support.
Applies to: WinRAR

 

Bulletin ID: winrar400 Title: WinRAR 4.00 x64 Severity: Critical
This latest version of WinRAR decompresses multimedia files 30% faster, saves your archive passwords for reuse and offers optimized Unicode support.
Applies to: WinRAR

 

Bulletin ID: winrar393 Title: WinRAR 3.93 x32 Severity: Critical
In the release 3.93 bugs in the switches have been fixed, please see newsletter for the details.
Applies to: WinRAR

 

Bulletin ID: winrar393 Title: WinRAR 3.93 x64 Severity: Critical
In the release 3.93 bugs in the switches have been fixed, please see newsletter for the details.
Applies to: WinRAR

 

Bulletin ID: WINZIP1559510 Title: WinZip 15.5.9510 Severity:
WinZip 15.5 provides even faster zipping technology, improved usability, and extended functionality.
Applies to:
WinZip

Microsoft Updates – June 2011

by PCSentry on 06/14/2011

Microsoft June 2011 Security Updates Supported:

  • MS11-037Vulnerability in MHTML Could Allow Information Disclosure (2544893)
  • MS11-038Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
  • MS11-039Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
  • MS11-040Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
  • MS11-041Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
  • MS11-042Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
  • MS11-043Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
  • MS11-044Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
  • MS11-045Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
  • MS11-046Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
  • MS11-047Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
  • MS11-048Vulnerability in SMB Server Could Allow Denial of Service (2536275)
  • MS11-049Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
  • MS11-050Cumulative Security Update for Internet Explorer (2530548)
  • MS11-051Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
  • MS11-052Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

More Information:
MS11-037
Severity Rating: Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)

Description:

This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker’s web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. This security update is rated Important for all supported editions of Windows XP, Windows Vista, and Windows 7, and is rated Low for all supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2544893)
  • Security Update for Windows XP (KB2544893)
  • Security Update for Windows Vista for x64-based Systems (KB2544893)
  • Security Update for Windows Vista (KB2544893)
  • Security Update for Windows Server 2008 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 (KB2544893)
  • Security Update for Windows Server 2003 x64 Edition (KB2544893)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2003 (KB2544893)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2544893)
  • Security Update for Windows Embedded Standard 7 (KB2544893)
  • Security Update for Windows 7 for x64-based Systems (KB2544893)
  • Security Update for Windows 7 (KB2544893)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-037.mspx
MS11-038
Severity Rating: Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. This security update is rated Critical for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2476490)
  • Security Update for Windows XP (KB2476490)
  • Security Update for Windows Vista for x64-based Systems (KB2476490)
  • Security Update for Windows Vista (KB2476490)
  • Security Update for Windows Server 2008 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 (KB2476490)
  • Security Update for Windows Server 2003 x64 Edition (KB2476490)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2003 (KB2476490)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2476490)
  • Security Update for Windows Embedded Standard 7 (KB2476490)
  • Security Update for Windows 7 for x64-based Systems (KB2476490)
  • Security Update for Windows 7 (KB2476490)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-038.mspx
MS11-039
Severity Rating: Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

Description:

This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Microsoft Silverlight 4.

Included Updates:

  • Security Update for Microsoft Silverlight (KB2512827)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478658)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2478657)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2478657)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2478657)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2478663)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2478660)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478656)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
MS11-040
Severity Rating: Critical
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

Description:

This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used. This security update is rated Critical for Microsoft Forefront Threat Management Gateway 2010 Client.

Included Updates:

  • Security Update for Forefront TMG Client (KB 2520426)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx
MS11-041
Severity Rating: Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. This security update is rated Critical for all supported editions, except for 32-bit editions, of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Important for all supported editions, except for 32-bit editions, of Windows XP and Windows Server 2003.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Vista for x64-based Systems (KB2525694)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2525694)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Server 2008 x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2525694)
  • Security Update for Windows 7 for x64-based Systems (KB2525694)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-041.mspx
MS11-042
Severity Rating: Critical
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

Description:

This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003, and is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Vista for x64-based Systems (KB2535512)
  • Security Update for Windows Vista (KB2535512)
  • Security Update for Windows Server 2008 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 (KB2535512)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2535512)
  • Security Update for Windows Embedded Standard 7 (KB2535512)
  • Security Update for Windows 7 for x64-based Systems (KB2535512)
  • Security Update for Windows 7 (KB2535512)
  • Security Update for Windows XP x64 Edition (KB2535512)
  • Security Update for Windows XP (KB2535512)
  • Security Update for Windows Server 2003 x64 Edition (KB2535512)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2003 (KB2535512)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx
MS11-043
Severity Rating: Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. This security update is rated Critical for all supported releases of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2536276)
  • Security Update for Windows XP (KB2536276)
  • Security Update for Windows Vista for x64-based Systems (KB2536276)
  • Security Update for Windows Vista (KB2536276)
  • Security Update for Windows Server 2008 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 (KB2536276)
  • Security Update for Windows Server 2003 x64 Edition (KB2536276)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2003 (KB2536276)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536276)
  • Security Update for Windows Embedded Standard 7 (KB2536276)
  • Security Update for Windows 7 for x64-based Systems (KB2536276)
  • Security Update for Windows 7 (KB2536276)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-043.mspx
MS11-044
Severity Rating: Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

Description:

This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2518863)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2530095)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2518870)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2518865)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2518864)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
MS11-045
Severity Rating: Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

Description:

This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, “Disable Edit in Protected View for Excel 2010,” available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. This security update is rated Important for all supported editions of Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; Open XML File Format Converter for Mac; and all supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.

Included Updates:

  • Security Update for Microsoft Excel 2002 (KB2541003)
  • Security Update for Microsoft Excel 2010 (KB2523021), 64-Bit Edition
  • Security Update for Microsoft Excel 2010 (KB2523021), 32-Bit Edition
  • Security Update for Microsoft Office Excel 2007 (KB2541007)
  • Security Update for the 2007 Microsoft Office System (KB2541012)
  • Security Update for Microsoft Office Excel Viewer (KB2541015)
  • Security Update for Microsoft Office Excel 2003 (KB2541025)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-045.mspx
MS11-046
Severity Rating: Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

Description:

This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. This security update is rated Important for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2503665)
  • Security Update for Windows XP (KB2503665)
  • Security Update for Windows Vista for x64-based Systems (KB2503665)
  • Security Update for Windows Vista (KB2503665)
  • Security Update for Windows Server 2008 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 (KB2503665)
  • Security Update for Windows Server 2003 x64 Edition (KB2503665)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2003 (KB2503665)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2503665)
  • Security Update for Windows Embedded Standard 7 (KB2503665)
  • Security Update for Windows 7 for x64-based Systems (KB2503665)
  • Security Update for Windows 7 (KB2503665)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-046.mspx
MS11-047
Severity Rating: Important
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

Description:

This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2525835)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525835)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-047.mspx
MS11-048
Severity Rating: Important
Vulnerability in SMB Server Could Allow Denial of Service (2536275)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536275)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Embedded Standard 7 (KB2536275)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536275)
  • Security Update for Windows 7 for x64-based Systems (KB2536275)
  • Security Update for Windows 7 (KB2536275)
  • Security Update for Windows Vista for x64-based Systems (KB2536275)
  • Security Update for Windows Vista (KB2536275)
  • Security Update for Windows Server 2008 x64 Edition (KB2536275)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Server 2008 (KB2536275)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-048.mspx
MS11-049
Severity Rating: Important
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

Description:

This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. This security update is rated Important for all supported editions of Microsoft InfoPath 2007 and Microsoft InfoPath 2010; all supported editions of SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2; and all supported editions of Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, and Microsoft Visual Studio 2010.

Included Updates:

  • Security Update for SQL Server 2008 R2 (KB2494086)
  • Security Update for SQL Server 2008 R2 (KB2494088)
  • Security Update for Microsoft Office InfoPath 2007 (KB2510061)
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 32-Bit Edition
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 64-Bit Edition
  • Security Update for Microsoft Visual Studio 2010 XML Editor (KB2251489)
  • Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487)
  • Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494094)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494089)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494100)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494096)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494113)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494113)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
MS11-050
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (2530548)

Description:

This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 on Windows clients, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Moderate for Internet Explorer 6 on Windows servers.

Included Updates:

  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2530548)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx
MS11-051
Severity Rating: Important
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

Description:

This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. This security update is rated Important for all supported editions, except Itanium, of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 (KB2518295)
  • Security Update for Windows Server 2003 x64 Edition (KB2518295)
  • Security Update for Windows Server 2003 (KB2518295)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx
MS11-052
Severity Rating: Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

Description:

This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

Included Updates:

  • Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 (KB2544521)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx

New Security Updates Supported:

  • MS11-037Vulnerability in MHTML Could Allow Information Disclosure (2544893)
  • MS11-038Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
  • MS11-039Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
  • MS11-040Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
  • MS11-041Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
  • MS11-042Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
  • MS11-043Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
  • MS11-044Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
  • MS11-045Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
  • MS11-046Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
  • MS11-047Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
  • MS11-048Vulnerability in SMB Server Could Allow Denial of Service (2536275)
  • MS11-049Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
  • MS11-050Cumulative Security Update for Internet Explorer (2530548)
  • MS11-051Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
  • MS11-052Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)


More Information:


MS11-037
Severity Rating: Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)

Description:

This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker’s web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. This security update is rated Important for all supported editions of Windows XP, Windows Vista, and Windows 7, and is rated Low for all supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2544893)
  • Security Update for Windows XP (KB2544893)
  • Security Update for Windows Vista for x64-based Systems (KB2544893)
  • Security Update for Windows Vista (KB2544893)
  • Security Update for Windows Server 2008 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 (KB2544893)
  • Security Update for Windows Server 2003 x64 Edition (KB2544893)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2003 (KB2544893)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2544893)
  • Security Update for Windows Embedded Standard 7 (KB2544893)
  • Security Update for Windows 7 for x64-based Systems (KB2544893)
  • Security Update for Windows 7 (KB2544893)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-037.mspx


MS11-038
Severity Rating: Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. This security update is rated Critical for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2476490)
  • Security Update for Windows XP (KB2476490)
  • Security Update for Windows Vista for x64-based Systems (KB2476490)
  • Security Update for Windows Vista (KB2476490)
  • Security Update for Windows Server 2008 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 (KB2476490)
  • Security Update for Windows Server 2003 x64 Edition (KB2476490)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2003 (KB2476490)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2476490)
  • Security Update for Windows Embedded Standard 7 (KB2476490)
  • Security Update for Windows 7 for x64-based Systems (KB2476490)
  • Security Update for Windows 7 (KB2476490)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-038.mspx


MS11-039
Severity Rating: Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

Description:

This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Microsoft Silverlight 4.

Included Updates:

  • Security Update for Microsoft Silverlight (KB2512827)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478658)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2478657)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2478657)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2478657)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2478663)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2478660)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478656)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx


MS11-040
Severity Rating: Critical
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

Description:

This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used. This security update is rated Critical for Microsoft Forefront Threat Management Gateway 2010 Client.

Included Updates:

  • Security Update for Forefront TMG Client (KB 2520426)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx


MS11-041
Severity Rating: Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. This security update is rated Critical for all supported editions, except for 32-bit editions, of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Important for all supported editions, except for 32-bit editions, of Windows XP and Windows Server 2003.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Vista for x64-based Systems (KB2525694)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2525694)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Server 2008 x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2525694)
  • Security Update for Windows 7 for x64-based Systems (KB2525694)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-041.mspx


MS11-042
Severity Rating: Critical
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

Description:

This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003, and is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Vista for x64-based Systems (KB2535512)
  • Security Update for Windows Vista (KB2535512)
  • Security Update for Windows Server 2008 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 (KB2535512)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2535512)
  • Security Update for Windows Embedded Standard 7 (KB2535512)
  • Security Update for Windows 7 for x64-based Systems (KB2535512)
  • Security Update for Windows 7 (KB2535512)
  • Security Update for Windows XP x64 Edition (KB2535512)
  • Security Update for Windows XP (KB2535512)
  • Security Update for Windows Server 2003 x64 Edition (KB2535512)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2003 (KB2535512)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx


MS11-043
Severity Rating: Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. This security update is rated Critical for all supported releases of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2536276)
  • Security Update for Windows XP (KB2536276)
  • Security Update for Windows Vista for x64-based Systems (KB2536276)
  • Security Update for Windows Vista (KB2536276)
  • Security Update for Windows Server 2008 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 (KB2536276)
  • Security Update for Windows Server 2003 x64 Edition (KB2536276)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2003 (KB2536276)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536276)
  • Security Update for Windows Embedded Standard 7 (KB2536276)
  • Security Update for Windows 7 for x64-based Systems (KB2536276)
  • Security Update for Windows 7 (KB2536276)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-043.mspx


MS11-044
Severity Rating: Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

Description:

This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2518863)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2530095)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2518870)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2518865)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2518864)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx


MS11-045
Severity Rating: Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

Description:

This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, “Disable Edit in Protected View for Excel 2010,” available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. This security update is rated Important for all supported editions of Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; Open XML File Format Converter for Mac; and all supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.

Included Updates:

  • Security Update for Microsoft Excel 2002 (KB2541003)
  • Security Update for Microsoft Excel 2010 (KB2523021), 64-Bit Edition
  • Security Update for Microsoft Excel 2010 (KB2523021), 32-Bit Edition
  • Security Update for Microsoft Office Excel 2007 (KB2541007)
  • Security Update for the 2007 Microsoft Office System (KB2541012)
  • Security Update for Microsoft Office Excel Viewer (KB2541015)
  • Security Update for Microsoft Office Excel 2003 (KB2541025)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-045.mspx


MS11-046
Severity Rating: Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

Description:

This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. This security update is rated Important for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2503665)
  • Security Update for Windows XP (KB2503665)
  • Security Update for Windows Vista for x64-based Systems (KB2503665)
  • Security Update for Windows Vista (KB2503665)
  • Security Update for Windows Server 2008 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 (KB2503665)
  • Security Update for Windows Server 2003 x64 Edition (KB2503665)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2003 (KB2503665)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2503665)
  • Security Update for Windows Embedded Standard 7 (KB2503665)
  • Security Update for Windows 7 for x64-based Systems (KB2503665)
  • Security Update for Windows 7 (KB2503665)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-046.mspx


MS11-047
Severity Rating: Important
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

Description:

This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2525835)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525835)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-047.mspx


MS11-048
Severity Rating: Important
Vulnerability in SMB Server Could Allow Denial of Service (2536275)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536275)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Embedded Standard 7 (KB2536275)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536275)
  • Security Update for Windows 7 for x64-based Systems (KB2536275)
  • Security Update for Windows 7 (KB2536275)
  • Security Update for Windows Vista for x64-based Systems (KB2536275)
  • Security Update for Windows Vista (KB2536275)
  • Security Update for Windows Server 2008 x64 Edition (KB2536275)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Server 2008 (KB2536275)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-048.mspx


MS11-049
Severity Rating: Important
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

Description:

This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. This security update is rated Important for all supported editions of Microsoft InfoPath 2007 and Microsoft InfoPath 2010; all supported editions of SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2; and all supported editions of Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, and Microsoft Visual Studio 2010.

Included Updates:

  • Security Update for SQL Server 2008 R2 (KB2494086)
  • Security Update for SQL Server 2008 R2 (KB2494088)
  • Security Update for Microsoft Office InfoPath 2007 (KB2510061)
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 32-Bit Edition
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 64-Bit Edition
  • Security Update for Microsoft Visual Studio 2010 XML Editor (KB2251489)
  • Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487)
  • Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494094)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494089)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494100)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494096)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494113)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494113)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx


MS11-050
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (2530548)

Description:

This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 on Windows clients, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Moderate for Internet Explorer 6 on Windows servers.

Included Updates:

  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2530548)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx


MS11-051
Severity Rating: Important
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

Description:

This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. This security update is rated Important for all supported editions, except Itanium, of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 (KB2518295)
  • Security Update for Windows Server 2003 x64 Edition (KB2518295)
  • Security Update for Windows Server 2003 (KB2518295)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx


MS11-052
Severity Rating: Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

Description:

This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

Included Updates:

  • Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows XP (KB2544521)

New Security Updates Supported:

  • MS11-037Vulnerability in MHTML Could Allow Information Disclosure (2544893)
  • MS11-038Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
  • MS11-039Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
  • MS11-040Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
  • MS11-041Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
  • MS11-042Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
  • MS11-043Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
  • MS11-044Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
  • MS11-045Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
  • MS11-046Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
  • MS11-047Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
  • MS11-048Vulnerability in SMB Server Could Allow Denial of Service (2536275)
  • MS11-049Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
  • MS11-050Cumulative Security Update for Internet Explorer (2530548)
  • MS11-051Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
  • MS11-052Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

More Information:
MS11-037
Severity Rating: Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)

Description:

This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker’s web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. This security update is rated Important for all supported editions of Windows XP, Windows Vista, and Windows 7, and is rated Low for all supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2544893)
  • Security Update for Windows XP (KB2544893)
  • Security Update for Windows Vista for x64-based Systems (KB2544893)
  • Security Update for Windows Vista (KB2544893)
  • Security Update for Windows Server 2008 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2544893)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2008 (KB2544893)
  • Security Update for Windows Server 2003 x64 Edition (KB2544893)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2544893)
  • Security Update for Windows Server 2003 (KB2544893)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2544893)
  • Security Update for Windows Embedded Standard 7 (KB2544893)
  • Security Update for Windows 7 for x64-based Systems (KB2544893)
  • Security Update for Windows 7 (KB2544893)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-037.mspx
MS11-038
Severity Rating: Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. This security update is rated Critical for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2476490)
  • Security Update for Windows XP (KB2476490)
  • Security Update for Windows Vista for x64-based Systems (KB2476490)
  • Security Update for Windows Vista (KB2476490)
  • Security Update for Windows Server 2008 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2476490)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2008 (KB2476490)
  • Security Update for Windows Server 2003 x64 Edition (KB2476490)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2476490)
  • Security Update for Windows Server 2003 (KB2476490)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2476490)
  • Security Update for Windows Embedded Standard 7 (KB2476490)
  • Security Update for Windows 7 for x64-based Systems (KB2476490)
  • Security Update for Windows 7 (KB2476490)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-038.mspx
MS11-039
Severity Rating: Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)

Description:

This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Microsoft Silverlight 4.

Included Updates:

  • Security Update for Microsoft Silverlight (KB2512827)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478658)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2478657)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2478657)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2478657)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2478663)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2478662)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2478661)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2478660)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2478660)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2478659)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2478656)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2478656)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
MS11-040
Severity Rating: Critical
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)

Description:

This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used. This security update is rated Critical for Microsoft Forefront Threat Management Gateway 2010 Client.

Included Updates:

  • Security Update for Forefront TMG Client (KB 2520426)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx
MS11-041
Severity Rating: Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. This security update is rated Critical for all supported editions, except for 32-bit editions, of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Important for all supported editions, except for 32-bit editions, of Windows XP and Windows Server 2003.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Vista for x64-based Systems (KB2525694)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2525694)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525694)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2525694)
  • Security Update for Windows Server 2008 x64 Edition (KB2525694)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2525694)
  • Security Update for Windows 7 for x64-based Systems (KB2525694)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-041.mspx
MS11-042
Severity Rating: Critical
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

Description:

This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003, and is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Vista for x64-based Systems (KB2535512)
  • Security Update for Windows Vista (KB2535512)
  • Security Update for Windows Server 2008 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2535512)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2008 (KB2535512)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2535512)
  • Security Update for Windows Embedded Standard 7 (KB2535512)
  • Security Update for Windows 7 for x64-based Systems (KB2535512)
  • Security Update for Windows 7 (KB2535512)
  • Security Update for Windows XP x64 Edition (KB2535512)
  • Security Update for Windows XP (KB2535512)
  • Security Update for Windows Server 2003 x64 Edition (KB2535512)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2535512)
  • Security Update for Windows Server 2003 (KB2535512)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx
MS11-043
Severity Rating: Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. This security update is rated Critical for all supported releases of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2536276)
  • Security Update for Windows XP (KB2536276)
  • Security Update for Windows Vista for x64-based Systems (KB2536276)
  • Security Update for Windows Vista (KB2536276)
  • Security Update for Windows Server 2008 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536276)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2008 (KB2536276)
  • Security Update for Windows Server 2003 x64 Edition (KB2536276)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2536276)
  • Security Update for Windows Server 2003 (KB2536276)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536276)
  • Security Update for Windows Embedded Standard 7 (KB2536276)
  • Security Update for Windows 7 for x64-based Systems (KB2536276)
  • Security Update for Windows 7 (KB2536276)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-043.mspx
MS11-044
Severity Rating: Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

Description:

This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. This security update is rated Critical for all affected releases of Microsoft .NET Framework for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 for x64-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5 and Windows Server 2008 for Itanium-based Systems (KB2518863)
  • Security Update for .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 x86 (KB2518863)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 for Itanium-based Systems (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2530095)
  • Security Update for .NET Framework 3.5 on Windows Server 2003 and Windows XP for x64-based Systems (KB2530095)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870)
  • Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for Itanium-based Systems (KB2518870)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2518869)
  • Security Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2518867)
  • Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866)
  • Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 for x64-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 and Windows Server 2008 SP2 for Itanium-based Systems (KB2518866)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 for x64-based Systems (KB2518865)
  • Security Update for .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems (KB2518865)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 for Itanium-based Systems (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
  • Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2518864)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
MS11-045
Severity Rating: Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

Description:

This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, “Disable Edit in Protected View for Excel 2010,” available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. This security update is rated Important for all supported editions of Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; Open XML File Format Converter for Mac; and all supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.

Included Updates:

  • Security Update for Microsoft Excel 2002 (KB2541003)
  • Security Update for Microsoft Excel 2010 (KB2523021), 64-Bit Edition
  • Security Update for Microsoft Excel 2010 (KB2523021), 32-Bit Edition
  • Security Update for Microsoft Office Excel 2007 (KB2541007)
  • Security Update for the 2007 Microsoft Office System (KB2541012)
  • Security Update for Microsoft Office Excel Viewer (KB2541015)
  • Security Update for Microsoft Office Excel 2003 (KB2541025)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-045.mspx
MS11-046
Severity Rating: Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

Description:

This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. This security update is rated Important for all supported versions of Microsoft Windows.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2503665)
  • Security Update for Windows XP (KB2503665)
  • Security Update for Windows Vista for x64-based Systems (KB2503665)
  • Security Update for Windows Vista (KB2503665)
  • Security Update for Windows Server 2008 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2503665)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2008 (KB2503665)
  • Security Update for Windows Server 2003 x64 Edition (KB2503665)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB2503665)
  • Security Update for Windows Server 2003 (KB2503665)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2503665)
  • Security Update for Windows Embedded Standard 7 (KB2503665)
  • Security Update for Windows 7 for x64-based Systems (KB2503665)
  • Security Update for Windows 7 (KB2503665)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-046.mspx
MS11-047
Severity Rating: Important
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)

Description:

This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2525835)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2525835)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-047.mspx
MS11-048
Severity Rating: Important
Vulnerability in SMB Server Could Allow Denial of Service (2536275)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2536275)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Embedded Standard 7 (KB2536275)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2536275)
  • Security Update for Windows 7 for x64-based Systems (KB2536275)
  • Security Update for Windows 7 (KB2536275)
  • Security Update for Windows Vista for x64-based Systems (KB2536275)
  • Security Update for Windows Vista (KB2536275)
  • Security Update for Windows Server 2008 x64 Edition (KB2536275)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2536275)
  • Security Update for Windows Server 2008 (KB2536275)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-048.mspx
MS11-049
Severity Rating: Important
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

Description:

This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. This security update is rated Important for all supported editions of Microsoft InfoPath 2007 and Microsoft InfoPath 2010; all supported editions of SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2; and all supported editions of Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, and Microsoft Visual Studio 2010.

Included Updates:

  • Security Update for SQL Server 2008 R2 (KB2494086)
  • Security Update for SQL Server 2008 R2 (KB2494088)
  • Security Update for Microsoft Office InfoPath 2007 (KB2510061)
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 32-Bit Edition
  • Security Update for Microsoft InfoPath 2010 (KB2510065), 64-Bit Edition
  • Security Update for Microsoft Visual Studio 2010 XML Editor (KB2251489)
  • Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487)
  • Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494094)
  • Security Update for SQL Server 2008 Service Pack 2 (KB2494089)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494100)
  • Security Update for SQL Server 2008 Service Pack 1 (KB2494096)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2546869)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494123)
  • Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 4 (KB2494120)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494112)
  • Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494113)
  • Security Update for SQL Server 2005 Service Pack 3 (KB2494113)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
MS11-050
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (2530548)

Description:

This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 on Windows clients, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Moderate for Internet Explorer 6 on Windows servers.

Included Updates:

  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows Embedded Standard 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2530548)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2530548)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx
MS11-051
Severity Rating: Important
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

Description:

This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. This security update is rated Important for all supported editions, except Itanium, of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Included Updates:

  • Security Update for Windows Server 2008 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2518295)
  • Security Update for Windows Server 2008 (KB2518295)
  • Security Update for Windows Server 2003 x64 Edition (KB2518295)
  • Security Update for Windows Server 2003 (KB2518295)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx
MS11-052
Severity Rating: Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

Description:

This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

Included Updates:

  • Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 (KB2544521)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx

  • Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 8 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 8 for Windows 7 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista for x64-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Vista (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2008 (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 7 for Windows Server 2003 (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows XP (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB2544521)
  • Security Update for Internet Explorer 6 for Windows Server 2003 (KB2544521)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx

Software Updates – June 14, 2011

June 14, 2011

Security updates for the following applications have been released: Java Runtime Environment 6.0 x64 Update 26 Java Runtime Environment 6.0 Update 26 iTunes 10.3.1 for Windows For devices part of PCSentry’s automatic update process, applicable security updates will be automatically downloaded and installed according to the following schedule: TEST devices on Wednesday, June 16, 2011 [...]

Read the full article →

Mac to join the malware party!

May 17, 2011

Bad news for Mac users: the first construction kit for Mac OS X Trojans has appeared. That comes just as Microsoft released a report showing that Windows 7 is far safer than previous versions of Windows. So while it’s true that the Mac is still safer than a PC, the security difference between them has [...]

Read the full article →

Software Update Alert – May 16, 2011

May 16, 2011

New Software Updates Available Security updates for the following applications have been released: Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.3.181.14 for Firefox, Safari, Opera Google Chrome 11.0.696.68 – Stable channel – System level install For devices part of PCSentry’s automatic update process, applicable security updates will be automatically downloaded and installed to TEST devices [...]

Read the full article →

Fake AV makers, scammers exploit Bin Laden news

May 3, 2011

As is the case with most big news stories, hackers know people will be searching the net for news articles, pictures, videos, etc.  They use various techniques including search engine optimization to lure users to sites with infected content.  Once there, the hackers either use malicious files that scan computers for vulnerabilities to exploit, or [...]

Read the full article →

Software Update Alert – April 27, 2011

April 27, 2011

Security updates for the following applications have been released: Adobe Acrobat Pro and Standard 10.0.3 Adobe Acrobat Pro and Standard 9.4.4 Adobe Reader 9.4.4 Java Runtime Environment 6.0 x64 Update 25 Java Runtime Environment 6.0 Update 25 Skype 5.3.0.111 For devices part of PCSentry’s automatic update process, applicable security updates will be automatically downloaded and [...]

Read the full article →

Get ready for Windows 64

April 8, 2011

Microsoft announced today they are breaking the record for the most bugs fixed on a patch Tuesday.  Microsoft security updates being delivered on Tuesday, April 12 will include fixes for 64 issues…enjoy! More information about the specific updates can be found in the Microsoft Security Bulletin

Read the full article →

Adobe Flash zero-day bug used to gain access to RSA

April 4, 2011

Computerworld – Last month’s hack of RSA Security began with an exploit of a then-unpatched vulnerability in Adobe Flash Player, the company confirmed Friday. Attackers gained access to the RSA network by sending two small groups of RSA employees emails with attached Excel spreadsheets, according to RSA, which is the security division of EMC. One [...]

Read the full article →

March 28, 2011 Security Updates

March 31, 2011

The following Application Security updates have been released. Adobe Acrobat 10.0.2 Pro and Standard Adobe Acrobat 9.4.3 Pro and Standard Adobe Air 2.6.0.19120 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.153.1 for Firefox, Safari, Opera Adobe Reader 9.4.3 Mozilla Firefox 3.6.16 Mozilla Firefox 4.0 Skype 5.2.0.113 For any devices that are part of PCSentry’s automatic [...]

Read the full article →