DP's Security Bits

Issued: June 30, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-046 - Important

Bulletin Information:

* MS11-046 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-046.mspx
- Reason for Revision: V1.1 (June 30, 2011): Corrected the Affected
Software table to include MS10-058 as a bulletin replaced by
this update. This is an informational change only. There were
no changes to the security update files or detection logic.
- Originally posted: June 14, 2011
- Updated: June 30, 2011
- Bulletin Severity Rating: Important
- Version: 1.1

Issued: June 30, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2501584)
- Title: Release of Microsoft Office File Validation
for Microsoft Office
- http://www.microsoft.com/technet/security/advisory/2501584.mspx
- Revision Note: V2.0 (June 30, 2011): Announced that the
Office File Validation Add-in described in Microsoft
Knowledge Base Article 2501584 is available through the
Microsoft Update service.

Issued: June 22, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-043 - Critical
* MS11-028 - Critical

Bulletin Information:

* MS11-049 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
- Reason for Revision: V1.3 (June 22, 2011): Corrected the bulletin
replacement information for Microsoft InfoPath 2007 and the
Systems Management Server detection information for SQL
Server. This is a bulletin change only. There were no changes
to the detection or security update files.
- Originally posted: June 14, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Important
- Version: 1.3

* MS11-043 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
- Reason for Revision: V1.1 (June 22, 2011): Added a link to
Microsoft Knowledge Base Article 2536276 under Known Issues
in the Executive Summary.
- Originally posted: June 14, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS11-028 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx
- Reason for Revision: V2.2 (June 22, 2011): Corrected the bulletin
replacement information. This is a bulletin change only.
There were no changes to the detection or security update files.
- Originally posted: April 12, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Critical
- Version: 2.2

Issued: June 14, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-042 - Critical

Bulletin Information:

* MS11-049 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
- Reason for Revision: V1.1 (June 14, 2011): V1.1 (June 14, 2011):
Removed erroneous entries from Non-Affected Software table.
- Originally posted: June 14, 2011
- Updated: June 14, 2011
- Bulletin Severity Rating: Important
- Version: 1.1

* MS11-042 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-042.mspx
- Reason for Revision: V1.1 (June 14, 2011): Moved Windows 7 for
32-bit Systems Service Pack 1, Windows 7 for x64-based
Systems Service Pack 1, Windows Server 2008 R2 for x64-based
Systems Service Pack 1, and Windows Server 2008 R2 for
Itanium-based Systems Service Pack 1 from the affected
software table to the non-affected software table. This is an
informational change only. There were no changes to the
security update files or detection logic.
- Originally posted: June 14, 2011
- Updated: June 14, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

Issued: June 14, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-036 - Important
* MS11-028 - Critical

Bulletin Information:

* MS11-036 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-036.mspx
- Reason for Revision: V1.2 (June 14, 2011): Announced that the
updates for Microsoft Office for Mac, which were not
available when the bulletin was originally published, are now
available in bulletin MS11-045. Also, for both
vulnerabilities addressed by this bulletin, corrected
erroneous registry script entries in the workarounds for
setting Office File Validation to disable the opening of
files that fail validation.
- Originally posted: May 10, 2011
- Updated: June 14, 2011
- Bulletin Severity Rating: Important
- Version: 1.2

* MS11-028 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx
- Reason for Revision: V2.1 (June 14, 2011): Added an update FAQ to
announce a detection change that corrects the replaced
bulletin for Microsoft .NET Framework 3.5.1 on supported
editions of Windows 7 and Windows Server 2008 R2. This is a
detection change only. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: April 12, 2011
- Updated: June 14, 2011
- Bulletin Severity Rating: Critical
- Version: 2.1

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jun.mspx

Critical (9)

Microsoft Security Bulletin MS11-038
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
»www.microsoft.com/technet/securi···038.mspx

Microsoft Security Bulletin MS11-039
»wVulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)ww.microsoft.com/technet/security/bulletin/ms11-039.mspx

Microsoft Security Bulletin MS11-040
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
»www.microsoft.com/technet/securi···040.mspx

Microsoft Security Bulletin MS11-041
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
»www.microsoft.com/technet/securi···041.mspx

Microsoft Security Bulletin MS11-042
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
»www.microsoft.com/technet/securi···042.mspx

Microsoft Security Bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
»www.microsoft.com/technet/securi···043.mspx

Microsoft Security Bulletin MS11-044
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
»www.microsoft.com/technet/securi···044.mspx

Microsoft Security Bulletin MS11-050
Cumulative Security Update for Internet Explorer (2530548)
»www.microsoft.com/technet/securi···050.mspx

Microsoft Security Bulletin MS11-052
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
»www.microsoft.com/technet/securi···052.mspx

Important (7)

Microsoft Security Bulletin MS11-037
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
»www.microsoft.com/technet/securi···037.mspx

Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
»www.microsoft.com/technet/securi···045.mspx

Microsoft Security Bulletin MS11-046
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
»www.microsoft.com/technet/securi···046.mspx

Microsoft Security Bulletin MS11-047
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
»www.microsoft.com/technet/securi···047.mspx

Microsoft Security Bulletin MS11-048
Vulnerability in SMB Server Could Allow Denial of Service (2536275)
»www.microsoft.com/technet/securi···048.mspx

Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
»www.microsoft.com/technet/securi···049.mspx

Microsoft Security Bulletin MS11-051
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
»www.microsoft.com/technet/securi···051.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Microsoft Security Bulletin Advance Notification issued: June 9, 2011
Microsoft Security Bulletins to be issued: June 14, 2011

This is an advance notification of 16 security bulletins that Microsoft is intending to release on June 14, 2011.
9 rated Critical and 7 rated Important

http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx