DP's Security Bits

Issued: July 27, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-027 - Critical
* MS09-035 - Moderate

Bulletin Information:

* MS11-027 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx
- Reason for Revision: V1.1 (July 27, 2011): Added class
identifiers for the Microsoft WMITools ActiveX Control
described in this bulletin's vulnerability section for
CVE-2010-3973. This is an informational change only.
Customers who have already applied the "Prevent COM objects
from running in Internet Explorer" workaround for this
vulnerability should reapply this workaround with the
additional class identifiers.
- Originally posted: April 12, 2011
- Updated: July 27, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-035 - Moderate

- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Reason for Revision: V3.1 (July 27, 2011): Corrected the update
verification information for Microsoft Visual C++ 2005
Service Pack 1 Redistributable Package, Microsoft Visual C++
2008 Redistributable Package, and Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package. Removed the registry
key information in favor of product codes. This is an
informational change only.
- Originally posted: July 28, 2009
- Updated: July 27, 2011
- Bulletin Severity Rating: Moderate
- Version: 3.1

Issued: July 21, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-056 - Important

Bulletin Information:

* MS11-056 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx
- Reason for Revision: V1.1 (July 21, 2011): Added a link to
Microsoft Knowledge Base Article 2507938 under Known Issues
in the Executive Summary.
- Originally posted: July 12, 2011
- Updated: July 21, 2011
- Bulletin Severity Rating: Important
- Version: 1.1

Event ID: 1032487855

Language(s):  English.
Product(s):  computer security and information security.
Audience(s):  IT Decision Maker and IT Generalist.

Join us for a brief overview of the technical details of the Microsoft security bulletins for July. We intend to address your concerns in this webcast; therefore, most of the webcast is devoted to attendees asking questions and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jul.mspx

Critical (1)

Microsoft Security Bulletin MS11-053
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
»www.microsoft.com/technet/securi···053.mspx

Important (3)

Microsoft Security Bulletin MS11-054
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
»www.microsoft.com/technet/securi···054.mspx

Microsoft Security Bulletin MS11-056
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
»www.microsoft.com/technet/securi···056.mspx

Microsoft Security Bulletin MS11-055
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
»www.microsoft.com/technet/securi···055.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Microsoft Security Bulletin Advance Notification issued: July 7, 2011
Microsoft Security Bulletins to be issued: July 12, 2011

This is an advance notification of Four (4) security bulletins that Microsoft is intending to release on July 12, 2011.
1 rated as Critical and 3 with a rating of Important

http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

Issued: July 6, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2524375)
- Title: Fraudulent Digital Certificates Could Allow Spoofing
- http://www.microsoft.com/technet/security/advisory/2524375.mspx
- Revision Note: V5.0 (July 6, 2011): Announced the release
of an update for Zune HD devices and moved Zune devices to
the Non-Affected Devices table.