Microsoft Security Bulletin: April 2011 Release

This week is a big week for security updates as we are releasing 17 new security bulletins. Please see the details below and apply where needed in your environments.

New Security Bulletins

Microsoft is releasing the following 17 new security bulletins for newly discovered vulnerabilities:

Bulletin ID	Bulletin Title	Maximum Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software
MS11-018	Cumulative Security Update for Internet Explorer (2497640)	Critical	Remote Code Execution	Requires restart	Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-019	Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)	Critical	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-020	Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)	Critical	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-021	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)	Important	Remote Code Execution	May require restart	Microsoft Excel 2002, Excel 2003, Excel 2007, Excel 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
MS11-022	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)	Important	Remote Code Execution	May require restart	Microsoft PowerPoint 2002, PowerPoint 2003, PowerPoint 2007, PowerPoint 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, PowerPoint Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and PowerPoint Web App.
MS11-023	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)	Important	Remote Code Execution	May require restart	Microsoft Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac.
MS11-024	Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)	Important	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-025	Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)	Important	Remote Code Execution	May require restart	Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual C++ 2005 SP1 Redistributable Package, Visual C++ 2008 SP1 Redistributable Package, and Visual C++ 2010 Redistributable Package.
MS11-026	Vulnerability in MHTML Could Allow Information Disclosure (2503658)	Important	Information Disclosure	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-027	Cumulative Security Update of ActiveX Kill Bits (2508272)	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-028	Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-029	Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office XP.
MS11-030	Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)	Critical	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-031	Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-032	Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)	Critical	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-033	Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)	Important	Remote Code Execution	May require restart	Microsoft Windows XP and Windows Server 2003.
MS11-034	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Summaries for new bulletin(s) may be found at https://www.microsoft.com/technet/security/bulletin/MS11-apr.mspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Centre. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.

Jeffa

Technorati Tags: Patching,Updates,Security Bulletins