- Joined
- Jun 27, 2006
- Location
- Chicago, IL
Hello all --
Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:
In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on MS11-015:
As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 Error
Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).
Link Removed due to 404 Error
More information about this month's security updates can be found on the Microsoft Security Bulletin Link Removed due to 404 Error.
As we often do in the wake of a Service Pack release, we've gotten deployment questions about Windows 7 SP1. To assist customers in that process, our TechNet site has posted an SP1 deployment guide to aid you in testing and deployment. You'll also find release notes and links to handy information -- for example, a spreadsheet that contains a list of all the hotfixes and security updates that are included in the Service Pack -- as well as information on new features and functionality.
We'd also like to update you on Link Removed due to 404 Error, which describes an MHTML-related vulnerability in Microsoft Windows. Microsoft is actively monitoring the threat landscape in conjunction with our Link Removed due to 404 Error (MAPP) partners. We are currently working to provide a solution through our monthly security update release process and will continue to monitor the issue as we prepare that.
Finally, we mentioned previously that changes are coming to the system we use for publishing our bulletins and security advisories. We still expect those changes to go live in June of this year. The main impact to customers will be a URL change from microsoft.com/technet/security to technet.microsoft.com/security. We are planning to have both the old and new sites available simultaneously for a period of time.
Please join the monthly technical webcast with your hosts, Jerry Bryant and Dustin Childs, to learn more about the March 2011 security bulletins. The webcast is scheduled for Wednesday, March 9, 2011 at 11:00 a.m. PST (UTC -8). Registration is available Link Removed - Invalid URL.
For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.
Thanks,
Angela Gunn
Trustworthy Computing.
Link Removed due to 404 Error
More...
Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:
- Link Removed due to 404 Error. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1. Due to the nature of the affected software, this bulletin carries a Critical-level severity rating for all affected client systems, but only an Important-level rating for Windows Server 2008 R2 for x64. Other versions of Windows Server - 2003, 2008 and 2008 R2 - are unaffected. For both the Critical- and Important-level vulnerabilities, an attacker would have to convince a user to open a maliciously crafted file for an attack to work.
- Link Removed due to 404 Error is a DLL-preloading issue affecting Microsoft Groove 2007 Service Pack 2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is Microsoft SharePoint Workspace 2010.
- Link Removed due to 404 Error is also a DLL-preloading issue, in this instance in Microsoft Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client.
In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on MS11-015:
As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 Error
Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).
Link Removed due to 404 Error
More information about this month's security updates can be found on the Microsoft Security Bulletin Link Removed due to 404 Error.
As we often do in the wake of a Service Pack release, we've gotten deployment questions about Windows 7 SP1. To assist customers in that process, our TechNet site has posted an SP1 deployment guide to aid you in testing and deployment. You'll also find release notes and links to handy information -- for example, a spreadsheet that contains a list of all the hotfixes and security updates that are included in the Service Pack -- as well as information on new features and functionality.
We'd also like to update you on Link Removed due to 404 Error, which describes an MHTML-related vulnerability in Microsoft Windows. Microsoft is actively monitoring the threat landscape in conjunction with our Link Removed due to 404 Error (MAPP) partners. We are currently working to provide a solution through our monthly security update release process and will continue to monitor the issue as we prepare that.
Finally, we mentioned previously that changes are coming to the system we use for publishing our bulletins and security advisories. We still expect those changes to go live in June of this year. The main impact to customers will be a URL change from microsoft.com/technet/security to technet.microsoft.com/security. We are planning to have both the old and new sites available simultaneously for a period of time.
Please join the monthly technical webcast with your hosts, Jerry Bryant and Dustin Childs, to learn more about the March 2011 security bulletins. The webcast is scheduled for Wednesday, March 9, 2011 at 11:00 a.m. PST (UTC -8). Registration is available Link Removed - Invalid URL.
For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.
Thanks,
Angela Gunn
Trustworthy Computing.
Link Removed due to 404 Error
More...
