Hello everyone,
Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office.
Link Removed due to 404 Error is the sole Critical bulletin this month, and we recommend customers prioritize this bulletin. Microsoft always encourages customers to test and deploy all bulletins as soon as possible, and we have offered a broad overview of both bulletins below:
MS11-035 (WINS or Windows Internet Name Server): This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually install this component are affected by this issue and will be offered the update.
MS11-036 (PowerPoint): This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted malicious PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as a logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We’d also like to highlight that the Link Removed due to 404 Error, which is available by default for Office 2010, mitigates risk of the vulnerabilities addressed by MS11-036. Microsoft made Office File Validation available to Microsoft Office 2003 and Microsoft Office 2007 customers starting last month, to help protect more customers worldwide.
In this video, Jerry Bryant discusses this month's bulletins in further detail:
Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 ErrorLink Removed due to 404 Error
Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view). Per our announcement during Advance Notification, note that the Index now includes an additional column that provides more comprehensive exploitability information for Microsoft’s newest platforms.
Link Removed due to 404 ErrorLink Removed due to 404 Error
More information about this month's security updates can be found on the Microsoft Security Bulletin Link Removed due to 404 Error
Additionally, Dustin Childs and I will offer the monthly technical webcast on Wednesday, and I invite you to tune in and learn more about the new security bulletin releases. The webcast is scheduled for Wednesday, May 11, 2011 at 11 a.m. PDT, and the registration can be found Link Removed - Invalid URL.
Also, as a side note, you’ll want to stay tuned for information on the latest version of Microsoft’s Security Intelligence Report volume 10. For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Thank you,
Pete Voss
Sr. Response Communications Manager
Microsoft Trustworthy Computing
Link Removed due to 404 Error
More...
Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office.
Link Removed due to 404 Error is the sole Critical bulletin this month, and we recommend customers prioritize this bulletin. Microsoft always encourages customers to test and deploy all bulletins as soon as possible, and we have offered a broad overview of both bulletins below:
MS11-035 (WINS or Windows Internet Name Server): This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually install this component are affected by this issue and will be offered the update.
MS11-036 (PowerPoint): This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted malicious PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as a logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We’d also like to highlight that the Link Removed due to 404 Error, which is available by default for Office 2010, mitigates risk of the vulnerabilities addressed by MS11-036. Microsoft made Office File Validation available to Microsoft Office 2003 and Microsoft Office 2007 customers starting last month, to help protect more customers worldwide.
In this video, Jerry Bryant discusses this month's bulletins in further detail:
Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 ErrorLink Removed due to 404 Error
Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view). Per our announcement during Advance Notification, note that the Index now includes an additional column that provides more comprehensive exploitability information for Microsoft’s newest platforms.
Link Removed due to 404 ErrorLink Removed due to 404 Error
More information about this month's security updates can be found on the Microsoft Security Bulletin Link Removed due to 404 Error
Additionally, Dustin Childs and I will offer the monthly technical webcast on Wednesday, and I invite you to tune in and learn more about the new security bulletin releases. The webcast is scheduled for Wednesday, May 11, 2011 at 11 a.m. PDT, and the registration can be found Link Removed - Invalid URL.
Also, as a side note, you’ll want to stay tuned for information on the latest version of Microsoft’s Security Intelligence Report volume 10. For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Thank you,
Pete Voss
Sr. Response Communications Manager
Microsoft Trustworthy Computing
Link Removed due to 404 Error
More...
