12345

5/11/2011

Microsoft Security Bulletin Summary for May 2011

1. Introduction

Microsoft (MS) regular security updates were released for May 2011.
This update is strongly recommended users to be safe from the vulnerabilities through updating Windows OS security Update for WINS vulnerability, Microsoft PowerPoint vulnerability.

Microsoft Security Bulletin Summary for May 2011
http://www.microsoft.com/technet/security/bulletin/ms11-may.mspx

2. Updates details

[Critical]
[MS11-035] Vulnerability in WINS Could Allow Remote Code Execution (2524426)

Vulnerability: WINS Service Failed Response Vulnerability - CVE-2011-1248

This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
This security update is rated Critical for servers running supported editions of Windows Server 2003, Windows Server 2008 (except Itanium), and Windows Server 2008 R2 (except Itanium), on which WINS is installed. For more information, see the subsection, Affected and Non-Affected Software, in this section.

◈ Affected Software

- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems and Windows Server 2008  for x64-based Systems SP2
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2
   for x64-based Systems SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx



[Important]
[MS11-036] Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)

Vulnerability:Presentation Memory Corruption RCE Vulnerability - CVE-2011-1269
          Presentation Buffer Overrun RCE Vulnerability - CVE-2011-1270

This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors.

This security update is rated Important for all supported editions of Microsoft PowerPoint 2002, Microsoft PowerPoint 2003, Microsoft PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac. The security update is also rated Important for all supported versions of Open XML File Format Converter for Mac and Microsoft Office Compatibility Pack. For more information, see the subsection, Affected and Non-Affected Software, in this section.

◈ Affected Software

- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP 2

- Reference site

http://www.microsoft.com/technet/security/Bulletin/MS11-036.mspx

1 comment:

  1. Hi there! I simply want to offer you a huge thumbs up for your great information you have right here on this post.I will be coming back to your site for more soon.
    Tableau Guru
    http://www.sqiar.com/services/tableau-software-consultants

    ReplyDelete