System administrators have no place to hide as Microsoft has released 17 security bulletins consisting fixes for 64 vulnerabilities in this month’s Patch Day. Out of all the released bulletins Nine are rated as Critical and rest eight as Important.

MS11-018/KB2497640 – Rated – Critical – This vulnerability affects IE6 – IE8, around five problems are fixed in this update out of which is publically disclosed and is effectively exploited.

Affects – Windows XP, Vista, Win7, 2008, 2008 R2

MS11-019/KB2511455 – Rated – Critical – This bulletin resolves two vulnerabilities found in Microsoft Windows out of both one is privately reported and other is publicly disclosed. Attackers can use malformed SMB client packets to perform remote code execution attacks.

Affects – Windows XP, Vista, Win7, 2008, 2008 R2

MS11-020/KB2508429 – Rated – Critical – This bulletin fixes the  same problem as the above reported the only difference is that this time server side is affected.

Affects – Windows XP, Vista, Win7, 2008, 2008 R2

MS11-021/KB2489279 – Rated – Important – This security update fixes nine vulnerabilities in Microsoft Office. All the exploits were privately reported. According to details if a specially crafted malformed Excle file is opened, it may cause a remote code execution attack.

Affects – Microsoft Office XP, 2007, 2010, Excel Viewer

MS11-022/KB2489283RatedImportant – Same type of remote code execution attack but this time the affected software is Powerpoint. This security update resolves three privately reported vulnerabilities in Microsoft Power Point.

Affects – Microsoft Office XP, 2007, 2010, PowerPoint Viewer

MS11-023/KB2489293 – Rated – Important – The security update fixes one publically and one privately reported vulnerabilities which could allow remote code execution. The problem is in file opening which can be exploited to open DLLs on network drivers and attack the system.

Affects – Microsoft Office XP, 2007, 2010, Excel Viewer

MS11-024/KB2491683 – Rated – Important – A remote code execution attack can be performed by using a malformed fax cover page file. As fax applications are not used often you can delay it’s implementation.

Affects – Microsoft Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-025/KB2500212 – Rated – Important – This update is about publically disclosed vulnerability in Microsoft Foundation Class (MFC) library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file.

Affects – Visual Studio 2003, VS 205, VS 2008, VS 2010, Visual C++ 2005 runtime files, Vicual C++ 2010, VC++ 2008 Redistribution.

MS11-026/KB2503658 – Rated – Important – This update fixes data discloser issue found in MHTML protocol handler. An attacker would have to convince users to visit the Web site and open the specially crafted link.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-027/KB2508272 – Rated – Critical – This vulnerability fixes three vulnerabilities out of which two are privately reported and one is publically disclosed one. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. This update also includes kill bits for three third-party ActiveX controls.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-028/KB2484015 – Rated – Critical – This update patches publically disclosed vulnerability in Microsoft .NET Framework. This vulnerability can be exploited with a specially crafted web page using a Web browser that can run XAML Browser Application.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-029/KB2412687 – Rated – Critical – This security update resolves privately reported vulnerability in Microsoft Windows GDI+. A remote code execution attack can be performed using malformed image file.

Affects – Windows XP, Vista, 2003, 2008

MS11-030/KB2509553 – Rated – Critical – This is really a critical patch which should be applied asap. This patch fixes issues with DNS lookups. The vulnerability is privately reported.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-031/KB2514666 – Rated – Critical – This security update resolves vulnerability found in Jscript and VBScript scripting engines. The privately reported vulnerability could allow remote code execution if a user visited a specially crafted Web site.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-032/KB2507618 – Rated – Critical – This security update patches privately reported vulnerability in OpenType font handling. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

MS11-033/KB2485663 – Rated – Important This privately reported vulnerability in Microsoft Windows can be exploited by opening a specially crafted wordpad file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affects –  Microsoft Windows XP , Windows 2003

MS11-034/KB2506223 – Rated – Important – Locally logged on users can run an application to gain higher rights. This patch should be installed the next time you normally patch.

Affects – Windows XP, Vista, Win7, 2003, 2008, 2008 R2

 

4 COMMENTS

  1. My Vista SP2 setup had been configured to automatically install critical security updates, and I got a bunch of them on April 15. One or more of them almost completely killed the thumbnail display capability in Michael/Pictures -it didn’t matter the file extension- all that displayed was the Corel program icon, Corel being the default program to handle pics, so I uninstalled all of the April 15 updates, rebooted, and that fixed the problem. The updates are as follows:

    KB2412687, KB2506212, KB2506223, KB2507618, KB2508429, KB2509553, KB2511455, KB2508272, KB905866, KB2449742.

    What can you tell me about this glitch? Thanks in advance!

    Michael

    • Hi Michael,
      As you faced problem in only one folder you should try to delete the thumbnail database file (thumbs.db) in that specified folder and then refresh the folder.

      Process of doing this is :-

      Set the Control Panel/Folder Options to show hidden files, then delete the
      ‘Thumbs.db’ file in that folder, and refresh.

LEAVE A REPLY

Please enter your comment!
Please enter your name here