As covered in our previous post (Preview June 2011 Microsoft Patch Tuesday), this month’s Patch Tuesday is second biggest Tuesday of Year 2011. A total of 16 bulletins are released to fix around 34 “Critical” & “Important” vulnerabilities found in various Microsoft products.

 


MS11-037/KB2544893 – Rated – Important – This is publically disclosed vulnerability in MHTML protocol which can result is “information disclosure”.

Affects :- Important (Windows XP, Vista, Win7), Low (Windows 2003, 2008, 2008R2)

MS11-038/KB2476490 – Rated – Critical – This is privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. Specially crafted WMF image files can be used to execute a remote code execution attack. This is a high priority update.

Affects :- Windows XP, Vista, Windows 7, 2003, 2008, 2008 R2

MS11-039/KB2514842 – Rated – Critical – This update covers privately reported vulnerability found in Microsoft .NET Framework and Microsoft Silverlight. Attacker can launch remote code execution attack against the user with the help of a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.
Issues are reported while applying this patch please refer to Knowledge base before updating

Affects :- Windows XP, Vista, Windows 7, 2003, 2008, 2008 R2

MS11-040/KB2520426 – Rated – Critical – Again a privately reported remote code execution vulnerability this time in Threat Management Gateway 2011 Client formally known as (Microsoft Forefront Threat management Gateway Firewall Client)

Affects :- Threat Management Gateway Firewall Client

MS11-041/KB2525694 – Rated – Critical – This security update resolves privately reported vulnerability in Opentype font handler which can result in remote code execution and escalation of privilege attack.

Affects :- Critical (Windows Vista, Windows 7, 2008, 2008-R2), Important (Win XP, 2003)

MS11-042/KB2535512 – Rated – Critical / Important – Two privately reported vulnerabilities in Microsoft Distributed File System (DFS) are fixed with this update. Remote execution as well as Denial of Service (DoS) attacks can be preformed exploiting these vulnerabilities.

Affects – Critical (Windows XP, 2003), Important (Windows Vista, 2008, 2008-R2)

MS11-043/KB2536276 – Rated – Critical – This is a privately reported vulnerability in Microsoft Windows The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.

Affects :- Windows XP, Vista, Windows 7, 2003, 2008, 2008 R2

MS11-044/KB2538814 – Rated – Critical – This update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. A crafted web page can be used to execute a remote code execution attack against the user who is fooled to click on a specified link.

Issues are reported while applying this patch please refer to Knowledge base before updating

Affects :- Windows XP, Vista, Windows 7, 2003, 2008, 2008 R2

MS11-045/KB2537146 – Rated – Important – This security patch fixes eight vulnerabilities in various version of Microsoft Office. An excel file can be used to allow remote  code execution attack and gain same user rights as the logged-on user.

Affects :- Microsoft Office XP, 2003, 2007, 2010, Excel Viewer, Office Compatibility Pack, For Mac (Office 2004 , 2008, 2011, Open XML File format Converter)

MS11-046/KB2503665Rated – Important – This security patch fixes publicly disclosed vulnerability in Microsoft Windows Ancillary Function Driver (AFD). Vulnerability can be exploited if attacker has physical access to computer system. The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application.

Affects :- Windows XP, Vista, Windows 7, 2003, 2008, 2008-R2

MS11-047/KB2525835 – Rated – Important – This privately reported vulnerability in windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V can be exploited to start a denial of service attack. You should install this patch only you are using Hyper-V on your server.

Affects :- Windows 2008, Windows 2008 R2

MS11-048/KB2536275Rated – Important – Because of this privately reported vulnerability denial of service attack can be started by attacker using a specially crafted SMB packet. Stringent firewall configuration can save your network.

Affects :- Windows Vista , Win7, 2008, 2008 R2

MS11-049/KB2543893 Rated – Important –  This security update resolves vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin.

Issues are reported while applying this patch please refer to Knowledge base before updating

Affects :- InfoPath 2007, InfoPath 2010, SQL Server 2005, SQL SERver 2008, SQL Server 2008 R2, Visual Studio 2005, VS 2008, VS 2010.

MS11-050/KB2530548Rated – Critical – This bulletin resolves massive Eleven vulnerabilities in Internet explorer from version 6 to 9. This update should be install on priority basis.

Affects :- Internet Explorer 6, IE 7, IE 8, IE9

MS11-051/KB2518295Rated – Important –  Vulnerability in Active Directory Certificate Services Web Enrolment is resolved in this update. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user.

Issues are reported while applying this patch please refer to Knowledge base before updating

Affects :- Windows 2003, 2008 R2

MS11-052/KB2544521Rated – Critical – Vector Markup Language (VML) can be exploited in IE to perform remote code execution attacks. I didn’t even know that VML was still around. You will want to patch as soon as you can.

Affects :- IE 6, IE 7, IE 8, IE 9

LEAVE A REPLY

Please enter your comment!
Please enter your name here