Microsoft Security Bulletin Re-Releases/Advisories

Microsoft Security Bulletin Re-Releases - Dec. 14, 2010
Issued: December 14, 2010

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS10-083 - Important
* MS10-077 - Critical
* MS10-070 - Important

Bulletin Information:
=====================

* MS10-083 - Important
http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx

- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce an additional update for Windows Vista
Service Pack 2 (KB979688) and Windows Server 2008 Service
Pack 2 (KB979688) for users who have installed Windows Search
4.0 on Windows Vista Service Pack 1 or Windows Server 2008,
then installed the security update offered in KB2405882, and
then migrated to Windows Vista Service Pack 2 or Windows
Server 2008 Service Pack 2. Customers in this scenario will
need to install the new update offered in KB2405882 to be
protected against the vulnerability described in this bulletin.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 2.0

* MS10-077 - Critical


http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx
- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 to correct an issue in the setup that
could interfere with the successful installation of other
updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS10-070 - Important

http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
- Reason for Revision: V3.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 (KB2416472) to correct an issue in the
setup that could interfere with the successful installation
of other updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: September 28, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 3.0

--
MS10-087 - Critical

- Reason for Revision: V2.0 (December 15, 2010): Announced the
availability of the security updates for Microsoft Office
2008 for Mac (KB2476512) and Open XML File Format Converter
for Mac (KB2476511). Microsoft recommends that users of these
software apply these updates at the earliest opportunity.
- Originally posted: November 9, 2010
- Updated: December 15, 2010
- Bulletin Severity Rating: Critical
- Version: 2.0
http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx

 

Microsoft Security Advisory (2488013)

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 22, 2010

Version: 1.0

Revisions
• V1.0 (December 22, 2010): Advisory published.

http://www.microsoft.com/technet/security/advisory/2488013.mspx

 

Microsoft Security Advisory Notification - Jan 11, 2011
Security Advisories Updated or Released Today


Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published: August 11, 2009 | Updated: January 11, 2011
Revisions:

• V1.0 (August 11, 2009): Advisory published.

• V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054 relating to WinINET.

• V1.2 (December 8, 2009): Updated the FAQ with information about three non-security updates relating to Windows HTTP Services, HTTP Protocol Stack, and Internet Information Services.

• V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917.

• V1.4 (April 14, 2010): Updated the Suggested Actions section to direct customers to the "What other actions is Microsoft taking to implement this feature?" entry in the section, Frequently Asked Questions.

• V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication.

• V1.6 (September 14, 2010): Updated the FAQ with information about a non-security update enabling Outlook Express and Windows Mail to opt in to Extended Protection for Authentication.

• V1.7 (October 12, 2010): Updated the FAQ with information about a non-security update enabling Windows Server Message Block (SMB) to opt in to Extended Protection for Authentication.

• V1.8 (December 14, 2010): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

• V1.9 (December 17, 2010): Removed the FAQ entry, originally added December 14, 2010, about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

• V1.10 (January 11, 2011): Updated the FAQ with information about a new release enabling Microsoft Office Live Meeting Service Portal to opt in to Extended Protection for Authentication.


http://www.microsoft.com/technet/security/advisory/973811.mspx



Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 22, 2010 | Updated: January 11, 2011

Revisions
• V1.0 (December 22, 2010): Advisory published.

• V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.

• V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks.

• V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround.

http://www.microsoft.com/technet/security/advisory/2488013.mspx



Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
Published: August 23, 2010 | Updated: January 11, 2011

Revisions
• V1.0 (August 23, 2010): Advisory published.

• V1.1 (August 31, 2010): Added a link to Microsoft Knowledge Base Article 2264107 to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares.

• V2.0 (November 9, 2010): Added Microsoft Security Bulletin MS10-087, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.

• V3.0 (December 14, 2010): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS10-093, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;" MS10-094, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;" MS10-095, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;" MS10-096, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and MS10-097, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."

• V4.0 (January 11, 2011): Added Microsoft Security Bulletin MS11-001, "Vulnerability in Windows Backup Manager Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.

http://www.microsoft.com/technet/security/advisory/2269637.mspx

 

MS10-001: Vulnerability Last Review: January 19, 2011 -
MS10-001: Vulnerability in the Embedded OpenType Font Engine could allow remote code execution
Article ID: 972270 - Last Review: January 19, 2011 - Revision: 2.1
http://support.microsoft.com/kb/972270/en-us?sd=rss&spid=14484

 

- Reason for Revision: V3.0 (February 22, 2011): Announced a
detection change to offer the Microsoft .NET Framework 4.0
update packages to customers who install Microsoft .NET
Framework 4.0 after installing Windows 7 for x64-based
Systems Service Pack 1, Windows Server 2008 R2 for x64-based
Systems Service Pack 1, or Windows Server 2008 R2 for
Itanium-based Systems Service Pack 1. Customers who have
already successfully updated their systems do not need to
take any action.
- Originally posted: October 12, 2010
- Updated: February 22, 2011
- Bulletin Severity Rating: Critical
- Version: 3.0

http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx

* MS10-070 - Important


- Reason for Revision: V4.0 (February 22, 2011): Announced a
detection change to offer the Microsoft .NET Framework 4.0
(KB2416472) update packages to customers who install
Microsoft .NET Framework 4.0 after installing Windows 7 for
32-bit Systems Service Pack 1, Windows 7 for x64-based
Systems Service Pack 1, Windows Server 2008 R2 for x64-based
Systems Service Pack 1, or Windows Server 2008 R2 for
Itanium-based Systems Service Pack 1. Customers who have
already successfully updated their systems do not need to
take any action.
- Originally posted: September 28, 2010
- Updated: February 22, 2011
- Bulletin Severity Rating: Important
- Version: 4.0
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

 

Updates for the .NET Framework 2.0 Service Pack 2, the .NET Framework 3.0 Service Pack 2, or the .NET Framework 3.5 Service Pack 1 may not correctly update files even when installation of the update succeeds
View products that this article applies to.

http://support.microsoft.com/kb/2431806/en-us?sd=rss&spid=8291

 

Microsoft Security Bulletin Summary for march 8 2011

Microsoft Security Bulletin Summary for march 8 2011
Published: march 8 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx

Critical (1)

Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
Published: March 08, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx


important (2)
Microsoft Security Bulletin MS11-017 - Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
Published: March 08, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx

Microsoft Security Bulletin MS11-016 - Important
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
Published: March 08, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-016.mspx




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - Mar 9, 2011
Issued: March 9, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-015 - Critical

Bulletin Information:

* MS11-015 - Critical

http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

- Reason for Revision: V1.1 (March 9, 2011): Corrected the Systems
Management Server table entries for SMS 2.0 and SMS 2003 with
SUIT for Windows XP Service Pack 3. These are informational
changes only. There were no changes to the security update
files or detection logic.
- Originally posted: March 8, 2011
- Updated: March 9, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1



Bulletin Information:

* MS11-017 - Important


http://www.microsoft.com/technet/security/bulletin/ms11-017.mspx

- Reason for Revision: V1.2 (March 9, 2011): Corrected the
Non-Affected Software component entries for the service pack
1 versions of Windows 7 and Windows Server 2008 R2 from
Remote Desktop Connection 7.0 Client to Remote Desktop
Connection 7.1 Client. These are informational changes only.
There were no changes to the security update files or
detection logic.
- Originally posted: March 8, 2011
- Updated: March 9, 2011
- Bulletin Severity Rating: Important
- Version: 1.2

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: March 8, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS11-009 - Important
* MS11-007 - Critical
* MS11-004 - Important
* MS11-003 - Critical

Bulletin Information:
=====================

* MS11-009 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-009.mspx
- Reason for Revision: V2.0 (March 8, 2011): Clarified the Affected
Software to include Windows 7 for 32-bit Systems Service Pack
1, Windows 7 for x64-based Systems Service Pack 1, Windows
Server 2008 R2 for x64-based Systems Service Pack 1, and
Windows Server 2008 R2 for Itanium-based Systems Service Pack
1. See the entry to the section, Frequently Asked Questions
(FAQ) Related to This Security Update, that explains this revision.
- Originally posted: February 8, 2011
- Updated: March 8, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

* MS11-007 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-007.mspx
- Reason for Revision: V2.0 (March 8, 2011): Clarified the Affected
Software to include Windows 7 for 32-bit Systems Service Pack
1, Windows 7 for x64-based Systems Service Pack 1, Windows
Server 2008 R2 for x64-based Systems Service Pack 1, and
Windows Server 2008 R2 for Itanium-based Systems Service Pack
1. See the entry to the section, Frequently Asked Questions
(FAQ) Related to This Security Update, that explains this revision.
- Originally posted: February 8, 2011
- Updated: March 8, 2011
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS11-004 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx
- Reason for Revision: V2.0 (March 8, 2011):Clarified the Affected
Software to include Windows 7 for 32-bit Systems Service Pack
1, Windows 7 for x64-based Systems Service Pack 1, Windows
Server 2008 R2 for x64-based Systems Service Pack 1, and
Windows Server 2008 R2 for Itanium-based Systems Service Pack
1. See the entry to the section, Frequently Asked Questions
(FAQ) Related to This Security Update, that explains this revision.
- Originally posted: February 8, 2011
- Updated: March 8, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

* MS11-003 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms11-003.mspx
- Reason for Revision: V2.0 (March 8, 2011): Clarified the Affected
Software to include Windows 7 for 32-bit Systems Service Pack
1, Windows 7 for x64-based Systems Service Pack 1, Windows
Server 2008 R2 for x64-based Systems Service Pack 1, and
Windows Server 2008 R2 for Itanium-based Systems Service Pack
1. See the entry to the section, Frequently Asked Questions
(FAQ) Related to This Security Update, that explains this revision.
- Originally posted: February 8, 2011
- Updated: March 8, 2011
- Bulletin Severity Rating: Critical
- Version: 2.0

 

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
Published: January 28, 2011 | Updated: March 11, 2011

Revisions
• V1.0 (January 28, 2011): Advisory published.

• V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks.

http://www.microsoft.com/technet/security/advisory/2501696.mspx

 

Microsoft Security Bulletin Minor Revisions - March 16, 2011
Issued: March 16, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-015 - Critical

Bulletin Information:

* MS11-015 - Critical

http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

- Reason for Revision: V1.2 (March 16, 2011): Removed erroneous
references to Windows XP Home Edition Service Pack 3 and
Windows XP Tablet PC Edition Service Pack 3 in Non-Affected
Software. This is an informational change only. There were no
changes to the security update files or detection logic. For
customers who are running Windows XP Home Edition or Windows
XP Table PC Edition and who have not already applied this
update, Microsoft recommends applying the update immediately.
Customers who have already applied the update do not need to
take any action.
- Originally posted: March 8, 2011
- Updated: March 16, 2011
- Bulletin Severity Rating: Critical
- Version: 1.2
--



********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: March 16, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS11-013 - Important

Bulletin Information:
=====================

* MS11-013 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx
- Reason for Revision: V2.0 (March 16, 2011): Clarified the
Affected Software to include Windows 7 for 32-bit Systems
Service Pack 1, Windows 7 for x64-based Systems Service Pack
1, Windows Server 2008 R2 for x64-based Systems Service Pack
1, and Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1. See the entry to the section, Frequently
Asked Questions (FAQ) Related to This Security Update, that
explains this revision.
- Originally posted: February 8, 2011
- Updated: March 16, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: March 18, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS11-012 - Important

Bulletin Information:
=====================

* MS11-012 - Important

- http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx
- Reason for Revision: V2.0 (March 18, 2011): Clarified the
Affected Software to include Windows 7 for 32-bit Systems
Service Pack 1, Windows 7 for x64-based Systems Service Pack
1, Windows Server 2008 R2 for x64-based Systems Service Pack
1, and Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1. See the entry to the section, Frequently
Asked Questions (FAQ) Related to This Security Update, that
explains this revision.
- Originally posted: February 8, 2011
- Updated: March 18, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

 

Microsoft Security Bulletin Summary for April 12 2011

Microsoft Security Bulletin Summary for April 12 2011
Published: April 12 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

Critical (9)
Microsoft Security Bulletin MS11-018
Cumulative Security Update for Internet Explorer (2497640)
http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx

Microsoft Security Bulletin MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx

Microsoft Security Bulletin MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
http://www.microsoft.com/technet/security/bulletin/ms11-020.mspx

Microsoft Security Bulletin MS11-027
Cumulative Security Update of ActiveX Kill Bits (2508272)
http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

Microsoft Security Bulletin MS11-028
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx

Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx

Microsoft Security Bulletin MS11-030
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Microsoft Security Bulletin MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
http://www.microsoft.com/technet/security/bulletin/ms11-031.mspx

Microsoft Security Bulletin MS11-032
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx

Important (8)
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx

Microsoft Security Bulletin MS11-022
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
http://www.microsoft.com/technet/security/bulletin/ms11-022.mspx

Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx

Microsoft Security Bulletin MS11-024
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
http://www.microsoft.com/technet/security/bulletin/ms11-024.mspx

Microsoft Security Bulletin MS11-025
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx

Microsoft Security Bulletin MS11-026
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
http://www.microsoft.com/technet/security/bulletin/ms11-026.mspx

Microsoft Security Bulletin MS11-033
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
http://www.microsoft.com/technet/security/bulletin/ms11-033.mspx

Microsoft Security Bulletin MS11-034
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx










Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin MS11-025 - Important
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
Published: April 12, 2011 | Updated: April 21, 2011

Version: 2.0
Revisions
• V1.0 (April 12, 2011): Bulletin published.

• V1.1 (April 12, 2011): Clarified the update FAQ, "I am a third-party application developer and I use Visual C++. How do I update my application?"

• V2.0 (April 21, 2011): Rereleased bulletin to reoffer the updates to address a detection issue. There were no changes to the security update files in this bulletin. Customers who have already successfully updated their systems do not need to reinstall this update.

http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx

 

Microsoft Security Bulletin MS11-031 - Critical
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.
•

V1.1 (April 20, 2011): Bulletin updated to clarify that the JScript 5.8 and VBScript 5.8 update (KB2510531) also replaces MS09-045, in addition to MS10-022, for all supported editions of Windows XP, Windows Server 2003, and Windows Vista.

http://www.microsoft.com/technet/security/bulletin/MS11-031.mspx?pubDate=2011-04-20




Microsoft Security Bulletin MS11-024 - Important
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.
•

V1.1 (April 20, 2011): Added a link to Microsoft Knowledge Base Article 2527308 under Known Issues in the Executive Summary.
http://www.microsoft.com/technet/security/bulletin/MS11-024.mspx?pubDate=2011-04-20



Microsoft Security Bulletin MS11-022 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
Published: April 12, 2011 | Updated: April 20, 2011

Revisions
•

V1.0 (April 12, 2011): Bulletin published.

V1.1 (April 20, 2011): Corrected the bulletin replacement information for the Microsoft PowerPoint Web App update (KB2520047). This is an informational change only. There were no changes to the detection logic or the update files.
http://www.microsoft.com/technet/security/bulletin/MS11-022.mspx?pubDate=2011-04-20



Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
Published: September 28, 2010 | Updated: April 20, 2011

Revisions
•

V1.0 (September 28, 2010): Bulletin published.
•

V2.0 (September 30, 2010): Revised this bulletin to announce that the updates are now available through all distribution channels, including Windows Update and Microsoft Update. Also added an update FAQ to describe additional clarifications and corrections to the bulletin.
•

V2.1 (October 13, 2010): Added three update FAQs to clarify affected software.
•

V2.2 (November 3, 2010): Added a note to the Affected Software table to clarify that the .NET Framework 4.0 Client Profile is not affected.
•

V3.0 (December 14, 2010): Added an update FAQ to announce that new update packages are available for .NET Framework 4.0 (KB2416472) to correct an issue in the setup that could interfere with the successful installation of other updates and/or products. Customers who have already successfully updated their systems do not need to take any action.
•

V4.0 (February 22, 2011): Announced a detection change to offer the Microsoft .NET Framework 4.0 (KB2416472) update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.
•

V4.1 (April 20, 2011): Corrected registry key verification for Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP and Windows Server 2003.
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx?pubDate=2011-04-20

 

Microsoft Security Bulletin Summary for may 10 2011

Microsoft Security Bulletin Summary for may 10 2011
Published: may 10 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/MS11-may.mspx

Critical (1)

Microsoft Security Bulletin MS11-035 - Critical
Vulnerability in WINS Could Allow Remote Code Execution (2524426)
Published: May 10, 2011
http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx

Important (1)

Microsoft Security Bulletin MS11-036 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
Published: May 10, 2011
http://www.microsoft.com/technet/security/bulletin/MS11-036.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin MS11-018 - Critical
Cumulative Security Update for Internet Explorer (2497640)
Published: April 12, 2011 | Updated: May 16, 2011

Revisions
• V1.0 (April 12, 2011): Bulletin published.

• V2.0 (May 16, 2011): Bulletin rereleased to reoffer the update for Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003. This is a detection change only. There were no changes to the binaries. Only affected customers will be offered the update. Customers who have installed the update manually and customers running configurations not targeted by the change to detection logic do not need to take any action.

http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx

 

Microsoft Security Bulletin Minor Revisions - Jun 22. 2011
Issued: June 22, 2011

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-043 - Critical
* MS11-028 - Critical

Bulletin Information:
=====================

* MS11-049 - Important
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx

- Reason for Revision: V1.3 (June 22, 2011): Corrected the bulletin
replacement information for Microsoft InfoPath 2007 and the
Systems Management Server detection information for SQL
Server. This is a bulletin change only. There were no changes
to the detection or security update files.
- Originally posted: June 14, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Important
- Version: 1.3

* MS11-043 - Critical
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
- Reason for Revision: V1.1 (June 22, 2011): Added a link to
Microsoft Knowledge Base Article 2536276 under Known Issues
in the Executive Summary.
- Originally posted: June 14, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS11-028 - Critical
http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx
- Reason for Revision: V2.2 (June 22, 2011): Corrected the bulletin
replacement information. This is a bulletin change only.
There were no changes to the detection or security update files.
- Originally posted: April 12, 2011
- Updated: June 22, 2011
- Bulletin Severity Rating: Critical
- Version: 2.2

 

Microsoft ends support for Office XP and Vista SP1 on 07/12/11

Microsoft will retire 2001's Office XP and the first service pack for Windows Vista next week, according to the company's published schedule. Both Office XP and Vista Service Pack 1 (SP1) will exit all support July 12, this month's Patch Tuesday. That date will be the last time Microsoft issues security updates for the aging suite and Vista SP1. Vista users must upgrade to SP2.

Microsoft supports its business products for 10 years, the first five in what it calls "mainstream support," and the second five in "extended support." The biggest difference between the two phases is that in the latter, non-security fixes are provided only to companies that have paid for special support contracts.

http://msmvps.com/blogs/harrywaldro...-for-office-xp-and-vista-sp1-on-07-12-11.aspx

 

Microsoft Security Bulletin Summary for July 12 2011

Microsoft Security Bulletin Summary for July 12 2011
Published: July 12 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

Critical (1)
Microsoft Security Bulletin MS11-053 - Critical
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
Published: July 12, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-053.mspx

Important (3)

Microsoft Security Bulletin MS11-054 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
Published: July 12, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-054.mspx

Microsoft Security Bulletin MS11-056 - Important
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
Published: July 12, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx

Microsoft Security Bulletin MS11-055 - Important
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
Published: July 12, 2011
http://www.microsoft.com/technet/security/Bulletin/MS11-055.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - July 27, 2011
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-027 - Critical
* MS09-035 - Moderate

Bulletin Information:
=====================

* MS11-027 - Critical


http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

- Reason for Revision: V1.1 (July 27, 2011): Added class
identifiers for the Microsoft WMITools ActiveX Control
described in this bulletin's vulnerability section for
CVE-2010-3973. This is an informational change only.
Customers who have already applied the "Prevent COM objects
from running in Internet Explorer" workaround for this
vulnerability should reapply this workaround with the
additional class identifiers.
- Originally posted: April 12, 2011
- Updated: July 27, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-035 - Moderate

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

- Reason for Revision: V3.1 (July 27, 2011): Corrected the update
verification information for Microsoft Visual C++ 2005
Service Pack 1 Redistributable Package, Microsoft Visual C++
2008 Redistributable Package, and Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package. Removed the registry
key information in favor of product codes. This is an
informational change only.
- Originally posted: July 28, 2009
- Updated: July 27, 2011
- Bulletin Severity Rating: Moderate
- Version: 3.1

 

Microsoft Security Bulletin Minor Revisions - July 27, 2011
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-027 - Critical
* MS09-035 - Moderate

Bulletin Information:
=====================

* MS11-027 - Critical


http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx

- Reason for Revision: V1.1 (July 27, 2011): Added class
identifiers for the Microsoft WMITools ActiveX Control
described in this bulletin's vulnerability section for
CVE-2010-3973. This is an informational change only.
Customers who have already applied the "Prevent COM objects
from running in Internet Explorer" workaround for this
vulnerability should reapply this workaround with the
additional class identifiers.
- Originally posted: April 12, 2011
- Updated: July 27, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-035 - Moderate

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

- Reason for Revision: V3.1 (July 27, 2011): Corrected the update
verification information for Microsoft Visual C++ 2005
Service Pack 1 Redistributable Package, Microsoft Visual C++
2008 Redistributable Package, and Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package. Removed the registry
key information in favor of product codes. This is an
informational change only.
- Originally posted: July 28, 2009
- Updated: July 27, 2011
- Bulletin Severity Rating: Moderate
- Version: 3.1

 

Microsoft Security Bulletin Summary for august 9 2011

Microsoft Security Bulletin Summary for august 9 2011
Published: august 9 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

Critical (2)

Microsoft Security Bulletin MS11-057
Cumulative Security Update for Internet Explorer (2559049)
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx

Microsoft Security Bulletin MS11-058
Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx



Important (9)

Microsoft Security Bulletin MS11-059
Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
http://www.microsoft.com/technet/security/bulletin/ms11-060.mspx

Microsoft Security Bulletin MS11-061
Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
http://www.microsoft.com/technet/security/bulletin/ms11-061.mspx

Microsoft Security Bulletin MS11-062
Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
http://www.microsoft.com/technet/security/bulletin/ms11-062.mspx

Microsoft Security Bulletin MS11-063
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
http://www.microsoft.com/technet/security/bulletin/ms11-063.mspx

Microsoft Security Bulletin MS11-064
Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx

Microsoft Security Bulletin MS11-065
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
http://www.microsoft.com/technet/security/bulletin/ms11-065.mspx

Microsoft Security Bulletin MS11-066
Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx

Microsoft Security Bulletin MS11-067
Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
http://www.microsoft.com/technet/security/bulletin/ms11-067.mspx



Moderate (2)
Microsoft Security Bulletin MS11-068
Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx


Microsoft Security Bulletin MS11-069
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
http://www.microsoft.com/technet/security/bulletin/ms11-069.mspx




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin MS11-068 - Moderate
Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
Published: August 09, 2011 | Updated: August 10, 2011

Revisions
•

V1.0 (August 9, 2011): Bulletin published.
•

V1.1 (August 10, 2011): Revised the Server Core installation not affected notation for Windows Server 2008 and Windows Server 2008 R2 to clarify that the update will still be offered to systems installed using the Server Core installation option.

http://www.microsoft.com/technet/security/bulletin/MS11-068.mspx?pubDate=2011-08-10



Microsoft Security Bulletin MS11-059 - Important
Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
Published: August 09, 2011 | Updated: August 10, 2011

Revisions
•

V1.0 (August 9, 2011): Bulletin published.
•

V1.1 (August 10, 2011): Corrected the restart requirements for the update on all affected operating systems.

http://www.microsoft.com/technet/security/bulletin/MS11-059.mspx?pubDate=2011-08-10


Microsoft Security Bulletin MS11-045 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Published: June 14, 2011 | Updated: August 10, 2011

Revisions
•

V1.0 (June 14, 2011): Bulletin published.
•

V1.1 (August 10, 2011): Removed two erroneous workarounds in this bulletin's vulnerability section for CVE-2011-1276. This is an informational change only.

http://www.microsoft.com/technet/security/bulletin/MS11-045.mspx?pubDate=2011-08-

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: August 9, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-043 - Critical
* MS11-025 - Important

Bulletin Information:
=====================

* MS11-049 - Important
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx

- Reason for Revision: V2.0 (August 9, 2011): Bulletin rereleased
to announce a detection change to the update for Microsoft
Visual Studio 2005 Service Pack 1 (KB2251481) to add
detection for related software listed in the update FAQ.
There were no changes to the security update files. Customers
who have already successfully updated their systems do not
need to reinstall this update.
- Originally posted: June 14, 2011
- Updated: August 9, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

* MS11-043 - Critical
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx

- Reason for Revision: V2.0 (August 9, 2011): Bulletin rereleased
to reoffer the update on all supported operating systems to
address a stability issue. Customers who have already
successfully updated their systems should reinstall this update.
- Originally posted: June 14, 2011
- Updated: August 9, 2011
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS11-025 - Important

http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx
- Reason for Revision: V4.0 (August 9, 2011): Added Microsoft
Visual Studio 2010 Service Pack 1 (KB2565057) and Microsoft
Visual C++ 2010 Redistributable Package Service Pack 1
(KB2565063) as Affected Software. See the update FAQ for
details. Also corrected the file verification information for
Microsoft Visual C++ 2005 Service Pack 1 Redistributable
Package, Microsoft Visual C++ 2008 Service Pack 1
Redistributable Package, and Microsoft Visual C++ 2010
Redistributable Package.
- Originally posted: April 12, 2011
- Updated: August 9, 2011
- Bulletin Severity Rating: Important
- Version: 4.0

 

Microsoft Security Bulletin Summary for September 13 2011

Microsoft Security Bulletin Summary for September 13 2011
Published: September 13 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:


Critical (0)


Important (5)

Microsoft Security Bulletin MS11-074 - Important

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Published: Tuesday, September 13, 2011
http://technet.microsoft.com/en-us/security/bulletin/MS11-074



Microsoft Security Bulletin MS11-073 - Important

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Published: Tuesday, September 13, 2011
http://technet.microsoft.com/en-us/security/bulletin/MS11-073



Microsoft Security Bulletin MS11-072 - Important

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Published: Tuesday, September 13, 2011
http://technet.microsoft.com/en-us/security/bulletin/MS11-072



Microsoft Security Bulletin MS11-071 - Important

Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

Published: Tuesday, September 13, 2011
http://technet.microsoft.com/en-us/security/bulletin/MS11-071



Microsoft Security Bulletin MS11-070 - Important

Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Published: Tuesday, September 13, 2011
http://technet.microsoft.com/en-us/security/bulletin/MS11-070


Moderate (0)





Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - Sep 21, 2011
Issued: September 21, 2011

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-043 - Critical
* MS11-058 - Critical
* MS11-074 - Important

Bulletin Information:
=====================

* MS11-043 - Critical
http://technet.microsoft.com/security/bulletin/ms11-043

- Reason for Revision: V2.1 (September 21, 2011): Corrected the
registry key verification entries in the Security Update
Deployment section for Windows XP and Windows Server 2003.
- Originally posted: June 14, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS11-058 - Critical
http://technet.microsoft.com/security/bulletin/ms11-058

- Reason for Revision: V1.1 (September 21, 2011): Corrected
the Affected Software table to remove MS11-046 as a bulletin
replaced by this update on all affected editions of
Windows Server 2003. This is a detection change only.
There were no changes to the security update files.
Customers who have already successfully updated their systems
do not need to take any action.
- Originally posted: August 9, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS11-074 - Important
http://technet.microsoft.com/security/bulletin/ms11-074


- Reason for Revision: V1.2 (September 21, 2011): Removed
erroneous reference to Microsoft Knowledge Base Article
2553001 in the deployment reference table for Microsoft
Groove Server 2007. This is an informational change only.
There were no changes to the security update files or
detection logic.
- Originally posted: September 13, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Important
- Version: 1.2

 

Microsoft Security Advisory (2588513)

Vulnerability in SSL/TLS Could Allow Information Disclosure

Published: Monday, September 26, 2011


Revisions
V1.0 (September 26, 2011): Advisory published.
http://technet.microsoft.com/en-us/security/advisory/2588513

 

Microsoft Security Bulletin October for 11 2011

Microsoft Security Bulletin Summary for October 11 2011
Published: October 11 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms11-oct

Critical (2)

Microsoft Security Bulletin MS11-078 - Critical

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Published: Tuesday, October 11, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-078


Microsoft Security Bulletin MS11-081 - Critical

Cumulative Security Update for Internet Explorer (2586448)

Published: Tuesday, October 11, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-081

Important (6)


Microsoft Security Bulletin MS11-075 - Important

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-075



Microsoft Security Bulletin MS11-076 - Important

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-076


Microsoft Security Bulletin MS11-077 - Important

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-077


Microsoft Security Bulletin MS11-079 - Important

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-079


Microsoft Security Bulletin MS11-080 - Important

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-080


Microsoft Security Bulletin MS11-082 - Important

Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

Published: Tuesday, October 11, 2011

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms11-082



Moderate (0)





Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin for November 8 2011

Microsoft Security Bulletin Summary for November 8 2011
Published: November 8 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

Critical (1)

Microsoft Security Bulletin MS11-083 - Critical

Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Published: Tuesday, November 08, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-083


Important (2)

Microsoft Security Bulletin MS11-085 - Important

Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)

Published: Tuesday, November 08, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-085


Microsoft Security Bulletin MS11-086 - Important

Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

Published: Tuesday, November 08, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-086



Moderate (1)


Microsoft Security Bulletin MS11-084 - Moderate

Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)

Published: Tuesday, November 08, 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-084


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: November 8, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS11-037 - Important
* MS11-JUN
* MS11-071 - Important

Bulletin Information:
=====================

* MS11-037 - Important

http://technet.microsoft.com/security/bulletin/ms11-037
- Reason for Revision: V2.0 (November 8, 2011): Bulletin
rereleased to reoffer the update on all supported editions of
Windows XP and Windows Server 2003. Customers using Windows XP
or Windows Server 2003, including those who have already
successfully installed the update originally offered on
June 14, 2011, should install the reoffered update.
See the Update FAQ for details.
- Originally posted: June 14, 2011
- Updated: November 8, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

* MS11-JUN

http://technet.microsoft.com/security/bulletin/ms11-JUN
- Reason for Revision: V3.0 (November 8, 2011): Rereleased
MS11-037 to reoffer the update on all supported editions
of Windows XP and Windows Server 2003. Customers using
Windows XP or Windows Server 2003, including those who
have already successfully installed the update originally
offered on June 14, 2011, should install the reoffered
update.
- Originally posted: June 14, 2011
- Updated: November 8, 2011
- Version: 3.0

* MS11-071 - Important

http://technet.microsoft.com/security/bulletin/ms11-071
- Reason for Revision: V2.0 (November 8, 2011): Rereleased
this bulletin to announce availability of an update for
Windows 7 Embedded. No other update packages are affected
by this rerelease.
- Originally posted: September 13, 2011
- Updated: November 8, 2011
- Bulletin Severity Rating: Important
- Version: 2.0

 

Microsoft Security Bulletin for December 13 2011

Microsoft Security Bulletin Summary for December 13 2011
Published: December 13 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms11-dec

Critical (3)
Microsoft Security Bulletin MS11-087
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
http://technet.microsoft.com/en-us/security/bulletin/ms11-087


Microsoft Security Bulletin MS11-090
Cumulative Security Update of ActiveX Kill Bits (2618451)
http://technet.microsoft.com/en-us/security/bulletin/ms11-090


Microsoft Security Bulletin MS11-092
Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
http://technet.microsoft.com/en-us/security/bulletin/ms11-092




Important (10)

Microsoft Security Bulletin MS11-088
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
http://technet.microsoft.com/en-us/security/bulletin/ms11-088.mspx


Microsoft Security Bulletin MS11-089
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
http://technet.microsoft.com/en-us/security/bulletin/ms11-089.mspx


Microsoft Security Bulletin MS11-091
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
http://technet.microsoft.com/en-us/security/bulletin/ms11-091.mspx


Microsoft Security Bulletin MS11-093
Vulnerability in OLE Could Allow Remote Code Execution (2624667)
http://technet.microsoft.com/en-us/security/bulletin/ms11-093.mspx


Microsoft Security Bulletin MS11-094
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
http://technet.microsoft.com/en-us/security/bulletin/ms11-094.mspx


Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
http://technet.microsoft.com/en-us/security/bulletin/ms11-095.mspx


Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/ms11-096.mspx


Microsoft Security Bulletin MS11-097
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
http://technet.microsoft.com/en-us/security/bulletin/ms11-097.mspx


Microsoft Security Bulletin MS11-098
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
http://technet.microsoft.com/en-us/security/bulletin/ms11-098.mspx


Microsoft Security Bulletin MS11-099
Cumulative Security Update for Internet Explorer (2618444)
http://technet.microsoft.com/en-us/security/bulletin/ms11-099.mspx


Moderate (0)




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin for December 29th 2011 Out of Band

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms11-dec

Critical (1)

Microsoft Security Bulletin MS11-100
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

http://technet.microsoft.com/en-us/security/bulletin/ms11-100

 

Microsoft Security Bulletin for January 10 2012

Microsoft Security Bulletin Summary for January 13 2012
Published: January 10 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

Critical (1)


Microsoft Security Bulletin MS12-004 - Critical

Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-004


Important (6)


Microsoft Security Bulletin MS12-001 - Important

Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-001



Microsoft Security Bulletin MS12-002 - Important

Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-002


Microsoft Security Bulletin MS12-003 - Important

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
http://technet.microsoft.com/en-us/security/bulletin/ms12-003



Microsoft Security Bulletin MS12-005 - Important

Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-005



Microsoft Security Bulletin MS12-006 - Important

Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-006



Microsoft Security Bulletin MS12-007 - Important

Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-007

Moderate (0)




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin MS11-099 - Important
Cumulative Security Update for Internet Explorer (2618444)

Published: Tuesday, December 13, 2011 | Updated: Tuesday, January 10, 2012

Reason for Revision: V1.2 (January 10, 2012): Announced that
this update, MS11-099, enables the protections provided in the
Vulnerability in SSL/TLS Could Allow Information Disclosure
update, MS12-006, for Internet Explorer. For more information,
see the Update FAQ.
- Originally posted: December 13, 2011
- Updated: January 10, 2012
- Bulletin Severity Rating: Important
- Version: 1.2
http://technet.microsoft.com/en-us/security/bulletin/ms11-099

 

MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012

Known issues with this security update

After you install this security update, you may experience authentication failure or loss of connectivity to some HTTPS servers.
This issue occurs because this security update changes the way that records are sent to HTTPS server.
http://support.microsoft.com/kb/2643584

 

Microsoft Security Bulletin Minor Revisions - Jan. 18, 2012
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-JUN
* MS12-006 - Important

Bulletin Information:
=====================

* MS11-049 - Important


http://technet.microsoft.com/security/bulletin/MS11-049
- Reason for Revision: V2.2 (January 18, 2012): Added a note
to the Affected and Non-Affected Software section to clarify
that this update also applies to 32-bit and x64-based
SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 2.2

* MS11-JUN
http://technet.microsoft.com/security/bulletin/MS11-JUN

Reason for Revision: V3.1 (January 18, 2012): For MS11-049,
added a note to the Affected Software and Download Locations
section to clarify that this update also applies to 32-bit and
x64-based SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Version: 3.1

* MS12-006 - Important

http://technet.microsoft.com/security/bulletin/MS12-006
Reason for Revision: V1.1 (January 18, 2012): Added MS10-085 as
a bulletin replaced by the KB2585542 update for Windows 7 for
32-bit Systems, Windows 7 for x64-based Systems,
Windows Server 2008 R2 for x64-based Systems, and
Windows Server 2008 R2 for Itanium-based Systems.
This is an informational change only. There were no changes to
the detection logic or the update files.
- Originally posted: January 10, 2012
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

 

You receive error: Stop error code 0x0000007B


Article ID: 2673509 - Last Review: February 5, 2012 - Revision: 1.0

You receive error: Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE) after you install Windows Updates

http://support.microsoft.com/kb/2673509/en-us?sd=rss&spid=14481

 

Unable to install updates in Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2:

When you try to install an update to Windows, you try to install a Windows component, or you try to install a Microsoft or third-party software program, you experience one or more of the following symptoms:•You cannot view Windows roles or features.
•A service pack installation fails.
•When you try to connect to the Microsoft Windows Update website or to the Microsoft Update website, one of the following error codes is logged in the Windows Update log (windowsupdate.log) or in the Component Based Servicing log (CBS.log):◦ 0xC80001FE
◦0x80200010
◦0x80070643
◦0x80246002
◦0x80070490
◦0x80070420
◦0x80073712
◦0x80246007
◦0x80000FFF
◦0x80070424
◦0x80248007
◦0x8007064C
◦0x8024D00C
◦0x8007066A
◦0x80245003
◦0x8024402C
http://support.microsoft.com/kb/2509997/en-us?sd=rss&spid=14134

 

Microsoft Security Bulletin(s) for February 14, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-feb

Critical (4)

Microsoft Security Bulletin MS12-008
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
http://technet.microsoft.com/en-us/security/bulletin/ms12-008

Microsoft Security Bulletin MS12-010
Cumulative Security Update for Internet Explorer (2647516)
http://technet.microsoft.com/en-us/security/bulletin/ms12-010

Microsoft Security Bulletin MS12-013
Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
http://technet.microsoft.com/en-us/security/bulletin/ms12-013


Microsoft Security Bulletin MS12-016
Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
http://technet.microsoft.com/en-us/security/bulletin/ms12-016

Important (5)

Microsoft Security Bulletin MS12-009
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
http://technet.microsoft.com/en-us/security/bulletin/ms12-009

Microsoft Security Bulletin MS12-011
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

Microsoft Security Bulletin MS12-012
Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Microsoft Security Bulletin MS12-014
Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Microsoft Security Bulletin MS12-015
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
http://technet.microsoft.com/en-us/security/bulletin/ms12-015





Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Updates to the .NET Framework 2.0 by using Windows Update may cause some .NET Framework applications to crash





Consider the following scenario:•You install an update for the Microsoft .NET Framework 2.0 by using Windows Update.
•You run a .NET Framework 2.0 application, a .NET Framework 3.0 application, or a .NET Framework 3.5 application.
•You leave the computer on which your application is running idle for some time. When the computer is idle, the native images for the .NET Framework are automatically regenerated.

continued at source

http://support.microsoft.com/kb/2677528/en-us?sd=rss&spid=548

 

Microsoft Security Bulletin(s) for march 13, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

Critical (1)

Microsoft Security Bulletin MS12-020 - Critical

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-020

Important (4)

Microsoft Security Bulletin MS12-017 - Important

Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-017

Microsoft Security Bulletin MS12-018 - Important

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-018

Microsoft Security Bulletin MS12-021 - Important

Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-021

Microsoft Security Bulletin MS12-022 - Important

Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-022

moderate (1)

Microsoft Security Bulletin MS12-019 - Moderate

Vulnerability in DirectWrite Could Allow Denial of Service (2665364)

Published: Tuesday, March 13, 2012

Version: 1.0

http://technet.microsoft.com/en-us/security/bulletin/ms12-019

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin(s) for April 10, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-apr

Critical (4)

Microsoft Security Bulletin MS12-023
Cumulative Security Update for Internet Explorer (2675157)
http://technet.microsoft.com/en-us/security/bulletin/ms12-023

Microsoft Security Bulletin MS12-024
Vulnerability in Windows Could Allow Remote Code Execution (2653956)
http://technet.microsoft.com/en-us/security/bulletin/ms12-024

Microsoft Security Bulletin MS12-025
Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
http://technet.microsoft.com/en-us/security/bulletin/ms12-025

Microsoft Security Bulletin MS12-027
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
http://technet.microsoft.com/en-us/security/bulletin/ms12-027



Important (2)

Microsoft Security Bulletin MS12-026
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
http://technet.microsoft.com/en-us/security/bulletin/ms12-026

Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
http://technet.microsoft.com/en-us/security/bulletin/ms12-028






Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 26, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-027 - Critical
* MS12-APR

Bulletin Information:
=====================

* MS12-027 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-027
- Reason for Revision: V2.0 (April 26, 2012): Added Service Pack 1
versions of SQL Server 2008 R2 to the Affected Software and
added an entry to the update FAQ to explain which SQL Server
2000 update to use based on version ranges. These are
informational changes only. There were no changes to the security
update files or detection logic. For a complete list of changes,
see the entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-APR

- http://technet.microsoft.com/security/bulletin/ms12-APR
- Reason for Revision: V2.0 (April 26, 2012): For MS12-027, added
Service Pack 1 versions of SQL Server 2008 R2 to the Affected
Software and clarified the Affected Software to show that the
update applies to all installations of Microsoft SQL Server 2000
Analysis Services Service Pack 4, as the QFE and GDR distinction
does not apply to this product. These are informational changes
only. There were no changes to the security update files or
detection logic. Because the updates have been offered correctly
since initial release, customers who have already successfully
installed the updates do not need to take any action.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Version: 2.0

 

--------------------------------------------------------------------------------

Microsoft Security Bulletin Advance Notification for May 2012

Published: Thursday, May 03, 2012

Version: 1.0


This is an advance notification of security bulletins that Microsoft is intending to release on May 8, 2012.

This bulletin advance notification will be replaced with the May bulletin summary on May 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on May 9, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the May Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates.

 

Microsoft Security Bulletin(s) for May 8, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing



Today Microsoft released the following Security Bulletin(s).



Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.



Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.



Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-may



Critical (3)



Microsoft Security Bulletin MS12-029 - Critical

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/MS12-029





Microsoft Security Bulletin MS12-034 - Critical

Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-034





Microsoft Security Bulletin MS12-035 - Critical

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-035




Important (4)




Microsoft Security Bulletin MS12-030 - Important

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-030







Microsoft Security Bulletin MS12-031 - Important

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/MS12-031







Microsoft Security Bulletin MS12-032 - Important

Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-032







Microsoft Security Bulletin MS12-033 - Important

Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/security/bulletin/ms12-033








Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.



If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.



As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.



Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: May 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-035 - Critical
* MS12-MAY

Bulletin Information:
=====================

* MS12-035 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-035
- Reason for Revision: V2.0 (May 11, 2012): Added an entry to the
update FAQ to communicate that security update KB2656353
addresses the vulnerabilities described in this bulletin for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-MAY

- http://technet.microsoft.com/security/bulletin/MS12-MAY
- Reason for Revision: V2.0 (May 11, 2012): For MS12-035,
corrected the security update number to KB2656353 for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Version: 2.0

 

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS11-100 - Critical
* MS12-034 - Critical
* MS12-035 - Critical
* MS12-MAY


Bulletin Information:
=====================

* MS11-100 - Critical

http://technet.microsoft.com/security/bulletin/MS11-100

- Reason for Revision: V1.5 (May 22, 2012): Added entry to the
update FAQ to announce a detection change for KB2656352 for
Microsoft .NET Framework 2.0 Service Pack 2 to correct an
installation issue. This is a detection change only. There were
no changes to the security update files. Customers who have
already successfully updated their systems do not need to take
any action.
- Originally posted: December 29, 2011
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 1.5

* MS12-034 - Critical

http://technet.microsoft.com/security/bulletin/MS12-034

- Reason for Revision: V1.2 (May 22, 2012): Added an entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to explain this revision.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS12-035 - Critical

http://technet.microsoft.com/security/bulletin/MS12-035

- Reason for Revision: V2.1 (May 22, 2012): Added entry to the
update FAQ to announce a detection change for KB2604092 for
Microsoft .NET Framework 2.0 Service Pack 2 and KB2604110 for
Microsoft .NET Framework 3.0 Service Pack 2 to correct an
installation issue. This is a detection change only. There were
no changes to the security update files. Customers who have
already successfully updated their systems do not need to take
any action.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 2.1


MS12-MAY

http://technet.microsoft.com/security/bulletin/MS12-may

- Reason for Revision: V2.1 (May 22, 2012): For MS12-034, added
footnotes for security update KB2660649 for Windows Server 2008
and Windows Server 2008 R2. There were no changes to the
security update files. Customers who have successfully
installed the update do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Version: 2.1

 

Update for Windows Vista/7/8 for x64-based Systems (KB2718704)

Download size: 78 KB

You may need to restart your computer for this update to take effect.

Update type: Important

Install this update to resolve an issue which requires an update to the certificate revocation list on Windows systems and to keep your systems certificate list up to date. After you install this update, you may have to restart your system.

More information:
http://support.microsoft.com/kb/2718704

Help and Support:
http://support.microsoft.com

 

Microsoft Security Bulletin(s) for June 12, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-jun

Critical (3)
Microsoft Security Bulletin MS12-036
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
http://technet.microsoft.com/en-us/security/bulletin/ms12-036


Microsoft Security Bulletin MS12-037
Cumulative Security Update for Internet Explorer (2699988)
http://technet.microsoft.com/en-us/security/bulletin/ms12-037


Microsoft Security Bulletin MS12-038
Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
http://technet.microsoft.com/en-us/security/bulletin/ms12-038


Important (4)
Microsoft Security Bulletin MS12-039
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
http://technet.microsoft.com/en-us/security/bulletin/ms12-039


Microsoft Security Bulletin MS12-040
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
http://technet.microsoft.com/en-us/security/bulletin/ms12-040


Microsoft Security Bulletin MS12-041
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
http://technet.microsoft.com/en-us/security/bulletin/ms12-041


Microsoft Security Bulletin MS12-042
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
http://technet.microsoft.com/en-us/security/bulletin/ms12-042



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.