Main Menu

Mailing List

Name:

Email:

Archive

Archive

[SingCERT] Microsoft April 2011 Security Bulletins

Last Updated on Wednesday, 13 April 2011 16:02

[ Summary ]

Microsoft has released seventeen security bulletins addressing vulnerabilities in .Net Framework, Microsoft Windows, Internet Explorer, Office and Microsoft Developer Tools and Software.

These vulnerabilities allow information disclosure and remote code execution.


[ Affected Systems ]

These vulnerabilities affect:
1) Windows operating systems and components - Windows XP, Server 2003, Vista, Server 2008 and Windows 7
2) Microsoft Office Suites and Software - Office XP, Office 2003-2010 and Office Compatibility Pack
3) Microsoft Developer Tools and Software - Visual Studio 2005-2010 and Visual C++ 2005-2010


[ Impact Analysis ]

#

Affected

Contra Indications

Known Exploits

Microsoft rating

ISC rating(*)

clients

servers

MS11-018

Cumulative Security Update for Internet Explorer ( Replaces MS11-003 )

Internet Explorer 6-8
CVE-2011-0094
CVE-2011-0346
CVE-2011-1244
CVE-2011-1245
CVE-2011-1345

KB 2497640

ACTIVELY EXPLOITED.

Severity:Critical
Exploitability: 1,1,?,3,1

PATCH NOW!

Critical

MS11-019

Vulnerabilities in SMB Client Could Allow Remote Code Execution ( Replaces MS10-020 )

Windows
CVE-2011-0654
CVE-2011-0660

KB 2511455

POC Available.

Severity:Critical
Exploitability: 2,1

Critical

Critical

MS11-020

Vulnerability in SMB Server Could Allow Remote Code Execution ( Replaces MS10-012 MS10-054 )

Windows
CVE-2011-0661

KB 2508429

No Known Exploits.

Severity:Critical
Exploitability: 1

Critical

Critical

MS11-021

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution ( Replaces MS10-080 MS10-087 )

Office XP SP3-2010, Office 2004-2011 for Mac, Open XML File Format Converter, Excel Viewer SP2, Office Compatibility Pack for 2007 file formats
CVE-2011-0097
CVE-2011-0098
CVE-2011-0101
CVE-2011-0103
CVE-2011-0104
CVE-2011-0105
CVE-2011-0978
CVE-2011-0979
CVE-2011-0980

KB 2489279

No Known Exploits.

Severity:Important
Exploitability: 1,1,1,2,2,2,1,1,1

Important

Important

MS11-022

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution ( Replaces MS09-017 MS10-036 MS10-087 MS10-088 )

PowerPoint
CVE-2011-0655
CVE-2011-0656
CVE-2011-0976

KB 2489283

No Known Exploits.

Severity:Important
Exploitability: 2,2,1

Important

Important

MS11-023

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution ( Replaces MS10-087 )

Office XP - 2007, Office 2004 - 2008 for Mac, Open XML File Format Converter
CVE-2011-0107
CVE-2011-0977

KB 2489293

POC Available.

Severity:Important
Exploitability: 1,2

Important

Important

MS11-024

Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution

Fax Services, Fax Server Role
CVE-2010-3974

KB 2527308

POC Available.

Severity:Important
Exploitability: 3

Critical

Important

MS11-025

Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution

Visual Studio .NET 2003 - 2010, Visual C++ 2005 - 2010 Redistributable Package
CVE-2010-3190

KB 2500212

No Known Exploits.

Severity:Important
Exploitability: 1

Important

Important

MS11-026

Vulnerability in MHTML Could Allow Information Disclosure

MHTML
CVE-2011-0096

KB 2503658

ACTIVELY EXPLOITED.

Severity:Important
Exploitability: 3

PATCH NOW!

Important

MS11-027

Cumulative Security Update of ActiveX Kill Bits ( Replaces MS10-034 )

Windows XP- 7, Server 2003-2008
CVE-2010-0811
CVE-2010-3973
CVE-2011-1243

KB 2508272

POC Available.

Severity:Critical
Exploitability: ?,?,?

Critical

Critical

MS11-028

Vulnerability in .NET Framework Could Allow Remote Code Execution ( Replaces MS09-061 MS10-060 MS10-077 )

.NET framework (all supported version)
CVE-2010-3958

KB 2484015

No Known Exploits.

Severity:Critical
Exploitability: 1

Critical

Critical

MS11-029

Vulnerability in GDI+ Could Allow Remote Code Execution ( Replaces MS09-062 MS10-087 )

Windows XP-Vista, Windows Server 2003-2008, Office XP
CVE-2011-0041

KB 2489979

No Known Exploits.

Severity:Critical
Exploitability: 1

Critical

Critical

MS11-030

Vulnerability in DNS Resolution Could Allow Remote Code Execution ( Replaces MS08-020 MS08-037 MS08-066 )

Windows XP - 7, Windows Server 2008
CVE-2011-0657

KB 2509553

No Known Exploits.

Severity:Critical
Exploitability: 2

Critical

Critical

MS11-031

Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution ( Replaces MS09-045 MS10-022 MS11-009 )

OpenType Compact Font Format (CFF) driver
CVE-2011-0663

KB 2514666

No Known Exploits.

Severity:Critical
Exploitability: 2

Critical

Important

MS11-032

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution ( Replaces MS11-007 )

OpenType Compact Font Format (CFF) driver
CVE-2011-0034

KB 2507618

No Known Exploits.

Severity:Critical
Exploitability: 3

Critical

Important

MS11-033

Vulnerability in WordPad Text Converters Could Allow Remote Code Execution ( Replaces MS10-067 )

Microsoft Wordpad
CVE-2011-0028

KB 2485663

No Known Exploits.

Severity:Important
Exploitability: 1

Important

Important

MS11-034

Elevation of Privilege Vulnerabilities in Windows Kernel-Mode Drivers (Replaces MS10-012 )

Kernel Mode Drivers
CVE-2011-0662
CVE-2011-0665
CVE-2011-0666
CVE-2011-0667
CVE-2011-0670
CVE-2011-0671
CVE-2011-0672
CVE-2011-0673
CVE-2011-0674
CVE-2011-0675
CVE-2011-0676
CVE-2011-0677
CVE-2011-1225
CVE-2011-1226
CVE-2011-1227
CVE-2011-1228
CVE-2011-1229
CVE-2011-1230
CVE-2011-1231
CVE-2011-1232
CVE-2011-1233
CVE-2011-1234
CVE-2011-1235
CVE-2011-1236
CVE-2011-1237
CVE-2011-1238
CVE-2011-1239
CVE-2011-1240
CVE-2011-1241
CVE-2011-1242

KB 2506223

No Known Exploits.

Severity:Important
Exploitability: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 ,1 , 1 , 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 3, 1, 1, 1, 1

Important

Important


[ Solution/Workaround ]

Updates are available. Agencies are advised to install all applicable updates as soon as possible.


[ Reference]

< Prev   Next >