May '11 Patch Tuesday Detailed
All we knew until now about the May 2011 Patch Tuesday is that on the 10th of May, Microsoft would roll out only two security bulletins. One of the bulletins carries the “critical” rating, fixes a vulnerability that plagues the Windows operating system, vulnerability that could lead to remote code execution. The second bulletin carries the “important” rating, fixes two vulnerabilities that plague the Office productivity suite, vulnerabilities that could lead to remote code execution as well.
Redmond-based software giant Microsoft has released additional information about the two security bulletins presented above. Here’s the info Microsoft made public:
MS11-035
Title: Vulnerability in WINS Could Allow Remote Code Execution
Rating: Critical
Description: a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
Affected software: Windows.
MS11-036
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
Rating: Important
Description: two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities.
Affected software: Microsoft Office.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the May 2011 Patch Tuesday.
As always, you are very well advised to keep your operating system patched and up to date. You are also well advised to use a properly good antivirus product and keep it up to date as well.
Redmond-based software giant Microsoft has released additional information about the two security bulletins presented above. Here’s the info Microsoft made public:
MS11-035
Title: Vulnerability in WINS Could Allow Remote Code Execution
Rating: Critical
Description: a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
Affected software: Windows.
MS11-036
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
Rating: Important
Description: two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities.
Affected software: Microsoft Office.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the May 2011 Patch Tuesday.
As always, you are very well advised to keep your operating system patched and up to date. You are also well advised to use a properly good antivirus product and keep it up to date as well.
