Microsoft on Patch Tuesday addressed four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:
- MS11-015 resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Windows. It has an Exploitability Index rating of 1. Due to the nature of the affected software, this bulletin carries a Critical-level severity rating for all affected client systems, but only an Important-level rating for Windows Server 2008 R2 for x64. Other versions of Windows Server - 2003, 2008 and 2008 R2 - are unaffected. For both the Critical- and Important-level vulnerabilities, an attacker would have to convince a user to open a maliciously crafted file for an attack to work.
Oher 2 bulletins are somewhat similar in nature, both addressing the DLL-preloading issue described in Security Advisory 2269637, and both carrying an Important-level severity rating and an Exploitability Index rating of 1.
- MS11-016 is a DLL-preloading issue affecting Groove 2007 SP2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is SharePoint Workspace 2010.
- MS11-017 is also a DLL-preloading issue, in this instance in Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client.
Below is a deployment priority guidance to further assist customers in their deployment planning:
Here's risk and impact graph shows an aggregate view of this month's severity and exploitability index:
Microsoft also said they're working on Security Advisory 2501696, which describes an MHTML-related vulnerability in Microsoft Windows. Microsoft is actively monitoring the threat landscape in conjunction with our Microsoft Active Protections Program (MAPP) partners.
In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on MS11-015: