Webcast: April 2011 Security Bulletin Release Overview

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 17 security updates.9 updates for Microsoft Windows1 update for Microsoft Office1 update for Microsoft Excel1 update for Microsoft PowerPoint1 update for Microsoft Internet Explorer1 update for Microsoft Foundation Class (MFC) Library1 update for ActiveX Controls1 update for .NET Framework1 update for […]

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 17 security updates.

  • 9 updates for Microsoft Windows
  • 1 update for Microsoft Office
  • 1 update for Microsoft Excel
  • 1 update for Microsoft PowerPoint
  • 1 update for Microsoft Internet Explorer
  • 1 update for Microsoft Foundation Class (MFC) Library
  • 1 update for ActiveX Controls
  • 1 update for .NET Framework
  • 1 update for GDI+

Watch the overview of the April 2011 Security Bulletin Release.

  • MS11-018 (Internet Explorer). This security bulletin resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This bulletin is rated Critical for IE 6, IE 7 and IE 8 on Windows clients; and Moderate for IE6, IE7, and IE8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. Microsoft is aware of limited attacks leveraging vulnerabilities addressed by this bulletin, including the vulnerability used at the CanSecWest 2011 Conference, which we tweeted about yesterday.

    We encourage all customers apply this bulletin first of all our April bulletins.

  • MS11-019 (SMB Client). This bulletin resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow remote code executions if an attacker sent a specially crafted SMB response to a client-initiated SMB request. The publicly disclosed vulnerability was posted to full disclosure on February 15. Microsoft investigated the issue and found that remote-code execution was extremely unlikely. As Microsoft has not seen any active attacks, we opted not to disrupt customers with an out-of-band bulletin.
  • MS11-020 (SMB Server). This bulletin resolves an internally discovered vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.

Get the updates here

[Source: MSRC blog]