Microsoft's May 2011 Security Bulletin today released, and it address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office.
- "MS11-035 (WINS or Windows Internet Name Server) resolves a privately reported vulnerability in the WINS. The vulnerability could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service. By default, WINS isn't installed on any affected operating system. Only customers who manually install this component are affected by this issue and will be offered the update.
- MS11-036 (PowerPoint) resolves two privately reported vulnerabilities in PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted malicious PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as a logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Also, note that the Office File Validation feature, which's available by default for Office 2010, mitigates risk of the vulnerabilities addressed by MS11-036. Microsoft made OFV available to Office 2003 and Office 2007 customers starting last month, to help protect more customers worldwide," Microsoft explained.
Watch the overview video for the Microsoft May 2011 Security Bulletin release:
[Source: MSRC blog]