Microsoft Patch Monday - SANS Internet Storm Center

Handler on Duty: Guy Bruneau

Threat Level: green

Microsoft Patch Monday 2011-04-11

MS11-018
Title	Cumulative Security Update for Internet Explorer (
Replaces	MS11-003
Affected	Internet Explorer 6-8
KB	KB2497640
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0094	1
2011-0346	1
2011-1244	0
2011-1245	3
2011-1345	1

Top of page

MS11-019
Title	Vulnerabilities in SMB Client Could Allow Remote Code Execution (
Replaces	MS10-020
Affected	Windows
KB	KB2511455
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0654	2
2011-0660	1

Top of page

MS11-020
Title	Vulnerability in SMB Server Could Allow Remote Code Execution (
Replaces	MS10-012, MS10-054
Affected	Windows
KB	KB2508429
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0661	1

Top of page

MS11-021
Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (
Replaces	MS10-080, MS10-087
Affected	Office XP SP3-2010, Office 2004-2011 for Mac, Open XML File Format Converter, Excel Viewer SP2, Office Compatibility Pack for 2007 file formats
KB	KB2489279
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-0097	1
2011-0098	1
2011-0101	1
2011-0103	2
2011-0104	2
2011-0105	2
2011-0978	1
2011-0979	1
2011-0980	1

Top of page

MS11-022
Title	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (
Replaces	MS90-17, MS10-036, MS10-087, MS10-088
Affected	PowerPoint
KB	KB2489283
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-0655	2
2011-0656	2
2011-0976	1

Top of page

MS11-023
Title	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (
Replaces	MS10-087
Affected	Office XP - 2007, Office 2004 - 2008 for Mac, Open XML File Format Converter
KB	KB2489293
Known Exploits	Yes
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-0107	1
2011-0977	2

Top of page

MS11-024
Title	Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution
Replaces
Affected	Fax Services, Fax Server Role
KB	KB2527308
Known Exploits	Yes
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2010-3974	3

Top of page

MS11-025
Title	Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution
Replaces
Affected	Visual Studio .NET 2003 - 2010, Visual C++ 2005 - 2010 Redistributable Package
KB	KB2500212
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2010-3190	1

Top of page

MS11-026
Title	Vulnerability in MHTML Could Allow Information Disclosure
Replaces
Affected	MHTML
KB	KB2503658
Known Exploits	Yes
Microsoft Rating	Important
ISC Client Rating	Patch now
ISC Server Rating	Patch now

CVE	Exploitability
2011-0096	3

Top of page

MS11-027
Title	Cumulative Security Update of ActiveX Kill Bits (
Replaces	MS10-034
Affected	Windows XP- 7, Server 2003-2008
KB	KB2508272
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2010-0811	0
2011-1243	0
2010-3973	0

Top of page

MS11-028
Title	Vulnerability in .NET Framework Could Allow Remote Code Execution (
Replaces	MS90-61, MS10-060, MS10-077
Affected	.NET framework (all supported version)
KB	KB2484015
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2010-3958	1

Top of page

MS11-029
Title	Vulnerability in GDI+ Could Allow Remote Code Execution (
Replaces	MS90-62, MS10-087
Affected	Windows XP-Vista, Windows Server 2003-2008, Office XP
KB	KB2489979
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0041	1

Top of page

MS11-030
Title	Vulnerability in DNS Resolution Could Allow Remote Code Execution (
Replaces	MS80-20, MS80-37, MS80-66
Affected	Windows XP - 7, Windows Server 2008
KB	KB2509553
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0657	2

Top of page

MS11-031
Title	Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (
Replaces	MS90-45, MS10-022, MS11-009
Affected	OpenType Compact Font Format (CFF) driver
KB	KB2514666
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0663	2

Top of page

MS11-032
Title	Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (
Replaces	MS11-007
Affected	OpenType Compact Font Format (CFF) driver
KB	KB2507618
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-0034	3

Top of page

MS11-033
Title	Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (
Replaces	MS10-067
Affected	Microsoft Wordpad
KB	KB2485663
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-0028	1

Top of page

MS11-034
Title	Elevation of Privilege Vulnerabilities in Windows Kernel-Mode Drivers
Replaces	MS10-012
Affected	Kernel Mode Drivers
KB	KB2506223
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-0662	1
2011-0665	1
2011-0666	1
2011-0667	1
2011-0670	1
2011-0671	1
2011-0672	1
2011-0673	1
2011-0674	1
2011-0675	1
2011-0676	1
2011-0677	1
2011-1225	1
2011-1226	1
2011-1227	1
2011-1228	1
2011-1229	1
2011-1230	1
2011-1231	1
2011-1232	1
2011-1233	1
2011-1234	2
2011-1235	1
2011-1236	1
2011-1237	1
2011-1238	3
2011-1239	1
2011-1240	1
2011-1241	1
2011-1242	1

Top of page

We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.