Various versions of the following Microsoft products are affected:
- Microsoft .NET Framework
- Microsoft C++ 2005, 2008, 2010
- Microsoft Internet Explorer 6, 7, 8
- Microsoft Office XP, 2003, 2007, 2010
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
- Microsoft Office Excel Viewer, PowerPoint Viewer and Web Apps
- Microsoft Office 2004, 2008, 2011 for Mac
- Open XML File Format Converter for Mac
- Microsoft Visual Studio .NET 2003, 2005, 2008, 2010
- Microsoft Windows XP, Vista, 7
- Microsoft Windows Server 2003, 2008
- http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
Microsoft has released 17 security bulletins listed below addressing 64 vulnerabilities which affect several Microsoft products or components:
- MS11-018 Cumulative Security Update for Internet Explorer
- MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution
- MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution
- MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
- MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
- MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution
- MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution
- MS11-026 Vulnerability in MHTML Could Allow Information Disclosure
- MS11-027 Cumulative Security Update of ActiveX Kill Bits
- MS11-028 Vulnerability in .NET Framework Could Allow Remote Code Execution
- MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution
- MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution
- MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
- MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
- MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
- MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Moreover, there are also vulnerabilities in the MHTML protocol handler, Microsoft Foundation Class (MFC) libraries, Microsoft .NET framework, JScript and VBScript scripting engines, and kernel-mode drivers in various Windows applications.
We would like to update you that patches for the security bulletin MS11-026 fixed the vulnerability described in the security alert A11-01-05 for MHTML protocol handler in Microsoft Windows. For details of the alert, please visit our IT Security Theme page at:
Impact: Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege or remote arbitrary code execution. Recommendation: Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. Microsoft Update
DITSOs (or your delegates) are also requested to inform the relevant system administrators and end users as appropriate about this issue. More Information: More information about this issue is available at:
|