Many Windows users dislike the nagging prompt, especially if they are currently running tasks that would be interrupted by a reboot. This includes video rendering, an important download or upload, or a document that needs to be finished in the next hour or so.

While you could select 4 hours from the menu to see the reboot prompt after 4 hours, you may still like to disable the display of the update prompt for a longer period of time. This can be useful if you are currently in a day long presentation that requires the computer.

There are two options to deal with the issue. You could first stop the Windows Update service for the current session. This basically blocks the prompt and any attempt to install new updates until the computer is rebooted.

The following steps are needed for this:

• Open up an elevated command prompt window. You can do that by clicking on the Start button of the operating system, entering cmd in the search form and using the shortcut Ctrl-Shift-Enter to open it with administrative privileges. A user account control prompt may be displayed.
• Run the command net stop “windows update” to stop the Windows Update service for the current session.

You can restart the service with the command net start “windows update”. The service will also be started normally on the next start of the system.

The second option lets you disable the auto reboot option when users are logged on. This requires some Registry hacking and is only suggested for advanced users. You may also want to backup the Registry first before you make those changes.

• Use Windows-r to bring up the run box. Enter regedit and hit enter to open the Windows Registry Editor.
• Navigate to the following Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
• Locate the ForcedReboot key there and change its value from whatever it is set to to 0.

Please note that this works only under Vista, Windows 7 and newer operating systems.

The third and final option is the Local Group Policy Editor which is only available in some versions of the Windows operating system. Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update and locate the following two parameters:

• No auto-restart for scheduled Automatic Updates installations
• Re-prompt for restart with scheduled installations

Enable the first parameter to block automatic restarts after update installations, and set the second to a high enough period to receive the reboot prompt less often.

It is interesting to note that the severity rating of the first bulletin is critical on Windows XP and Vista, while only important on Windows 7 and Windows Server 2008 R2. When you look at all bulletins you will notice that Windows XP is affected by all, Vista by five and Windows 7 by four of the vulnerabilities addressed in the bulletins.

The Security Bulletins have just been posted on Microsoft’s Technet website. Here is this month’s summary with links to each security bulletin.

• MS12-004 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-001 – Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
• MS12-002 – Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-003 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) – This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. All supported editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.

• MS12-005 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-006 – Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) – This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
• MS12-007 – Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) – This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.

The updates are already available on Windows Update. The easiest way to open the updating tool is to click on the start menu orb and select Windows Update from the program listing there.

Windows users who do not want to or can’t use Windows Updates can download the updates from Microsoft’s Download Center beginning later today. Microsoft as usual will release an ISO image with all security updates of the month for easier distribution.

Update: The severity and exploitability index and bulletin deployment information have been posted.

The next security updates will be released on February 14, 2012.

The updates are already available on Windows Update and via the Microsoft Download Center for users who prefer to download them separately. A DVD Iso image has also been released with December’s security updates.

Microsoft recommends to focus the attention on the MS11-092 – Windows Media and MS11-087 – Windows critical updates before installing the remaining patches. The bulletin deployment priority table, and severity and exploitability index provide further assistance.

Here is a list of all bulletins released in December 2011 by Microsoft.

• MS11-087 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
• MS11-090 – Cumulative Security Update of ActiveX Kill Bits (2618451) – This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
• MS11-092 – Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) – This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
• MS11-088 – Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) – This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
• MS11-089 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) – This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-091 – Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) – This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-093 – Vulnerability in OLE Could Allow Remote Code Execution (2624667) – This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS11-094 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-095 – Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
• MS11-096 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) – This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
• MS11-097 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-098 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS11-099 – Cumulative Security Update for Internet Explorer (2618444) – This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.

The next upcoming scheduled security update will be on the 10th of January 2012.

Windows Update can be configured, but that tackles only how and when updates are downloaded and installed, and not the shutdown requirement.

Microsoft in a recent blog post over at the Building Windows 8 blog, described how Windows users are currently updating their system, and how the company intents to change that behavior with the release of Windows 8.

If you look at the current way of updating, you will notice that the majority of Windows 7 users are making use of automatic updates. Only minorities make use of notifications or never check for updates (that’s less than 10% total).

Automatically install updates – 89.30%
Notify me before install – 2.38%
Notify me before download – 3.44%
Never check for updates – 4.88%

When you look at the time it takes to download and install updates, you will notice that 90% of all Windows 7 users install updates in a week’s time after release. Install here means download, install and reboot the computer to complete the update.

The breakout by type of install reveals additional information. 39% of all users of Windows 7 install the update at shutdown of the system, 30% at a scheduled time and 31% interactively.

Install-at-shutdown – The majority of automatic update users (39%) are updating when they shut down their systems. For these users, there is no automatic restart because the system can complete all steps of the installation during shutdown. This is the least disruptive experience for users, and so we do want to “hitch a ride” whenever we can on user-initiated shutdowns instead of inconveniencing users with a separate restart.

Install-at-scheduled-time – For the 30% who are scheduling automatic updates, their installations start at a scheduled time (the default is 3 AM in the time-zone where the PC is located) or the next time the user logs in (if we miss the 3 AM window). WU automatically completes any restarts necessary to finish the installation. To ensure that you get the chance to save any important files and data before the restart, we show you a 15-minute countdown timer before the restart.

Allowing restarts to occur without user interaction has helped us to rapidly update a major portion of the Windows ecosystem with critical updates. On average, within a week of releasing a critical update, 90% of PCs have installed the update (see Figure1). On the other hand, this behavior of automatic restarts has some unintended consequences for the user. Restarts can occur without notice, and might occur monthly or even more often if there is an out-of-band update. This unpredictability can potentially result in loss of user data. Most of our automatic installs and the subsequent restarts happen at 3 AM, when users are not around to save any important work. We have heard a lot of painful stories of users coming back to their PCs in the morning to find that a restart occurred, and that some important data was lost. In other cases, the user doesn’t lose data, but needs to restart a job that they were in the middle of (for example, a long copy job).
Interactive install – We were surprised to see 31% of users interactively installing updates; of these 31%, approximately 20% have selected to automatically install, but they manually intervene anyway. WU provides a pop-up notification telling you when updates are available if you have selected to automatically install. The notifications are clearly capturing people’s attention, so they click on the notification and interactively install the updates. But this is actually reinforcing an unintended behavior. If you signed up to get automatic updates, you really shouldn’t need to bother interactively installing an update every time one is available. Most installs should occur silently in the background, and WU should notify you only for critical actions (for example, a pending restart). This also matches feedback from customers, who tell us they find the constant notifications to be distracting. Their expectation when they choose automatic updating is that updating will occur automatically. This seems to be a case where making sure people are in control of their PC experience actually resulted in too much information, and ultimately the price of being in control was a feeling of a loss of control.

For Windows 8, Microsoft came up with guiding principles to design the update experience. They were:

• The automatic updating experience is not intrusive to users but keeps them aware of critical actions
• Minimize restarts and make them more predictable
• Continue to keep the PC and the ecosystem up-to-date and secure in a timely manner

The update process will change in the following ways on Windows 8:

Windows Update will consolidate all non-security updates and synchronize them with the monthly security updates. It is usually not a problem to skip the direct installation of optional updates. It is now not necessary to install the update right away (but still possible if the computer is restarted). The only exception to the once per month rule is the release of critical security updates that require immediate installation.

Windows Update will furthermore inform the user on the login screen that updates have been installed that require a restart.

The PC will be automatically restarted by Windows Update after this three day grace period. The program has been designed to wait until the lock screen is displayed after that period before the computer is restarted. This has been implemented to avoid data loss on the PC. In the case of critical applications running in the background while the computer is locked, the user will be asked to close all work on the next login as Windows Update will restart the PC within 15 minutes.

Windows Update can also detect specific system states like full screen movies, games or presentation modes. The program then waits until the state changes before the restart notifications are displayed to the user.

The core benefit of Windows 8′s update mechanism is that users won’t have to shutdown their system as often as they used to. Microsoft also made it clear that the company won’t include third party software updates in Windows Update.

You find information about each security bulletin below. Please follow the links for information about affected operating systems and Microsoft applications. You find a summary of all security bulletins here.

Here are the Bulletin Deployment Priority and Severity and Exploitability Index screenshots for October 2011:

And a video in which Jerry Bryant discusses this month’s bulletins:

Windows users can update their operating system by installing the security patches via Windows Update or Microsoft's Download Center with Windows Update being the better option if the patches do not have to be installed on multiple computer systems.

Updates are already live and available via Windows Update. Additional information are available at Microsoft's Security Response Center.

More often than not, these update issues are due to ActiveX traffic coming through your router. Indeed, it is that simple. There is an easy way to fix this so that you will not have to deal with the various error messages anymore and your computer will get the necessary (and important) updates that it needs. Windows Update is no joke. This has to happen. These updates are important for security and functionality. This tutorial will guide you through a quick method to allow ActiveX traffic. Please note that the admin interface of your router may or may not offer this option. It can also be that the feature is listed under a different name.

Internet Explorer 8 in particular requires ActiveX components to function properly. Disabling IE8 will not solve the problem nor will updating to IE9. You can specify firewall settings for software and hardware to allow appropriate ActiveX filtering, but this is more advanced. Here, we will be using the open source router firmware DD-WRT. This is a user-friendly firewall solution that takes the technical aspects out of more mundane functions.

Navigate to your router’s IP address in any web browser. You may not know your router IP address and you can open a command prompt to find it. Press Win+R and type “cmd” or open command prompt from the Start Menu.

In the command prompt window, type “ipconfig” and press enter. The IP address will be listed under “Default Gateway”. This should be your router’s IP address. Now just enter this IP address (yours, not the one above) in the URL bar of the chosen web browser.

Click the Security tab and find the checkbox labeled “Filter ActiveX”. Uncheck the box and this will clear the filtering and allow ActiveX traffic through.

After doing this, a new window will present. In this window, click the button labeled “Apply Settings”. This should do the trick. Close your web browser and attempt Windows Update again.

If you see an image like the screenshot above, then you have succeeded in clearing the impediment to Windows Update. Every router is different and will handle this change in a different manner. This is by no means a blanket solution, but it is one that works in most cases.

Another simple fix for Windows Update errors is to disable automatic updates and update the recommended updates manually. If they all update successfully, you can turn on automatic updates again and it should continue to work. If, on the other hand, this does not work, identify the update(s) that did not install and contact Microsoft Help regarding the issue. Generally they will help you fix it for free and Windows Update will work normally once again.

Vulnerabilities affect Adobe Reader X and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier for Unix, and Adobe Acrobat 10.1 and earlier for Windows and Macintosh.

Adobe as usually recommends to update Adobe Reader to the new version released today. This is Adobe Reader 10.1.1 for Windows and Macintosh, and Adobe Raeder 9.4.5 for Unix, as well as Adobe Acrobat 10.1.1 for Windows and Macintosh.

The security bulletin offers vulnerability details and download links for all Adobe Reader and Acrobat updates.

Microsoft today has released five security bulletins that affect Microsoft Windows, Microsoft Server Software and Microsoft Office. The maximum severity of all five bulletins is Important, the second highest rating available.

Windows Update is already picking up the updates online. Windows users can check for updates in their operating system to download and install the patches right now.

You find summaries for all five bulletins below. Follow the link for detailed descriptions of each security bulletin.

• MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621) – This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) – This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.
• MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

You find deployment priority information and the severity index at the Technet blog.

All in all, the bulletins address 22 vulnerabilities in Microsoft products. The two critical updates address issues in Internet Explorer and DNS Server.

Microsoft has released deployment priorities and the severity and exploitability index. (click on the images for full size)

• MS11-057 – Cumulative Security Update for Internet Explorer (2559049) – This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) – This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.

The bulletins that fix important issues.

• MS11-059 – Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-060 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-061 – Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) – This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.
• MS11-062 – Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) –
  This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

• MS11-063 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) –
  This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-064 – Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.
• MS11-065 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) – This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
• MS11-066 – Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) – This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.
• MS11-067 – Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) – This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

And finally the moderate bulletins.

• MS11-068 – Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
• MS11-069 – Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

The updates are as usually available via Windows Update and Microsoft’s Download Center (even though I would not recommend using this at this time as it is a mess).

Microsoft has acknowledged the issue under windows 7 or Windows Server 2008 R2. The company notes in the official Microsoft Support listing that “core fonts in Internet Explorer 9″ may appear “blurred compared with the same text and fonts in Windows Internet Explorer 8″.

The fonts showing those behaviors are Arial, Verdana and Tahoma all on regular font styles and font sizes of 8,9 and 10 points.

This issue is caused by different font rendering techniques:

By default, Internet Explorer 9 uses sub-pixel positioned ClearType to render text by using DirectWrite, whereas Internet Explorer 8 uses whole-pixel positioned ClearType to render text by using the Microsoft Windows graphics device interface (GDI).

Microsoft has released updates for all versions of Windows that Internet Explorer 9 is compatible with. This includes the client operating systems Windows Vista and Windows 7, as well as the server operating systems Windows Server 2008 and Windows Server 2008 R2.

• Windows 7 x86
• Windows 7 x64
• Windows Vista x86
• Windows Vista x64
• Windows Server 2008 x86
• Windows Server 2008 x64
• Windows Server 2008 IA-64
• Windows Server 2008 R2 x64
• Windows Server 2008 R2 IA-64

All update downloads require a validation before they become available.

The Windows PC needs to be restarted after the update installation.

The Knowledge Base article lists additional information about the update and the changes that it makes to the system. Microsoft mentions Internet Explorer 9 explicitly in the article, other programs however may benefit from the updated fonts as well. (via)

Please let everyone know if you noticed a change for the better or worse after installing the update on your system.

Two of the three remaining vulnerabilities address issues in the Windows operating system as well. Security bulletin MS11-054 describes a vulnerability in Windows Kernel-Mode drivers that could allow elevation of privileges, while bulletin MS11-056 a vulnerability in the Windows Client and Server run-time subsystem.

All supported Microsoft client and server operating systems are affected by the two security vulnerabilities. The last issue is a vulnerability in Microsoft Visio.

Here is an overview of all four security bulletins with links to their pages at the Microsoft Technet website.

• MS11-053 – Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
• MS11-054 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
• MS11-056 – Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
• MS11-055 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)

The patches are as usual already available via Windows Update, Microsoft Update and via the Microsoft Download Center. The monthly exploit mitigation guide at the Technet Security blog provides additional information about the vulnerabilities and deployment strategies.

Probably the easiest way to deploy the security updates to a single system is via Windows Update.

Just click on Start > All Programs > Windows Update to open the update screen. You may need to click on Check for updates on the left sidebar if your computer has been up for some time and the updates are not displayed directly in the main window.

Have you updated your system yet? Am I the only user who feels that Microsoft’s Download Center is not usable at all at the moment?

Highest possible means that at least one operating system or application has received that rating. It happens that all programs receive the same rating, but it is often not the case.

When you look at affected software programs you will notice that the majority of bulletins resolve issues under Microsoft Windows. Other Microsoft software affected includes Microsoft Internet Explorer, Microsoft Office or the Microsoft .Net Framework.

Detailed bulletin information have not been released at this point. Windows users can however check for updates to download and install the security patches right away. This is done via Start Menu > All Programs > Windows Update.

I will update this guide as soon as more information become available.

Update: The June security bulletins have been posted.

• MS11-038 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
• MS11-039 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
• MS11-040 – Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
• MS11-041 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
• MS11-042 – Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
• MS11-043 – Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
• MS11-044 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
• MS11-050 – Cumulative Security Update for Internet Explorer (2530548)
• MS11-052 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
• MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893)
• MS11-045 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
• MS11-046 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
• MS11-047 – Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
• MS11-048 – Vulnerability in SMB Server Could Allow Denial of Service (2536275)
• MS11-049 – Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
• MS11-051 – Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

You get an overview of all patches on the security bulletin summary page over at Microsoft. It lists for instance the individual severity level of all affected operating systems and applications. Patches do not seem to have been posted yet on Microsoft Download Center.

When you look at the number of critical vulnerabilities of each individual operating system you will notice that Windows Vista leads the pack with nine critical security vulnerabilities followed by Windows 7 with eight and Windows XP with seven.

The security patches protect the system against remote code execution, information disclosure and elevation of privileges.

You find information about each individual security bulletin, their severity rating and impact over at the Microsoft Security Bulletin Summary for April 2011.

Another interesting read is the risk assessment of April’s security updates. Microsoft is aware that some issues are already exploited, while others are likely to be exploited in the coming 30 days.

Windows Updates are as usually available on various channels. Most Windows users are probably using automatic updates to install the new patches. Those who do not can check manually for updates or visit the Microsoft Download Center to download the patches individually. Another option is to download the April Security Release ISO which contains all Windows patches released in April.

Microsoft is currently pushing out a Windows Update that addresses the situation on Windows. Lets take a closer look at what actually happened before we go into details about that.

Comodo, a certification authority, notified Microsoft and other companies on March 16 that “nine certificates had been signed on behalf of a third party without sufficiently validating its identity”.

The following domains are affected by the certificates:

• login.live.com
• mail.google.com
• www.google.com
• login.yahoo.com
• login.skype.com
• addons.mozilla.org
• Global Trustee

These domains are some of the most visited domains on the Internet.

Microsoft notes that “these certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer”.

Comodo has revoked the certificates in the meantime. Microsoft has released a security update for all versions of Windows that moves the fraudulent certificates into the untrusted certificate store of Microsoft Windows.

The update is provided via Windows Update and Microsoft Download. Users with automatic updating enabled will receive the update automatically, a restart of the system is not required after the update has been installed.

• Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing at Microsoft Download [link] for direct downloading.
• Security Advisory [link]

Here is how you can verify that the certificates are blocked after you have installed the update. Open an elevated command prompt. Windows 7 users click on Start, select All Programs > Accessories, right-click the Command Prompt program link and select Run as Administrator.

Enter mmc in the command prompt window to launch the Microsoft Management Console. Now follow these steps:

• Press Ctrl-m or select File > Add / Remove Snap In
• Find Certificates in the listing, select it with a left-click and click on Add.

• Select Computer Account on the next window and press Finish
• Click the ok button to leave the Add or Remove Snap-ins configuration window.
• Expand the certificates listing under Console Root and then the Untrusted Certificates sub-listing. Click on the Certificates folder there.

You should now see the affected domain names in the listing. Issued by should read UTN-USERFirst-Hardware.

The first thing that you may want to try is running the Windows Troubleshooter to resolve any problems that prevent Windows Update from working properly.

Windows 7 users find the troubleshooter when they click on the Start orb, select Control Panel > Troubleshooting and there the Fix problems with Windows Update link.

The Windows Update troubleshooter “resolves problems that prevent you from updating Windows”, which basically means that it tries to repair Windows Update if it is broken or not working properly.

A click on Next starts a scan that should take less than 30 seconds to complete. Problems and issues that have been found are automatically repaired by the troubleshooting process. The troubleshooting tool displays problems that have been found during the scan and if it was able to resolve the problems.

It is then suggested to try the Windows 7 Update again via Windows Update to see if the troubleshooter corrected the updating issue. If the update fails again it is time for the second option, the System Update Readiness Tool for Windows.

• System Update Readiness Tool for Windows 7 (KB947821) [download]
• System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [download]

Make sure you download the tool that is compatible with your operating system. This means that you need to select the 32-bit or 64-bit edition based on your operating system and the correct language the tool is offered in.

This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software.

The software has a size of roughly 100 Megabytes for 32-bit systems and 300 Megabytes for 64-bit systems.

What does it do?

After you download the System Update Readiness Tool, it runs a onetime scan for inconsistencies that might prevent future servicing operations. This scan typically takes less than 15 minutes to run. However, the tool might take significantly longer on some computers. The Windows Update progress bar is not updated during the scan, and progress seems to stop at 60% complete for some time. This behavior is expected. The scan is still running and you should not cancel the update.

The tool verifies the integrity of several Windows Registry keys

Files that are located under the following directories:

• %SYSTEMROOT%\Servicing\Packages
• %SYSTEMROOT%\WinSxS\Manifests

Registry data that is located under the following registry subkeys:

• HKEY_LOCAL_MACHINE\Components
• HKEY_LOCAL_MACHINE\Schema
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing

Which errors can it repair and fix?

• 0×80070002 ERROR_FILE_NOT_FOUND The system cannot find the file specified.
• 0x8007000D ERROR_INVALID_DATA The data is invalid.
• 0x800F081F CBS_E_SOURCE_MISSING The source for the package or file not found.
• 0×80073712 ERROR_SXS_COMPONENT_STORE_CORRUPT The component store is in an inconsistent state.
• 0x800736CC ERROR_SXS_FILE_HASH_MISMATCH A component’s file does not match the verification information present in the component manifest.
• 0x800705B9 ERROR_XML_PARSE_ERROR Unable to parse the requested XML data.
• 0×80070246 ERROR_ILLEGAL_CHARACTER An invalid character was encountered.
• 0x8007370D ERROR_SXS_IDENTITY_PARSE_ERROR An identity string is malformed.
• 0x8007370B ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME The name of an attribute in an identity is not within the valid range.
• 0x8007370A ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE The value of an attribute in an identity is not within the valid range.
• 0×80070057 ERROR_INVALID_PARAMETER The parameter is incorrect.
• 0x800B0100 TRUST_E_NOSIGNATURE No signature was present in the subject.
• 0×80092003 CRYPT_E_FILE_ERROR An error occurred while Windows Update reads or writes to a file.
• 0x800B0101 CERT_E_EXPIRED A required certificate is not within its validity period when verifying against the current system clock or the time stamp in the signed file.
• 0x8007371B ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE One or more required members of the transaction are not present.
• 0×80070490 ERROR_NOT_FOUND Windows could not search for new updates.

Try to install the Windows 7 Service Pack or another Windows Update again after the System Readiness tool has finished its scan.

Did you have troubles installing the service pack for Windows 7? (via)

But there are also unofficial ways to download and install Windows Updates. WSUS Offline Update can for instance offers to download all Microsoft updates for Windows operating systems or Microsoft Office.

The software program has been updated in the past days to include the most recent Windows and Office updates, specifically the Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack.

Here is how it works. You need to unpack the portable application to a local directory before you can start the UpdateGenerator.exe file. This opens the interface that you see on the screenshot above.

Operating systems are sorted by version and language. It is possible to select multiple updates at once, for instance for Windows 7 and Office 2010, or different languages.

Several options are displayed at the bottom of the screen. It is for instance possible to create ISO images that can be burned to disc, include service packs, the .NET Framework, Microsoft Security Essentials and Windows Defender definitions in the update or copy updates directly to an USB stick.

The updates are downloaded via a command prompt. This may take a while depending on the updates that have been selected.

The command prompt closes after the downloads have been completed. They can then be installed directly on the local system by starting UpdateInstaller.exe from the client directory.

The available choices depend largely on the system and range from installing Internet Explorer (up to IE9 RC), the .NET Framework 4.0 to Powershell and Microsoft Security Essentials.

A click on Start begins the system update. Windows does not need an Internet connection for this since all updates have been downloaded previously to the computer system.

What are the benefits of using WSUS Offline Update? The program can save bandwidth if multiple computer systems need to be updated. Integration of all available updates for a specific version of Windows and Office make it an ideal product for offline updates, especially for computers who have no Internet connection, or unpatched computers where the user wants to update the system first before going online.

WSUS Offline Update can be downloaded from the official website.

The service pack will be released on February 22 to the public. Microsoft will make it available via Windows Update and the Microsoft Download Center. Microsoft employee Brandon LeBlanc recommends that single PC or home PC users should be “Windows Update instead of downloading the standalone installer (or Network Installation Package) from the Microsoft Download Center” because of the better “installation experience”. Check the disk space requirements chapter to find out why it is indeed better to use Windows Update to install the service pack.

Users who work with multiple computers may consider downloading the service pack update from Microsoft Download for distribution purposes.

Things that you should do before installing the operating system update:

• Scan the computer for malware and viruses. Make sure your antivirus software is up to date before doing so.
• Update device drivers if available to make sure the devices are compatible with the service pack
• Backup your important data and files prior to updating to service pack 1.
• Connect a mobile computer, laptop, netbook or notebook to a power outlet before you start the installation of the service pack.
• Make sure you have enough free disk space available for the service pack (see requirements for additional information).
• Microsoft recommends to disable antivirus software during installation as it can interfere with the installation.
• Possible file corruptions can be checked with the sfc /scannow command on an elevated command prompt. Users need to have the Windows installation files or DVD at hand in case corrupted files need to be replaced.

Windows 7 Service Pack 1 System Requirements

If Windows 7 is running on the computer then it is very likely that the service pack 1 will install and run on it as well without problems. The only issue that could arise is that you are running out of disk space.

Service Pack 1 has disk space requirements that differ highly depending on the installation method.

Windows users who update the operating system via Windows Update need an additional 750 Megabytes for 32-bit systems and 1050 Megabytes for 64-bit systems. A stand alone installation, for instance by downloading the service pack via Microsoft’s Download Center, requires 4.1 Gigabytes of date for 32-bit systems and a whooping 7.4 Gigabytes for a 64-bit system.

Language Packs

The best sequence is to install the service pack first, and then the available language pack updates.

How To Block the Installation of Windows 7 SP1

Microsoft has released the Windows 7 Service Pack 1 Blocker Tool which can be used for that purpose. The toolkit blocks the deployment for a period of 12 months after release of the service pack.

Documentation, Release Notes

Check out our sister site Windows 7 News who have links to all documents that Microsoft has released so far: Microsoft Releases Windows 7 SP1 Documentation

Automatic Update notifies the user via the system tray when the update is available. A click on the notification, or a manual check via Windows Updates, launches the Internet Explorer 9 Release Candidate installation.

The update spawns a Windows Internet Explorer 9 installation window with options to install, don’t install or ask later. Install will update the beta of Internet Explorer 9 to the release candidate build. Don’t install changes the update’s rating from important to optional. It still can be installed at a later time but Windows will not prompt for it automatically anymore. Ask later will offer the update again during the next update scan.

Windows users do not have to update the beta to release candidate if they do not want to. They still have to click on the do not install link to prevent the automatic update though. It is however recommended to update to the release candidate as it provides improvements and fixes.

Microsoft already mentioned that a similar update procedure will be in place to update development releases and previous versions of Internet Explorer to the final version of the web browser. System administrators, organizations, businesses and home users can use the IE9 Blocker Toolkit to prevent the automatic distribution of Internet Explorer 9.

A list of Internet Explorer 9 RC changes has been posted as well.

This can be problematic in computer networks, organizations and businesses that do not want to update to Internet Explorer 9 right away.

The Internet Explorer 9 blocker Toolkit has been created to change the update class of IE9 from important to optional. This ensures that the web browser will not be installed automatically when it is made available by Microsoft.

To help our customers become more secure and up-to-date, Microsoft will distribute Windows Internet Explorer 9 as an important update through Automatic Updates for Windows Vista SP2 for x64 and x86, Windows Server 2008 SP2 for x64 and x86, Windows 7 x86 RTM and higher and Windows Server 2008 R2 RTM and higher for x64. This Blocker Toolkit is intended for organizations that would like to block automatic delivery of Internet Explorer 9 to machines in environments where Automatic Updates is enabled. The Blocker Toolkit will not expire.

It has to be noted that the Blocker Toolkit prevents only the automatic delivery of Internet Explorer 9 via Windows Update. It does not prevent users from installing the new version on the computer system, for instance by download it from Microsoft’s Download Center or selecting the optional update for installation in Windows Updates. Administrators need to make sure that those options are blocked to prevent the installation of the new browser version.

The Blocker Toolkit is not needed in environments where update management solutions are installed. This includes Windows Server Update Services or System Management Server 2003. These products can be used to fully manage the deployment of the update.

The IE9 Blocker Toolkit can be downloaded from Microsoft’s Download Center. (Thanks Paulus for the tip)

The update for Windows Autorun has been available for some time. To be precise, it was first released on February 24 by Microsoft and originally made available from the Microsoft Download Center.

Yesterday changed that by offering the update via automatic updating through Windows Update. Affected are all Microsoft operating systems pre-Windows 7, including Windows XP, Windows Vista and the server operating systems Windows Server 2003 and 2008. Windows 7 is not affected as it already has the restrictions in place.

The update restricts AutoPlay functionality to “CD and DVD media”. This protects customers “from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file”.

It basically blocks AutoPlay on all devices and media except CD and DVD media even if they contain an autorun.inf file.

Customers may experience several issues after applying the update, including:

• Many existing devices in market, and many upcoming devices, use the Autorun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted. The AutoPlay behavior with CD and DVD media is not affected by this update.
• Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software. To do this, users click Open folder to view the files, browse to the software’s setup program, and then double-click the setup program to run the program manually.
• Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. The AutoPlay behavior with these USB flash drives is not affected by this update.

The update is only offered if it has not already been installed on the system. Additional information about the update are available at Microsoft’s Security Advisory and the blog post Deeper insight into the Security Advisory 967940 update by Adam Shostack.

Windows users can check for the updates by opening Windows Update which is linked from the Windows start menu. There it is possible to check for new updates which needs to be done if the PC has been running for some time today.

The security bulletin summary for February 2011 offers in depth information about the updates and the affected applications.

All individual security bulletins are listed and linked below as well.

• MS11-003 – Cumulative Security Update for Internet Explorer (2482017) – This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) – This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) – This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-004 – Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) – This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
• MS11-005 – Vulnerability in Active Directory Could Allow Denial of Service (2478953) – This security update resolves a publicly disclosed vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. The attacker must have valid local administrator privileges on the domain-joined computer in order to exploit this vulnerability.
• MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-009 – Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) – This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-010 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) – This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and starts a specially crafted application that continues running after the attacker logs off in order to obtain the logon credentials of subsequent users. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS11-011 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-012 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) – This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-013 – Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) – This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
• MS11-014 – Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) – This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003.

  The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

The updates can also be downloaded directly and individually from the Microsoft Download Center. Check out our detailed Windows Update guide for additional information and tips.