Microsoft April 2011 Patch Day Overview

Yesterday's monthly patch day was a big one, with 17 bulletins fixing a total of 64 security issues in Microsoft products.

Affected applications include Microsoft Windows, Microsoft Office and Internet Explorer.

If you look closer you notice that nine of the 17 patches have a maximum severity rating of critical, the highest possible rating. This means that at least one Microsoft service or product is affected by it this way with others either affected in the same way, to a lesser degree or not at all.

The remaining patches have a rating of important.

When you look at the number of critical vulnerabilities of each individual operating system you will notice that Windows Vista leads the pack with nine critical security vulnerabilities followed by Windows 7 with eight and Windows XP with seven.

• MS11-018 - Cumulative Security Update for Internet Explorer (2497640 ) - critical - Remote Code Execution
• MS11-019 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455) - critical - Remote Code Execution
• MS11-020 - Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) - critical - Remote Code Execution
• MS11-027 - Cumulative Security Update of ActiveX K ill Bits (2508272) - critical - Remote Code Execution
• MS11-028 - Vulnerability in .NET Framew ork Could Allow Remote Code Execution (2484015) - critical - Remote Code Execution
• MS11-029 - Vulnerability in GDI+ Could Allow Remote Code Execution (2489979) - critical - Remote Code Execution
• MS11-030 - Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) - critical - Remote Code Execution
• MS11-031 - Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666) - critical - Remote Code Execution
• MS11-032 - Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618) - critical - Remote Code Execution
• MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) - important - Remote Code Execution
• MS11-022 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283) - important - Remote Code Execution
• MS11-023 - Vulnerabilities in Microsoft Office Could Allow Remote Code E xecution (2489293) - important - Remote Code Execution
• MS11-024 - Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308) - important - Remote Code Execution
• MS11-025 - Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - important - Remote Code Execution
• MS11-026 - Vulnerability in MHTML Could Allow Information Disclosure (2503658) - important - Information Disclosure
• MS11-033 - Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663) - Important - Remote Code Execution
• MS11-034 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223) - Important - Elevation of Privilege

The security patches protect the system against remote code execution, information disclosure and elevation of privileges.

You find information about each individual security bulletin, their severity rating and impact over at the Microsoft Security Bulletin Summary for April 2011.

Another interesting read is the risk assessment of April's security updates. Microsoft is aware that some issues are already exploited, while others are likely to be exploited in the coming 30 days.

Windows Updates are as usually available on various channels. Most Windows users are probably using automatic updates to install the new patches.

Those who do not can check manually for updates or visit the Microsoft Download Center to download the patches individually. Another option is to download the April Security Release ISO which contains all Windows patches released in April.

Advertisement