Microsoft May 2011 Patch Day Overview
Microsoft released two security bulletins on this month's patch day. Every second Tuesday of a month is so called patch day at Microsoft where a number of security related updates are released. One of the security bulletin addressed security issues in Microsoft Windows, the other in Microsoft Office.
If you look at the maximum severity rating you notice that the Windows vulnerabilities have received a severity rating of critical, the highest possible rating. The Office bulletin on the other hand received a rating of important, the second highest rating.
Microsoft Security Bulletin MS11-035 offers detailed information about the Windows vulnerability. It affects only Windows Server products, from Windows Server 2003 to Windows Server 2008 R2. Not affected are all client operating systems of Microsoft.
If you look at Microsoft Security Bulletin MS11-036 you notice that Office XP, 2003 and 2007 are affected on Windows. Furthermore affected are Microsoft Office 2004 and 2008 for Mac, the Open XML File Format Converter for Mac and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.
Why is not Office 2010 affected by the vulnerability? Because Office File Validation mitigates the risk of the vulnerability.
- MS11-035 - Vulnerability in WINS Could Allow Remote Code Execution (2524426) - This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
- MS11-036 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) - This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270.
Additional information on both vulnerabilities are available at the MSRC Technet Blog.