.
HomeMicrosoft security updates, Adobe Ready
Array

Microsoft security updates, Adobe Ready

It’s the second Tuesday of the month again and this means security patch day at Microsoft and Adobe. Adobe has just released a security bulletin for Adobe Reader and Acrobat that fixes several critical vulnerabilities in versions of the pdf software.

The vulnerabilities affect Adobe Reader X and earlier for Windows and Macintosh, Adobe Reader 9.4.2 and earlier for Unix, and Adobe Acrobat 10.1 and earlier for Windows and Macintosh.

Adobe, as it usually recommends, update Adobe Reader to the new version released today. This is Adobe Reader 10.1.1 for Windows and Macintosh, and Adobe Raeder 9.4.5 for Unix, as well as Adobe Acrobat 10.1.1 for Windows and Macintosh.

The security bulletin offers vulnerability details and download links for all Adobe Reader and Acrobat updates.

Microsoft today released five security bulletins that affect Microsoft Windows, Microsoft Server Software, and Microsoft Office. The top severity of the five bulletins is important, the second highest rating available.

windows updates

Windows Update is already picking up updates online. Windows users can check for updates to their operating system to download and install patches right now.

Below you will find summaries of all five newsletters. Follow the link for detailed descriptions of each security bulletin.

  • MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621) – This security update resolves a privately reported vulnerability in Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid login credentials and be able to log on locally to exploit this vulnerability.
  • MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Rich Text Format (.rtf) file, text file (.txt), or Word document (.doc) that is located in the same directory than a specially designed dynamic link. library file (DLL). An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system might be less affected than users who operate with administrative user rights.
  • MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) – This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system might be less affected than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.
  • MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file, or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either vulnerability could gain the same user rights as the logged-in user. Users whose accounts are configured to have fewer user rights on the system might be less affected than users who operate with administrative user rights.
  • MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most serious vulnerabilities could allow elevation of privilege if a user clicks on a specially crafted URL or visits a specially crafted website. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users who browse to a SharePoint site in the Internet Zone are at reduced risk because, by default, the XSS filter in Internet Explorer 8 and Internet Explorer 9 helps to block attacks in the Internet Zone. However, the XSS filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet zone.

Find deployment priority and severity rate information on the Technet Blog.

Must Read