Security 10804 Published by

Microsoft has updated the following security bulletins:

- MS11-012 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) - Version:2.0
- MS11-011 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Version:1.2
- MS11-013 - Important: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) - Version:2.0



MS11-012 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) - Version:2.0
Severity Rating: Important - Revision Note: V2.0 (March 18, 2011): Clarified the Affected Software to include Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. See the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, that explains this revision.

Summary: This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Read more

MS11-011 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Version:1.2
Severity Rating: Important - Revision Note: V1.2 (March 18, 2011): Added Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 to Non-Affected Software. This is an informational change only. There were no changes to the security update files or detection logic.

Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Read more

MS11-013 - Important: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) - Version:2.0
Severity Rating: Important - Revision Note: V2.0 (March 16, 2011): Clarified the Affected Software to include Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. See the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, that explains this revision.

Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
Read more