Security 10808 Published by

Microsoft just published this month security bulletins



MS11-056 - Important: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (July 12, 2011): Bulletin published.

Summary: This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

MS11-056 - Important: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) - Version:1.0

MS11-055 - Important: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (July 12, 2011): Bulletin published.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-055 - Important: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) - Version:1.0

MS11-054 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (July 12, 2011): Bulletin published.

Summary: This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

MS11-054 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917) - Version:1.0

MS11-053 - Critical: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (July 12, 2011): Bulletin published.

Summary: This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.

MS11-053 - Critical: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220) - Version:1.0

MS11-052 - Critical: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 12, 2011): Announced a change to detection logic and corrected bulletin replacement information for some affected configurations. There were no changes to the security update files. See the Update FAQ for details.

Summary: This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-052 - Critical: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) - Version:1.1

MS08-069 - Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:4.0
Severity Rating: Critical - Revision Note: V4.0 (July 12, 2011): Added Microsoft XML Core Services 4.0 (KB954430) when installed on 32-bit and x64-based editions of Windows 7 Service Pack 1 and on x64-based and Itanium-based editions of Windows Server 2008 R2 Service Pack 1 as affected software. This is a detection change only; there were no changes to the binaries. The latest MBSA and SMS support this rerelease. Customers who have already successfully installed KB954430 do not need to reinstall.

Summary: This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-069 - Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:4.0