Windows Enterprise Desktop

Apr 13 2011   1:53PM GMT

Patch Tuesday: April 2011 Is a Doozy!



Posted by: Ed Tittel
Tags:
17 Security Updates Plus can leave up to 24 update files for some Windows machines for April 2011 Patch Tuesday
April 2011 Patch Tuesday synopsis
Rundown on Patch Tuesday for April 2011

Here’s what I found waiting for me on my production Windows 7 Professional (x86) machine this morning, in the wake of the latest Patch Tuesday:

Up to 24 files to download and install!

A personal record for Patch Tuesday: Up to 24 files to download and install!

Notice that only two items are unchecked by default: KB2511250 relates to an issue printing SVG graphics or CSS3 style sheets in IE9, and the Malicious Software Removal Tool is a usual Patch Tuesday feature. The former is something many users are not likely to need, while Microsoft is being smart about leaving the latter unchecked because it takes some time to run to completion and has occasionally caused problems when batched in with Patch Tuesday stuff in the past.

All this said, here’s a quick abstract of the Security Bulletin Summary for April 2011:

Bulletin ID

Bulletin Title

Rating and Impact

Restart Required

Affected Software

MS11-018

Cumulative Security Update for IE (2497640)

Critical
RCE

Yes

MS Windows,
IE

MS11-019

Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

Critical
RCE

Yes

MS Windows

MS11-020

Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

Critical
RCE

Yes

MS Windows

MS11-027

Cumulative Security Update of ActiveX Kill Bits (2508272)

Critical
RCE

Maybe

MS Windows

MS11-028

Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) to bypass Code Access Security (CAS) restrictions.

Critical
RCE

Maybe

MS Windows

MS11-029

Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

Critical
RCE

Maybe

MS Windows,
MS Office

MS11-030

Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

Critical
RCE

Yes

MS Windows

MS11-031

Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

Critical
RCE

Maybe

MS Windows

MS11-032

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

Critical
RCE

Yes

MS Windows

MS11-021

Vulnerabilities in MS Excel Could Allow Remote Code Execution (2489279)

Important
RCE

Maybe

MS Office

MS11-022

Vulnerabilities in MS PowerPoint Could Allow Remote Code Execution (2489283)

Important
RCE

Maybe

MS Office,
MS Server Software

MS11-023

Vulnerabilities in MS Office Could Allow Remote Code Execution (2489293)

Important
RCE

Maybe

MS Office

MS11-024

Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

Important
RCE

Maybe

MS Windows

MS11-025

Vulnerability in MS Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

Important
RCE

Maybe

MS Developer Tools and Software

MS11-026

Vulnerability in MHTML Could Allow Information Disclosure (2503658)

Important
Information Disclosure

Yes

MS Windows

MS11-033

Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

Important
RCE

Maybe

MS Windows

MS11-034

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

Important
Elevation of Privilege

Yes

MS Windows

Note: RCE is my abbreviation for Remote Code Execution, by far the most likely type of vulnerability you’ll encounter in this month’s batch of updates. Lots of important IE vulnerabilities are addressed here, including some recently reported zero-day and the latest PWN2OWN exploits as well. Roll up your sleeves, admins: you’ve got some work to do!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: