Patch Tuesday: April 2011 Is a Doozy!

Ed Tittel — Wed, 13 Apr 2011 13:53:39 +0000

Here’s what I found waiting for me on my production Windows 7 Professional (x86) machine this morning, in the wake of the latest Patch Tuesday:

A personal record for Patch Tuesday: Up to 24 files to download and install!

Notice that only two items are unchecked by default: KB2511250 relates to an issue printing SVG graphics or CSS3 style sheets in IE9, and the Malicious Software Removal Tool is a usual Patch Tuesday feature. The former is something many users are not likely to need, while Microsoft is being smart about leaving the latter unchecked because it takes some time to run to completion and has occasionally caused problems when batched in with Patch Tuesday stuff in the past.

All this said, here’s a quick abstract of the Security Bulletin Summary for April 2011:

Bulletin ID	Bulletin Title	Rating and Impact	Restart Required	Affected Software
MS11-018	Cumulative Security Update for IE (2497640)	Critical RCE	Yes	MS Windows, IE
MS11-019	Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)	Critical RCE	Yes	MS Windows
MS11-020	Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)	Critical RCE	Yes	MS Windows
MS11-027	Cumulative Security Update of ActiveX Kill Bits (2508272)	Critical RCE	Maybe	MS Windows
MS11-028	Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) to bypass Code Access Security (CAS) restrictions.	Critical RCE	Maybe	MS Windows
MS11-029	Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)	Critical RCE	Maybe	MS Windows, MS Office
MS11-030	Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)	Critical RCE	Yes	MS Windows
MS11-031	Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)	Critical RCE	Maybe	MS Windows
MS11-032	Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)	Critical RCE	Yes	MS Windows
MS11-021	Vulnerabilities in MS Excel Could Allow Remote Code Execution (2489279)	Important RCE	Maybe	MS Office
MS11-022	Vulnerabilities in MS PowerPoint Could Allow Remote Code Execution (2489283)	Important RCE	Maybe	MS Office, MS Server Software
MS11-023	Vulnerabilities in MS Office Could Allow Remote Code Execution (2489293)	Important RCE	Maybe	MS Office
MS11-024	Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)	Important RCE	Maybe	MS Windows
MS11-025	Vulnerability in MS Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)	Important RCE	Maybe	MS Developer Tools and Software
MS11-026	Vulnerability in MHTML Could Allow Information Disclosure (2503658)	Important Information Disclosure	Yes	MS Windows
MS11-033	Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)	Important RCE	Maybe	MS Windows
MS11-034	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)	Important Elevation of Privilege	Yes	MS Windows

Note: RCE is my abbreviation for Remote Code Execution, by far the most likely type of vulnerability you’ll encounter in this month’s batch of updates. Lots of important IE vulnerabilities are addressed here, including some recently reported zero-day and the latest PWN2OWN exploits as well. Roll up your sleeves, admins: you’ve got some work to do!

Windows Enterprise Desktop » Rundown on Patch Tuesday for April 2011

Patch Tuesday: April 2011 Is a Doozy!