Being the second Tuesday of the month, once again it is Patch Tuesday. This is the second largest bulletin released by Microsoft in 2011 covering 16 bulletins.
That number could be deceiving low though… MS has combined many fixes into single bulletins reducing the number of bulletins, even though it fixes far more flaws.
As Microsoft points out in their MSRC blog this month’s fixes cover 32 critical and important severity vulnerabilities.
In particular Microsoft is drawing attention to four bulletins they have categorized as the highest deployment priority.
- MS11-042 DFS – Fixes two privately reported vulnerabilities in the Distributed File System client. If exploited attackers could execute arbitrary code on the victims computer.
- MS11-043 SMB Client – Similar to MS11-042 this flaw in the file sharing client in Windows could allow an attacker to remotely execute code on victim PCs.
- MS11-050 Internet Explorer – Fixes 11 privately disclosed flaws in IE, some of which could result in remote code execution.
- MS11-052 Internet Explorer 6,7,8 – Privately disclosed flaws in Microsoft’s implementation of VML could allow remote code execution by simply visiting a malicious web page. IE 9 is not affected.
Other fixes includes patches for OLE, Threat Management Gateway client firewall, .NET, Silverlight, Windows Kernel, Excel, Active Directory, MHTML, Hyper-V, SMB server and XML Editor.
In a separate advisory from Microsoft they are alerting Office for Mac customers that the Office fixes from May which did not ship for Mac users are included in MS11-045, the Excel patch. This makes MS11-045 a high priority update for Mac Office users.
Adobe will be releasing updates for Reader and Acrobat. This is on target with their planned quarterly release cycle and will bring Adobe Reader X clients up to date with all of the latest fixes.
Windows and Mac users can run their check for update tools on affected products to apply these fixes.
If you would like to see SophosLabs opinions on this months updates please visit Sophos Knowledgebase article 43444.