Microsoft today released 17 security bulletins addressing 64 vulnerabilities spanning a variety of Microsoft products including Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .NET Framework and GDI+. Of the 17 bulletins, three are top priority updates rated Critical by Microsoft that should be deployed as soon as possible.
30 of the 64 vulnerabilities are addressed by a single bulletin, MS11-034. All 30 share the same root cause related to the Windows Kernel-Mode Drivers. The bulletin itself carries an Important rating with a possibility of elevation of privilege.
The three top priority updates are related to SMB flaws and Internet Explorer: MS11-020 (SMB Server), MS11-019 (SMB Client) and MS11-018 (Internet Explorer).
Pete Voss from Microsoft’s Trustworthy Computing Group provided the following details about the three updates:
MS11-018 (Internet Explorer). This security bulletin resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This bulletin is rated Critical for IE 6, IE 7 and IE 8 on Windows clients; and Moderate for IE6, IE7, and IE8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. Microsoft is aware of limited attacks leveraging vulnerabilities addressed by this bulletin, including the vulnerability used at the CanSecWest 2011 Conference, which we tweeted about yesterday.
We encourage all customers apply this bulletin first of all our April bulletins.
MS11-019 (SMB Client). This bulletin resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow remote code executions if an attacker sent a specially crafted SMB response to a client-initiated SMB request. The publicly disclosed vulnerability was posted to full disclosure on February 15. Microsoft investigated the issue and found that remote-code execution was extremely unlikely. As Microsoft has not seen any active attacks, we opted not to disrupt customers with an out-of-band bulletin.
MS11-020 (SMB Server). This bulletin resolves an internally discovered vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.
As always, the updates will be available via Windows Update and the Microsoft Download Center. Further details about the bulletins are available in the Microsoft Security Bulletin Summary for April 2011.