[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Enterprise Security'

[autonotify at us.ibm.com]

Fixlet Site - 'Enterprise Security'
Current Version: 1472	Published: Fri, 15 Apr 2011 00:48:51  GMT

New Fixlets:
============

***************************************************************
Title: UPDATE: Microsoft .NET Framework 4.0 for Windows 2008 R2 SP1 Server Core Available
Severity: <Unspecified>
Fixlet ID: 40501
Fixlet Link: http://go.microsoft.com/fwlink/?LinkID=186763

Fixlet Description: The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The .NET Framework 4 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. 

Important Note: Installation of this update may take more than 20 minutes to complete.

Important Note: The following actionscript will turn on WoW64, the .NET 2.0 Layer, and the .NET 2.0 Layer for Wow64.

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the release documentation for more information.

Important Note: BigFix has received reports that this patch requires the print spooler service to be running. If the print spooler service is disabled by default, it will be switched on temporarily for the duration of the patching process.

***************************************************************
Title: MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)
Severity: Important
Fixlet ID: 1102517
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2010 Redistributable Package Gold (x64)
Severity: Important
Fixlet ID: 1102519
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.