[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Enterprise Security'
autonotify at us.ibm.com
autonotify at us.ibm.com
Thu Jun 16 02:01:43 PDT 2011
Fixlet Site - 'Enterprise Security'
Current Version: 1494 Published: Wed, 15 Jun 2011 19:07:18 GMT
New Fixlets:
============
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft .NET Framework 4.0 - Windows XP SP2 / 2003 SP2 / Vista SP1/SP2 / 2008 Gold/SP2 / Win7 Gold/SP1 / 2008 R2 Gold/SP1 (x64)
Severity: Critical
Fixlet ID: 1103911
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP1 / 3.5 - Windows Vista SP1 / 2008 Gold
Severity: Critical
Fixlet ID: 1103913
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1 - Windows Vista SP1 / 2008 Gold
Severity: Critical
Fixlet ID: 1103915
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 Gold
Severity: Critical
Fixlet ID: 1103925
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 SP1
Severity: Critical
Fixlet ID: 1103927
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft Silverlight 4
Severity: Critical
Fixlet ID: 1103933
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution - Microsoft Silverlight 4 for Developers
Severity: Critical
Fixlet ID: 1103935
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5 - Windows XP SP3 and Windows Server 2003 SP2
Severity: Critical
Fixlet ID: 1104403
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1 - Windows XP SP2 / Windows Server 2003 SP2 (x64)
Severity: Critical
Fixlet ID: 1104407
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5 - Windows XP SP2 and Windows Server 2003 SP2 (x64)
Severity: Critical
Fixlet ID: 1104409
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 4.0 - Windows XP SP2 and Windows Server 2003 SP2 and Windows Vista SP1/SP2 and Windows 7 Gold/SP1 and Windows Server 2008 Gold/SP2 and Windows Server 20
Severity: Critical
Fixlet ID: 1104411
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP1 / 3.5 - Windows Vista SP1 and Windows Server 2008
Severity: None[2]
Fixlet ID: 1104413
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1 - Windows Vista SP1 and Windows Server 2008
Severity: None[2]
Fixlet ID: 1104415
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1 - Windows Vista SP2 and Windows Server 2008 SP2
Severity: None[2]
Fixlet ID: 1104417
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP1 / 3.5 - Windows Vista SP1 and Windows Server 2008 (x64)
Severity: None[2]
Fixlet ID: 1104419
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1 - Windows Vista SP1 / Windows Server 2008 (x64)
Severity: None[2]
Fixlet ID: 1104421
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 / 3.5 SP1- Windows Vista SP2 and Windows Server 2008 SP2 (x64)
Severity: None[2]
Fixlet ID: 1104423
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 Gold
Severity: Critical
Fixlet ID: 1104425
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 SP1
Severity: Critical
Fixlet ID: 1104427
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 and Windows Server 2008 R2 Gold (x64)
Severity: Critical
Fixlet ID: 1104429
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 SP1/Windows Server 2008 R2 SP1 (x64)
Severity: Critical
Fixlet ID: 1104431
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - InfoPath 2007 SP2
Severity: Important
Fixlet ID: 1104901
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP3 - QFE Branch
Severity: Important
Fixlet ID: 1104903
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP3 - GDR Branch
Severity: Important
Fixlet ID: 1104905
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - InfoPath 2010
Severity: Important
Fixlet ID: 1104906
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP3 - QFE Branch (x64)
Severity: Important
Fixlet ID: 1104907
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP3 - GDR Branch (x64)
Severity: Important
Fixlet ID: 1104909
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - InfoPath 2010 (x64)
Severity: Important
Fixlet ID: 1104911
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
var isEvansOrLater = '' == 'True'?true:false; document.body.onload = SetOfficeOverviewLink; function SetOfficeOverviewLink() { try {if (isEvansOrLater) { dashboardLink.innerHTML = Relevance('(format "Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the {0}.?>" + link "" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string ) as string');} else { dashboardLink.innerHTML = EvaluateRelevance('"Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the " & link "Microsoft Office Overview Dashboard" of bes wizard whose (dashboard id of it = "office_overview.ojo" AND id of site of it = 2) as string & "."');} } catch (e) {if (isEvansOrLater) { dashboardLink.innerHTML ='Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.?>';} else { dashboardLink.innerHTML = 'Note: For configuration controls and an overview of your Microsoft Office deployment(s), please see the Microsoft Office Overview Dashboard.';} } }
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP4 - QFE Branch
Severity: Important
Fixlet ID: 1104913
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP4 - GDR Branch
Severity: Important
Fixlet ID: 1104915
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP4 - QFE Branch (x64)
Severity: Important
Fixlet ID: 1104917
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2005 SP4 - GDR Branch (x64)
Severity: Important
Fixlet ID: 1104919
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server Management Studio Express (SSMSE) 2005
Severity: Important
Fixlet ID: 1104921
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server Management Studio Express (SSMSE) 2005 (x64)
Severity: Important
Fixlet ID: 1104923
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP1 - QFE Branch
Severity: Important
Fixlet ID: 1104925
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP1 - GDR Branch
Severity: Important
Fixlet ID: 1104927
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP1 - QFE Branch (x64)
Severity: Important
Fixlet ID: 1104929
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP1 - GDR Branch (x64)
Severity: Important
Fixlet ID: 1104931
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP2 - QFE Branch
Severity: Important
Fixlet ID: 1104933
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP2 - GDR Branch
Severity: Important
Fixlet ID: 1104935
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP2 - QFE Branch (x64)
Severity: Important
Fixlet ID: 1104937
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 SP2 - GDR Branch (x64)
Severity: Important
Fixlet ID: 1104939
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 R2 - QFE Branch
Severity: Important
Fixlet ID: 1104941
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
Important Note: This patch cannot run quietly nor can it be initiated via command line. It can only be deployed manually. We highly recommend installing in a test environment prior to deployment. The patch can be downloaded here (http://download.microsoft.com/download/3/E/7/3E7DF332-6D24-47B7-A4A1-B516541C85F6/SQLServer2008R2-KB2494086-x86.exe)
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 R2 - GDR Branch
Severity: Important
Fixlet ID: 1104943
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 R2 - QFE Branch (x64)
Severity: Important
Fixlet ID: 1104945
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
Important Note: This patch cannot run quietly nor can it be initiated via command line. It can only be deployed manually. We highly recommend installing in a test environment prior to deployment. The patch can be downloaded here (http://download.microsoft.com/download/3/E/7/3E7DF332-6D24-47B7-A4A1-B516541C85F6/SQLServer2008R2-KB2494086-x64.exe)
***************************************************************
Title: MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 R2 - GDR Branch (x64)
Severity: Important
Fixlet ID: 1104947
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
Important Note: This patch cannot run quietly nor can it be initiated via command line. It can only be deployed manually. We highly recommend installing in a test environment prior to deployment. The patch can be downloaded here (http://download.microsoft.com/download/C/8/C/C8CE2D24-AAA2-41FA-83A8-D4688306D87D/SQLServer2008R2-KB2494088-x64.exe)
***************************************************************
Title: MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege - Windows Server 2008 Gold/SP2
Severity: Important
Fixlet ID: 1105105
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege - Windows Server 2008 Gold/SP2 (x64)
Severity: Important
Fixlet ID: 1105107
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Important
Fixlet ID: 1105109
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 7 - Windows Vista SP1/SP2 (x64)
Severity: Critical
Fixlet ID: 1105219
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 7 - Windows Server 2008 Gold/SP2 (x64)
Severity: Moderate
Fixlet ID: 1105223
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 8 - Windows 7 Gold/SP1 (x64)
Severity: Critical
Fixlet ID: 1105243
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 8 - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Moderate
Fixlet ID: 1105245
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
More information about the BigFix-Announcements
mailing list