Microsoft released seventeen (17) security bulletins, nine (9) rated Critical and eight (8) rated Important. The bulletins address 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+. Note that 30 of the vulnerabilities are addressed by a single Important bulletin, MS11-034, and they all share the same couple of root causes.
Microsoft has rated the following Critical bulletins as top priority bulletins, recommending that MS11-018 for Internet Explorer be installed first. (IE9 is not affected.) Based on that note, please note the following recommendations.
- First install the cumulative update for Internet Explorer versions IE6, IE7 and IE8, MS11-018, and restart the computer.
- For reasons unknown, there are many people who have issues installing .NET updates. Thus, it is advised that MS11-028 be installed separately.
- Although it should be unchecked, when querying the server for Microsoft Updates, Windows Vista and Windows 7 users may find Internet Explorer 9 offered as an Important update. If you are ready to update to IE9, please first install the other updates, restart the computer and then select IE9 for installation.
From the MSRC Blog:
"MS11-018 (Internet Explorer). This security bulletin resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This bulletin is rated Critical for IE 6, IE 7 and IE 8 on Windows clients; and Moderate for IE6, IE7, and IE8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. Microsoft is aware of limited attacks leveraging vulnerabilities addressed by this bulletin, including the vulnerability used at the CanSecWest 2011 Conference, which we tweeted about yesterday.
We encourage all customers apply this bulletin first of all our April bulletins.
MS11-019 (SMB Client). This bulletin resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow remote code executions if an attacker sent a specially crafted SMB response to a client-initiated SMB request. The publicly disclosed vulnerability was posted to full disclosure on February 15. Microsoft investigated the issue and found that remote-code execution was extremely unlikely. As Microsoft has not seen any active attacks, we opted not to disrupt customers with an out-of-band bulletin.
MS11-020 (SMB Server). This bulletin resolves an internally discovered vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system."Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool. Additional information regarding the updates is available in the Microsoft Security Bulletin Summary for April 2011.
The following information is provided in the Security Bulletin:
- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
- MSRC: April 2011 Security Bulletin Release
- TechNet: Microsoft Security Bulletin Summary for April 2011