Microsoft released four (4) bulletins addressing vulnerabilities in Microsoft Windows. One bulletin is rated Critical, two Important and one Moderate.
The Critical update, MS11-083, Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), requires a restart.
Three three threat families are included in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp, Win32/Cridex and Win32/Dofoil. Additional information about Win32/Carberp is available in MSRT November '11: Carberp.
Support
The following additional information is provided in the Security Bulletin:- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
References
- MSRC: Microsoft hosts BlueHatv11, releases four bulletins
- TechNet: Microsoft Security Bulletin Summary for November 2011
Note to XP (and Server 2003) users:
ReplyDeleteRE-offering of Microsoft Security Bulletin MS11-037 : Vulnerability in MHTML Could Allow Information Disclosure (KB2544893) [Important]
"Microsoft re-released this bulletin to reoffer security update KB2544893 for all supported editions of Windows XP and Windows Server 2003. The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems. Systems running supported editions of Windows XP and Windows Server 2003 will automatically be offered the new version of this update. Customers using these operating systems, including those who have already successfully installed the update originally offered on June 14, 2011, should install the reoffered update."