microsoftsecuritylogo

Contrary to popular belief, Windows 8 was not the only info coming out of Redmond this past week.  Your regularly scheduled monthly security updates were also released this past Tuesday for several Microsoft programs as we mentioned last week.

So by now you have already downloaded these updates because your Windows system is set to automatically grab important system and software updates – right?  Well OK, so some of you still do not want them to be automatically installed.  So head over to Windows Update right now and get those important patches installed on your system so your protected.  You can read the rest of this post while the updates download.

Here are the text summaries for each issue from the Microsoft Security TechCenter:

MS11-070
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important
Elevation of Privilege
Microsoft Windows

MS11-071
Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
Microsoft Windows

MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.
Important
Remote Code Execution
Microsoft Office, Microsoft Server Software

MS11-073
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
Microsoft Office

MS11-074
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.
Important
Elevation of Privilege
Microsoft Office, Microsoft Server Software

And for those of you who would prefer to just listen to the info about these bulletins you can check out the webcast that was held on 14 September 2011 which discussed these security updates.