Internet Security Systems - AlertCon(TM)

May 2011 Microsoft Super Tuesday

Posted by Shane Garrett on May 10, 2011 at 4:21 PM EDT.

May's monthly security update from Microsoft consisted of two bulletins covering vulnerabilities in WINS and PowerPoint.  This was a refreshing break from the enormous update the previous month.

  • MS11-036 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution

    This bulletin covers two privately disclosed vulnerabilities in Microsoft Powerpoint.  Exploitation of both vulnerabilities can lead to remote code execution.  Neither vulnerability affects PowerPoint 2010.  CVE-2011-1270 only affects Powerpoint 2003 and 2002.

  • MS11-035 - Vulnerability in WINS Could Allow Remote Code Execution

    This bulletin covers a vulnerability in the Windows Internet Name Service (WINS).  The vulnerability exists in the processing of specially crafted WINS replication traffic.  Successful exploitation of this vulnerability can result remote code execution in the context of the WINS service, which runs as a privileged account.  If WINS is being used it is highly recommended to install this critical update.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.