May 2011 Microsoft Super Tuesday
Posted by Shane Garrett on May 10, 2011 at 4:21 PM EDT.
May's monthly security update from Microsoft consisted of two bulletins covering vulnerabilities in WINS and PowerPoint. This was a refreshing break from the enormous update the previous month.
- MS11-036 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
This bulletin covers two privately disclosed vulnerabilities in Microsoft Powerpoint. Exploitation of both vulnerabilities can lead to remote code execution. Neither vulnerability affects PowerPoint 2010. CVE-2011-1270 only affects Powerpoint 2003 and 2002.
- MS11-035 - Vulnerability in WINS Could Allow Remote Code Execution
This bulletin covers a vulnerability in the Windows Internet Name Service (WINS). The vulnerability exists in the processing of specially crafted WINS replication traffic. Successful exploitation of this vulnerability can result remote code execution in the context of the WINS service, which runs as a privileged account. If WINS is being used it is highly recommended to install this critical update.