LANDesk Patch News Bulletin: Microsoft Patch Tuesday Windows 2000 Vulnerability Definitions are Available 20-JUN-2011

Version 1

    LANDesk Security and Patch News

     

    Headlines

    • (June 20, 2011) Microsoft has released security update MS11-038. This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. Please visit the following page for more details, http://www.microsoft.com/technet/security/bulletin/MS11-038.mspx

     

    • Microsoft has released security update MS11-042. This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Please visit the following page for more details: http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx

     

    • Microsoft has released security update MS11-043. This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. Please visit the following page for more details, http://www.microsoft.com/technet/security/Bulletin/MS11-043.mspx

     

    • Microsoft has released security update MS11-050. This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please visit the following page for more details, http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx

     

    • Microsoft has released security update MS11-052. This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please visit the following page for more details: http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx

     

    Important note: Microsoft has discontinued general support for Windows 2000 and Windows XP SP2. Extended service contracts are available and are required to access the patches necessary to remediate these vulnerabilities. These patches are not provided by LANDesk and can only be downloaded from Microsoft with a valid extended service contract. Customers with access to the patches through their extended support contracts will need to manually copy the patches to the \patch directory on the LANDesk core server in order to perform remediation for detected vulnerabilities.

     

    New Vulnerabilities

    • Vulnerability ID – MS11-038_WIN2000
    • Vulnerability ID – MS11-042_WIN2000
    • Vulnerability ID – MS11-043_WIN2000
    • Vulnerability ID – MS11-050_WIN2000
    • Vulnerability ID – MS11-052_WIN2000

     

     

    Changed Vulnerabilities

    • Vulnerability ID – MS11-019_WIN2000 (Added the replacement information.)
    • Vulnerability ID – MS11-018_WIN2000 (Added the replacement information.)
    • Vulnerability ID – MS11-029_WIN2000 (Added the replacement information.)

     

     

    New Patch Downloads

    • windows2000-kb2476490-x86-custom-enu.exe
    • windows2000-kb2535512-x86-custom-enu.exe
    • windows2000-kb2536276-x86-custom-enu.exe
    • ie5.01sp4-kb2530548-windows2000sp4-x86-enu.exe
    • ie6.0sp1-kb2530548-windows2000-x86-enu.exe
    • ie6.0sp1-kb2544521-windows2000-x86-enu.exe

     

     

    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

    Best regards,

    LANDesk Product Support

     

    Copyright © 2011 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

     

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com.