Information About Microsoft August 2011 Security Bulletins

Dial In Number 1-800-229-0449 Pin: 3750

Information About Microsoft August 2011 Security Bulletins

Jonathan NessSecurity Development Manager, MSRCMicrosoft CorporationJerry BryantGroup Manager, Response CommunicationsMicrosoft Corporation


What We Will Cover• Review of August 2011 Bulletin release information:

– New Security Bulletins– Security Advisory– Re-released Bulletins– Announcements– Microsoft® Windows® Malicious Software Removal Tool

• Resources• Questions and answers: Please Submit Now


Severity and Exploitability Index

Exploitabili

ty Index

1

RISK

2

3

DP 1 1 3 2 3 2 2 2 2 3 3 3 3

Severity

Critical

IMPACT

Important

Moderat

e

Low

MS11-057 MS11-058 MS11-059 MS11-060 MS11-061 MS11-062 MS11-063 MS11-064 MS11-065 MS11-066 MS11-067 MS11-068

MS11-069

Win

dow

s

Win

dow

s

Offi

ce

Win

dow

s

Win

dow

s

Win

dow

s

Inte

rnet

Exp

lore

r

.NET

Visu

al S

tudi

o

Win

dow

s .NET

Fra

mew

ork

Win

dow

s

Win

dow

s


Bulletin Deployment PriorityBulletin KB Disclosure Aggregate

SeverityExploit Index

MaxImpact

Deployment Priority Note

IE (Cumulative)MS11-057 2559049 Public Critical 1 RCE 1 Bulletin resolves five privately disclosed vulnerabilities and two publicly disclosed

vulnerabilities; both public issues are Moderate in severity.

DNS ServerMS11-058 2562485 Private Critical 3 RCE 1 Servers that do not have the DNS role enabled are not at risk from the

vulnerability addressed in this bulletin; nor are workstations.

CSRSSMS11-063 2567680 Private Important 1 EoP 2 Bulletin rectifies improper validation of permissions when lower-integrity

processes communicate with higher-integrity processes.

Remote AccessMS11-062 2566454 Private Important 1 EoP 2 Windows Vista x64 SP2, Windows Server 2008, Windows 7, and Windows Server

2008 R2 are unaffected by this issue.

TCP/IPMS11-064 2563894 Private Important 3 DoS 2 Server administrators who have not manually installed the URL-based Quality of

Service (QoS) feature on their systems are less affected by this issue.Remote Desktop

Protocol MS11-065

2570222 Private Important 3 DoS 2 This issue is rated Important for Windows Server 2003 and Moderate for Windows XP; newer platforms are not affected.

VisioMS11-060 2560978 Private Important 1 RCE 2 Users whose accounts are configured with fewer system privileges will be less

affected by the issues addressed in this bulletin.

Chart ControlMS11-066 2567943 Private Important 3 ID 3 Default installations of the .NET Framework are not affected by the issue

addressed in this bulletin.

Visual StudioMS11-067 2578230 Private Important 3 ID 3 Issue affects only Microsoft Visual Studio 2005 and Microsoft Visual Studio 2005

Redistributable Package; newer platforms are not affected.

Remote DesktopMS-11-061 2546250 Private Important 1 EoP 3 Affects only Windows Server 2008 R2 SP1. Potential attacks on this issue are

blocked by the XSS Filter in Internet Explorer 8 and 9, when enabled.

DACMS11-059 2560656 Private Important 1 RCE 3 Bulletin addresses one privately disclosed DLL-preloading issue.

KernelMS11-068 2556532 Private Moderate NA DoS 3 To exploit this issue, an attacker would have to convince a potential victim to visit

a site with a maliciously constructed page.

.NETMS11-069 2567951 Private Moderate NA ID 3 Bulletin corrects manner in which the .NET Framework validates trust levels

within the System.Net.Sockets namespace.


MS11-057: Cumulative Security Update for Internet Explorer (2559049)CVE Severity

ExploitabilityComment Note

Latest Software Older Versions

CVE-2011-1257 Important NA 1 Remote Code Execution Cooperatively disclosed

CVE-2011-1960 Important 3 3 Information Disclosure Cooperatively disclosed

CVE-2011-1961 Important 1 1 Remote Code Execution Cooperatively disclosed

CVE-2011-1962 Moderate NA NA Information Disclosure Publicly disclosed

CVE-2011-1963 Critical 1 1 Remote Code Execution Cooperatively disclosed


CVE-2011-2383 Moderate NA NA Information Disclosure Publicly disclosed

Affected Products IE6, IE7, IE 8 and IE 9 on all supported versions of Windows and Windows Server except IE6 on Windows Server 2003, x64, and Itanium

IE 6 on Windows Server 2003, x64, and Itanium

Affected Components Internet Explorer

Deployment Priority 1

Main Target Workstations and Servers

Possible Attack Vectors

• Browse and Own: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. (CVE-2011-1960, 1961, 1962, 1963, 1964)

• Clickjacking: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the Web site and perform a series of clicks in different Internet Explorer windows. (CVE-2011-1257)

• Drag and Drop: An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and performed a drag-and-drop operation. (CVE-2011-2383)

Impact of Attack

• An attacker could gain the same user rights as the logged on user. (CVE-2011-1257, 1961, 1963, 1964, 1256, 1260, 1261, 1262)• An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. (CVE-2011-

1960, 1962)• An attacker who successfully exploited this vulnerability could gain access to cookie files stored in the local machine. (CVE-2011-2383)

Mitigating Factors

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration.

• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls.

• An attacker could not force a user to visit a specially crafted site.

Additional Information • Installations using Server Core are not affected.

http://go.microsoft.com/fwlink/?LinkId=92039


MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

CVE SeverityExploitability

Comment NoteLatest Software Older Versions


CVE-2011-1970 Important 3 3 Denial of Service Cooperatively disclosed

Affected Products Windows Server 2008, Windows Server 2008 x64, Windows Server 2008R2 x64

Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium

Affected Components DNS Server


Main Target Servers running in the DNS role


• A remote unauthenticated attacker could exploit this vulnerability by registering a domain, creating an NAPTR DNS resource record, and then sending a specially crafted NAPTR query to the target DNS server. (CVE-2011-1066)

• A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970)

Impact of Attack

• An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the system. (CVE-2011-1966)

• A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970)

Mitigating Factors • Microsoft has not identified any mitigating factors for this issue.

Additional Information • Installations using Server Core are affected.


MS11-059: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)



CVE-2011-1975 Important 1 NA Remote Code Execution Cooperatively disclosed

Affected Products Windows 7, Windows 7 x64, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium

Affected Components Data Access Components (DAC)


Main Target Workstations


• In a network attack scenario, an attacker could place a legitimate Office-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file.

• In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a legitimate Excel-related file attachment (such as an .xlsx file) to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Office could attempt to load the DLL file and execute any code it contained.

Impact of Attack• An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

Mitigating Factors

• For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open an Excel-related file (such as a .xlsx file).

• The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. This limits the potential attack vectors for this vulnerability.

Additional Information• Installations using Server Core are affected.


MS11-060: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)



CVE-2011-1972 Important 1 1 Remote Code Execution Cooperatively disclosed

CVE-2011-1979 Important NA 1 Remote Code Execution Cooperatively disclosed

Affected Products Visio 2003, 2007, 2010 32-bit, and 2010 64-bit

Affected Components Visio



Possible Attack Vectors• This vulnerability requires that a user view a specially crafted WMF image file. An attacker could host a

specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.

Impact of Attack

• In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file.

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. An attacker would then convince a user to open the Visio file.

Mitigating Factors• An attacker would have no way to force users to visit a malicious web site.• The vulnerability cannot be exploited automatically through e-mail.

Additional Information• Microsoft Visio 2010 Viewer is not affected.


MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)



CVE-2011-1263 Important 1 NA Elevation of Privilege Cooperatively disclosed

Affected Products Windows Server 2008 R2 x64

Affected Components Remote Desktop Web Access


Main Target Servers running the Remote Desktop Web Access role


• In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link.

Impact of Attack• An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of

Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the Remote Desktop Web Access site.

Mitigating Factors

• The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.

• An attacker would have no way to force a user to visit a malicious site.• By Remote Desktop Web Access is not installed by default. When you install Remote Desktop Web Access, Microsoft

Internet Information Services (IIS) is also installed as a required component.

Additional Information• Installation using Server Core are not affected.


MS11-062: Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)



CVE-2011-1974 Important NA 1 Elevation of Privilege Cooperatively disclosed

Affected Products Windows XP, XP x64, Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium

Affected Components NDISTAPI.sys




• To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.

Impact of Attack • An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system.

Mitigating Factors

• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Additional Information• The NDISTAPI driver is part of the RAS architecture and interfaces the NDISWAN to TAPI services.• There are no workarounds for this update.


MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)



CVE-2011-1967 Important 1 1 Elevation of Privilege Cooperatively disclosed

Affected Products All supported versions of Windows and Windows Server

Affected Components Client/Server Run-time Subsystem




• To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to send a device event message to a higher-integrity process.

Impact of Attack• An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.

Mitigating Factors• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Additional Information• Installations using Server Core are affected.


MS11-064: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)



CVE-2011-1871 Important 3 3 Denial of Service Cooperatively disclosed

CVE-2011-1965 Important 3 NA Denial of Service Cooperatively disclosed

Affected ProductsWindows Server 2008 and 2008 x64, Windows Server 2008 for Itanium, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium

Vista, Vista x64, Windows 7 and Windows 7 x64

Affected Components TCP/IP Stack




• A remote unauthenticated attacker could exploit this vulnerability by creating a program to send a sequence of specially crafted ICMP messages to a target system. (CVE-2011-1871)

• In a remote attack scenario, an unauthenticated attacker could exploit this vulnerability by sending a specially crafted URL request to a server that is serving Web content and has URL-based QoS enabled. (CVE-2011-1965)

Impact of Attack• An attacker who successfully exploited this vulnerability could cause the target system to stop responding and

automatically restart.

Mitigating Factors• By default, the URL-based Quality of Service feature is not enabled on any Windows operating system. Users would

need to manually install this feature in order to be affected by this vulnerability. (CVE-2011-1965)

Additional Information • Installations using Server Core are affected.


MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)



CVE-2011-1968 Important NA 3 Denial of Service Cooperatively disclosed

Affected Products Windows Server 2003, Windows Server 2003 x64 and Windows Server 2003 for Itanium Windows XP and XP x64

Affected Components Remote Desktop Protocol


Main Target Servers


• A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system.

Impact of Attack• An attacker who successfully exploited this vulnerability could cause a user’s system to stop responding and require

a restart.

Mitigating Factors

• By default, the Remote Desktop Protocol (RDP) is not enabled on any operating system. On Windows XP and Windows Server 2003, Remote Assistance can enable RDP.

Additional Information• Installation using Server Core are affected.• Systems that do not have RDP enabled are not at risk.


MS11-066: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)



CVE-2011-1977 Important 3 NA Information Disclosure Cooperatively disclosed

Affected Products.NET Framework 4.0 on all supported versions of Windows and Windows Server, Chart Control for .NET Framework 3.5 SP1 (Developer Tools)

Affected Components Chart Control




• To exploit this vulnerability, an attacker would send a specially crafted GET request to an affected server hosting the Chart controls.

Impact of Attack• An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web

site directory or subdirectories, such as web.config. The web.config file often stores sensitive information.

Mitigating Factors• Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET

Framework are not affected.

Additional Information• Installation using Server Core are affected in some cases. See bulletin for details.• .NET 4.0 Client Profiles are not affected.


MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)



CVE-2011-1976 Important NA 3 Information Disclosure Cooperatively disclosed

Affected Products Visual Studio 2005 and 2005 Redistributable Package

Affected Components Visual Studio




• In an e-mail attack scenario, an attacker could exploit the vulnerability by sending an e-mail message containing the specially crafted link to the user of the targeted affected server and by convincing the user to click on the specially crafted link.

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted link to the targeted affected server that is used to attempt to exploit this vulnerability.

Impact of Attack• An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The

script could then be used to spoof content or disclose sensitive information.

Mitigating Factors

• The vulnerability cannot be exploited automatically through e-mail. • An attacker would have no way to force users to view the attacker-controlled content.• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-

mail messages in the Restricted sites zone, which disables script and ActiveX controls.

Additional Information• By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a

restricted mode that is known as Enhanced Security Configuration.

http://technet.microsoft.com/en-us/library/dd883248(WS.10).aspx


MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)



CVE-2011-1971 Moderate NA NA Denial of Service Cooperatively disclosed

Affected Products Vista and x64; Windows Server 2008 , x64, and Itanium; Windows 7 and x64; Windows Server 2008 R2 x64 and Itanium

Affected Components Kernel




• In a Web-based attack scenario, an attacker would have to host a Web site that points to a specially crafted file on a network share. Then, when the user navigates to the Web site, the affected control path is triggered via the Details and Preview panes in Windows Explorer.

• In a network-share based attack scenario, an attacker could host a specially crafted file on a network share. Then, when the user navigates to the share in Windows Explorer, the affected control path is triggered via the Details and Preview panes.

Impact of Attack• An attacker who successfully exploited this vulnerability could cause the affected system to restart.

Mitigating Factors• The vulnerability cannot be exploited automatically through e-mail. • An attacker would have no way to force users to view the attacker-controlled content.

Additional Information• Installations using Server Core are not affected.


MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)



CVE-2011-1978 Moderate NA NA Information Disclosure Cooperatively disclosed

Affected Products .NET 2.0, 3.5.1, 4.0 on all supported versions of Windows and Windows Server.

Affected Components .NET Framework




• Web browsing: An attacker could host a specially crafted Web site that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the Web site.

• Web hosting: If a Web hosting environment allows users to upload custom ASP.NET applications, an attacker could upload a malicious ASP.NET application that uses this vulnerability to break out of the sandbox used to prevent ASP.NET code from performing harmful actions on the server system.

• Windows .NET applications: This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Impact of Attack

• An attacker who successfully exploited this vulnerability would be able to access information not intended to be exposed.• This vulnerability could be used by an attacker to direct network traffic from a victim's system to other network resources the victim

can access. • This could also allow an attack to perform a denial of service to any system the victim's system can access or use the victim's

system to perform scanning of network resources available to the victim.

Mitigating Factors

• An attacker would have no way to force users to visit these Web sites.• In a Web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a Web site and ASP.NET must be

installed on that Web server.• By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode

known as Enhanced Security Configuration.

Additional Information

• Installations using Server Core are affected in some cases; see bulletin for details.• .NET 3.51.1 and 3.5 are not affected.• .NET 4 and .NET 4 Client Profiles are affected.


Detection & DeploymentBulletin Windows Update Microsoft Update MBSA 2.2 WSUS 3.0 SMS 2003 with ITMU SCCM 2007

IE (Cumulative)MS11-057 Yes Yes Yes Yes Yes Yes

DNS ServerMS11-058 Yes Yes Yes Yes Yes Yes

DACMS11-059 Yes Yes Yes Yes Yes Yes

VisioMS11-060 No Yes Yes Yes Yes Yes

Remote DesktopMS-11-061 Yes Yes Yes Yes Yes Yes

Remote AccessMS11-062 Yes Yes Yes Yes Yes Yes

CSRSSMS11-063 Yes Yes Yes Yes Yes Yes

TCP/IPMS11-064 Yes Yes Yes Yes Yes Yes

Remote Desktop Protocol MS11-065 Yes Yes Yes Yes Yes Yes

SQL/.NETMS11-066 Yes Yes Yes Yes Yes Yes

Visual StudioMS11-067 No Yes Yes Yes Yes Yes

KernelMS11-068 Yes Yes Yes Yes Yes Yes

.NETMS11-069 Yes Yes Yes Yes Yes Yes


Other Update InformationBulletin Restart Uninstall Replaces

IE (Cumulative)MS11-057 Yes Yes MS11-050

DNS ServerMS11-058 Yes Yes MS09-008, MS11-046

DACMS11-059 Yes Yes None

VisioMS11-060 Maybe Yes MS11-008

Remote DesktopMS-11-061 Yes No None

Remote AccessMS11-062 Yes Yes None

CSRSSMS11-063 Yes Yes MS10-069

TCP/IPMS11-064 Yes Yes MS10-058

Remote Desktop Protocol

MS11-065Yes Yes None

.NET (Chart Control)MS11-066 Maybe Yes None

Visual StudioMS11-067 Maybe Yes MS09-062

KernelMS11-068 Yes Yes MS10-047

.NETMS11-069 Maybe Yes MS11-039


Security Advisories

SA 2562937: Update Rollup for ActiveX Kill Bits

This Advisory contains killbits for the following third-party software products:

• Check Point SSL VPN On-Demand applications (Check Point Software Technologies)

• ActBar (IBM)• EBI R Web Toolkit (Honeywell)

All three vendors have issued advisories and/or updates on their sites regarding these issues.


Bulletin Re-releases• MS11-025: Vulnerability in Microsoft Foundation Class

(MFC) Library Could Allow Remote Code Execution– Microsoft is rereleasing this bulletin to add Visual Studio 2010 Service Pack 1 and the

Visual C++ 2010 Redistributable Package SP1 as Affected Software. – We are also correcting the file verification information for the Visual C++ 2005 SP1

Redistributable Package, the Visual C++ 2008 SP1 Redistributable Package, and the Visual C++ 2010 Redistributable Package.

• MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution– This bulletin is being re-released to refine the update’s behavior when performing certain

data writes.

• MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure– This bulletin is being re-released to address additional SKUs.


Announcing…The BlueHat Prize: One week after

On August 3 at Black Hat, we introduced the BlueHat Prize, to be awarded to promising defensive-security mitigations. Top award? $200,000.

The response to the initial announcement has been gratifying…- See a video overview of the announcement with Senior Security

Strategist and program architect Katie Moussouris at www.bluehatprize.com.

http://www.bluehatprize.com/


Windows Malicious Software Removal Tool (MSRT)

• During this release Microsoft will increase detection capability for the following families in the MSRT:

– Win32/FakeSysdef: A top rogue that is causing dramatic customer issues. FakeSysdef tends to kill some antimalware solutions, though MSRT is not susceptible.

– Win32/Hiloti: Another prevalent trojan downloader. It’s also known for killing certain antimalware packages, though again MSRT is not susceptible.

• Available as a priority update through Windows Update or Microsoft Update.

• Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeSysdef

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeSysdef

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti

http://www.microsoft.com/malwareremove


Questions and Answers• Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.• A recording of this webcast will be available within 48 hours on the

MSRC Blog:http://microsoft.com/msrcblog Register for next month’s webcast at:http://microsoft.com/technet/security/current.aspx

http://microsoft.com/msrcblog

http://microsoft.com/technet/security/current.aspx


ResourcesBlogs• Microsoft Security Response Center (MSRC) blog:

www.microsoft.com/msrcblog • Security Research & Defense Blog:

http://blogs.technet.com/srd • Microsoft Malware Protection Center Blog:

http://blogs.technet.com/mmpc/

Twitter• @MSFTSecResponse

Security Centers• Microsoft Security Home Page:

www.microsoft.com/security • TechNet Security Center:

www.microsoft.com/technet/security• MSDN Security Developer Center:

http://msdn.microsoft.com/en-us/security/default.aspx

• Microsoft Malicious Software Removal Tool: www.microsoft.com/malwareremove

Bulletins, Advisories, Notifications & Newsletters• Security Bulletins Summary:

www.microsoft.com/technet/security/bulletin/summary.mspx

• Security Bulletins Search:www.microsoft.com/technet/security/current.aspx

• Security Advisories:www.microsoft.com/technet/security/advisory/

• Microsoft Technical Security Notifications:www.microsoft.com/technet/security/bulletin/notify.mspx

• Microsoft Security Newsletter:www.microsoft.com/technet/security/secnews

Other Resources• Update Management Process:

http://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx

• Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners.mspx

http://www.microsoft.com/msrcblog

http://blogs.technet.com/srd

http://blogs.technet.com/mmpc/

http://www.microsoft.com/security

http://www.microsoft.com/technet/security



http://www.microsoft.com/malwareremove

http://www.microsoft.com/technet/security/bulletin/summary.mspx

http://www.microsoft.com/technet/security/bulletin/summary.mspx

http://www.microsoft.com/technet/security/current.aspx

http://www.microsoft.com/technet/security/advisory/

http://www.microsoft.com/technet/security/bulletin/notify.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

http://www.microsoft.com/technet/security/secnews



http://www.microsoft.com/security/msrc/mapp/partners.mspx

http://www.microsoft.com/security/msrc/mapp/partners.mspx

Information About Microsoft August 2011 Security Bulletins

Documents

Transcript of Information About Microsoft August 2011 Security Bulletins