May 2011 Security Bulletin Release

Hello everyone,

Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office.

MS11-035 is the sole Critical bulletin this month, and we recommend customers prioritize this bulletin. Microsoft always encourages customers to test and deploy all bulletins as soon as possible, and we have offered a broad overview of both bulletins below:

MS11-035 (WINS or Windows Internet Name Server): This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually install this component are affected by this issue and will be offered the update.

MS11-036 (PowerPoint): This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted malicious PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as a logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We’d also like to highlight that the Office File Validation feature, which is available by default for Office 2010, mitigates risk of the vulnerabilities addressed by MS11-036. Microsoft made Office File Validation available to Microsoft Office 2003 and Microsoft Office 2007 customers starting last month, to help protect more customers worldwide.

In this video, Jerry Bryant discusses this month’s bulletins in further detail:

Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).


Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view). Per our announcement during Advance Notification, note that the Index now includes an additional column that provides more comprehensive exploitability information for Microsoft’s newest platforms.


 More information about this month’s security updates can be found on the Microsoft Security Bulletin summary web page.

Additionally, Dustin Childs and I will offer the monthly technical webcast on Wednesday, and I invite you to tune in and learn more about the new security bulletin releases. The webcast is scheduled for Wednesday, May 11, 2011 at 11 a.m. PDT, and the registration can be found here.

Also, as a side note, you’ll want to stay tuned for information on the latest version of Microsoft’s Security Intelligence Report volume 10. For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

Thank you,

Pete Voss
Sr. Response Communications Manager
Microsoft Trustworthy Computing