Patch Tuesday: Microsoft Addresses Vulnerabilities in Windows Server and MS Office

Pulkit Chandna

Patch Tuesdays usually tend to be a lot quieter during odd-numbered months like this one. Take this month's shipment of patches, for instance. If in April Microsoft delivered a record 64 fixes, this month’s Patch Tuesday release is restricted to just a couple of security bulletins that address only three vulnerabilities. Hit the jump for more.

Rated “critical” by Microsoft, security bulletin MS11-035 patches a privately reported vulnerability in the Windows Internet Name Service (WINS). Operating systems affected by the vulnerability, which can be used for remote code execution, include Windows Server 2003 and Windows Server 2008.

“The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue,” reads the executive summary of the security bulletin.

“This security update is rated Critical for servers running supported editions of Windows Server 2003, Windows Server 2008 (except Itanium), and Windows Server 2008 R2 (except Itanium), on which WINS is installed. For more information, see the subsection, Affected and Non-Affected Software, in this section.”

The other security bulletin, MS11-036, is rated “important” and addresses a couple of vulnerabilities affecting all versions of MS Office Power Point save for Office 2010. The concerned vulnerabilities are also capable of being exploited for remote code execution.

Around the web