|
The first, rated critical, resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). A maliciously crafted WINS packet could trigger remote code execution.
WINS is not installed by default, and the issue only affects Windows Server 2003 and 2008 (including R2). It will only be offered to those operating systems by Windows Update if WINS has been installed.
The second issue is a pair of vulnerabilities that allow a maliciously crafted PowerPoint file to trigger remote code execution. It is only rated important as it is necessary for a user to open the file, and an exploit only gains the same rights as that user.
Affected versions are PowerPoint 2002, 2003, 2004, 2007 and 2008. Related software - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2; and Open XML File Format Converter for Mac - also contain the vulnerability.
There's more on May's Patch Tuesday updates on page 2.
|
Microsoft also released new versions of the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter, and a revised version of previous security updates for .NET Framework 3.5 SP1 on Windows Server 2008 and Windows Vista, and .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (as described in bulletin MS11-028 which was released on last month's Patch Tuesday).
Non-security updates released include fixes for some USB drivers not being updated during the installation of Windows 7 Service Pack 1 or Windows Server 2008 P2 Service Pack 1, and for the "0xC0000034" and "0xC0000009A" errors when trying to install Windows 7 Service Pack 1 or Windows 2008 R2 Service Pack 1.