Microsoft has released 4 security bulletins covering a total of 22 vulnerabilities,one of which rated Critical and it affects the Microsoft Bluetooth Stack. An attacker in physical proximity to a vulnerable computer can exploit this issue for a complete compromise. and threee of which are rated Important, include a patch for a previously public issue in Microsoft Visio, and multiple local issues in the Client/Server Runtime Subsystem (CSRSS) and Windows kernel-mode drivers.
The following vulnerabilities has rated “Critical”:
MS11-053 – Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.
The following vulnerabilities has rated “Important”:
MS11-054 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
MS11-056 – Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
MS11-055 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit,
We will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.
Leave a reply