The security update addresses the vulnerability by correcting the manner in which applications built using MFC load external libraries. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update is rated Important for all supported editions of Microsoft Visual Studio and Microsoft Visual C++ Redistributable Package. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. Version: 5.0 General Information Executive Summary I do not want to manually install these KB's to all the servers in our environment.Security Bulletin Microsoft Security Bulletin MS11-025 - Important Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
So I am not sure why the KB does not appears in our WSUS server. When I check the Windows Update Catalog and I can see it and the KB's are available forĭownload.
Have searched WSUS based on KB number which this update has around 6 KB's associated with it and I cannot find the KB to approved them. I'm doing some compliance testing using the MBSA tool and have found that update MS11-025 - is an unapproved KB buy our WSUS server.
0 kommentar(er)
