MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library could allow remote code execution: April 12, 2011

<html><body><p>Resolves a vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library.</p><h2>Introduction</h2><div>Microsoft has released security bulletin MS11-025. To view the complete security bulletin, visit one of the following Microsoft websites:<br /><ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201104.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201104.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /> <ul><li><a href=“https://support.microsoft.com/en-us/help/2565057”>2565057 </a> MS11-025: Description of the security update for Visual Studio 2010 Service Pack 1: August 9, 2011<br /><br />Known issues in security update 2565057:<ul><li>After you install this security update, three updates that have the name “KB2565057” are listed in <span>Installed Updates</span>. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.<br /><br /><span>Note</span> We do not recommend that you uninstall any security updates.<br /> </li><li>The installation wizard identifies the installation as “Software Update.” However, it should be identified as “Security Update.” After you install the security update, it is listed in <span>Installed Updates </span> as “Hotfix for Microsoft Visual Studio.” However, it should be listed as “Security update for Microsoft Visual Studio.”</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2565063”>2565063 </a> MS11-025: Description of the security update for Visual C++ 2010 Service Pack 1: August 9, 2011<br /><br />Known issues in security update 2565063:<ul><li>After you install this security update on a computer that is running Windows XP Service Pack 3 (SP3), Windows Server 2003 Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1), you cannot uninstall it by using the <strong>Installed Updates</strong> feature. To remove this security update, you must completely uninstall the Microsoft Visual C++ 2010 Redistributable – 10.0.40219 program by using the <strong>Add or Remove Programs</strong> item in Control Panel. This is only applicable when uninstalling Microsoft Visual C++ 2010 Redistributable – 10.0.40219 from a computer that has Microsoft Visual C++ 2010 Redistributable – 10.0.30319 installed.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2542054”>2542054 </a> MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011<br /><br />Known issues in security update 2542054:<br /> <ul><li>After you install this security update, three updates that have the name “KB2542054” are listed in <span>Installed Updates</span>. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.<br /><br /><span>Note</span> We do not recommend that you uninstall any security updates.<br /> </li><li>The installation wizard identifies the installation as “Software Update.” However, it should be identified as “Security Update.” After you install the security update, it is listed in <span>Installed Updates </span>as Hotfix for Microsoft Visual Studio. However, it should be listed as “Security update for Microsoft Visual Studio.” </li></ul></li></ul></div><h2></h2><div><li><a href=“https://support.microsoft.com/en-us/help/2538241”>2538241 </a> MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011<br /><br />Known issues in security update 2538241:<br /><ul><li>The installation wizard identifies the installation as “Software Update.” However, it should be identified as “Security Update.” After you install the security update, the installation is listed in <span>Installed Updates</span> as “Hotfix for Microsoft Visual Studio.” However, it should be listed as “Security update for Microsoft Visual Studio.” <span>Microsoft is researching this problem and will post more information in this article when the information becomes available.<br /></span></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2538218”>2538218 </a> MS11-025: Description of the security update for Visual Studio 2005 SP1: June 14, 2011<br /><br />Known issues in security update 2538218:<br /> <ul><li>After you install this security update, the installation progress screen may disappear, and you may not receive confirmation that the installation was successful. To confirm that update is installed successfully, verify that the update is listed in <span>Add or Remove Programs</span>. Or, compare the file versions on the computer to the file versions that are listed in the “File information” section. <span>Microsoft is researching this problem and will post more information in this article when the information becomes available.<br /></span></li><li>If you install this security update when Visual Studio 2005 is not installed on the computer, you may receive a message that states that the update in not applicable. When you click <strong>OK</strong> to acknowledge the message, you receive an error message. <span>Microsoft is researching this problem and will post more information in this article when the information becomes available.<br /></span></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2538243”>2538243 </a> MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2538242”>2538242 </a> MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2465373”>2465373 </a> MS11-025: Description of the security update for Visual Studio .NET 2003 SP1: April 12, 2011<br /><br />Known issues in security update 2465373:<br /><ul><li>When you install this security update when Visual Studio 2003 is not installed on the computer, you receive a message that states that the update is not applicable. When you acknowledge the message, you receive an error message.<br /><span>Microsoft is researching this problem and will post more information in this article when the information becomes available.<br /></span></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2467173”>2467173 </a> MS11-025: Description of the security update for Visual C++ 2010 Redistributable Package: April 12, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2529021”>2529021 </a> Visual Studio 2008 SP1 or a Visual Studio 2008 SP1 update cannot be installed when the installer is unable to create a log file</li><h3>Updated and replaced security updates</h3>On June 14, 2011, the following security updates were replaced with newer security updates. <div><table><tr><th>Article number</th><th>Article title</th></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2455033”>2455033 </a></td><td>MS11-025: Description of the security update for Visual Studio 2010: April 12, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2465361”>2465361 </a></td><td>MS11-025: Description of the security update for Visual Studio 2008 SP1: April 12, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2465367”>2465367 </a></td><td>MS11-025: Description of the security update for Visual Studio 2005 SP1: April 12, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2467174”>2467174 </a></td><td>MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: April 12, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2467175”>2467175 </a></td><td>MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: April 12, 2011</td></tr></table></div><br /><br />The following are the newer security updates that replaced the security updates that are listed in the previous table. <div><table><tr><th>Article number</th><th>Article title</th></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2542054”>2542054 </a></td><td>MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2538241”>2538241 </a></td><td>MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2538218”>2538218 </a></td><td>MS11-025: Description of the security update for Visual Studio 2005 SP1: June 14, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2538243”>2538243 </a></td><td>MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2538242”>2538242 </a></td><td>MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011</td></tr></table></div></div></body></html>