Microsoft has kept its promise and delivered a fix for the MHTML problem (MS11-026) that left Windows vulnerable enough that Google stepped in to block web pages that could potentially exploit it. Now fixed, Microsoft has even thanked Google for its help. In the acknowledgement section at the bottom of the Security Bulletin Summary for April 2011 Microsoft thanks Google “for working with us on an issue described in MS11-026”
However April’s Patch Tuesday isn’t just about the MHTML problem. Microsoft has fixed a titanic 64 vulnerabilities across the following Microsoft products: Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .NET Framework and GDI+.
Of particular interest is MS11-034 which addresses 30 vulnerabilities that all share the same couple of root causes. Described as “Vulnerabilities in Windows Kernel-Mode Drivers”, these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.
This post also has a video of Jerry Bryant giving further details of the updates in particular MS11-018 (Internet Explorer), MS11-019 (SMB Client) and MS11-020 (SMB Server).