Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library could allow remote code execution: April 12, 2011


View products that this article applies to.

Introduction

Microsoft has released security bulletin MS11-025. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
 
  • 2565057 MS11-025: Description of the security update for Visual Studio 2010 Service Pack 1: August 9, 2011

    Known issues in security update 2565057:
    • After you install this security update, three updates that have the name "KB2565057" are listed in Installed Updates. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.

      Note We do not recommend that you uninstall any security updates.
       
    • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, it is listed in Installed Updates as "Hotfix for Microsoft Visual Studio." However, it should be listed as "Security update for Microsoft Visual Studio."
  • 2565063 MS11-025: Description of the security update for Visual C++ 2010 Service Pack 1: August 9, 2011

    Known issues in security update 2565063:
    • After you install this security update on a computer that is running Windows XP Service Pack 3 (SP3), Windows Server 2003 Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1), you cannot uninstall it by using the Installed Updates feature. To remove this security update, you must completely uninstall the Microsoft Visual C++ 2010 Redistributable – 10.0.40219 program by using the Add or Remove Programs item in Control Panel. This is only applicable when uninstalling Microsoft Visual C++ 2010 Redistributable – 10.0.40219 from a computer that has Microsoft Visual C++ 2010 Redistributable – 10.0.30319 installed.
  • 2542054 MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011

    Known issues in security update 2542054:
     
    • After you install this security update, three updates that have the name "KB2542054" are listed in Installed Updates. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.

      Note We do not recommend that you uninstall any security updates.
       
    • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, it is listed in Installed Updates as Hotfix for Microsoft Visual Studio. However, it should be listed as "Security update for Microsoft Visual Studio." 

↑ Back to the top


  • 2538241 MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011

    Known issues in security update 2538241:
    • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, the installation is listed in Installed Updates as "Hotfix for Microsoft Visual Studio." However, it should be listed as "Security update for Microsoft Visual Studio." Microsoft is researching this problem and will post more information in this article when the information becomes available.
  • 2538218 MS11-025: Description of the security update for Visual Studio 2005 SP1: June 14, 2011

    Known issues in security update 2538218:
    • After you install this security update, the installation progress screen may disappear, and you may not receive confirmation that the installation was successful. To confirm that update is installed successfully, verify that the update is listed in Add or Remove Programs. Or, compare the file versions on the computer to the file versions that are listed in the "File information" section. Microsoft is researching this problem and will post more information in this article when the information becomes available.
    • If you install this security update when Visual Studio 2005 is not installed on the computer, you may receive a message that states that the update in not applicable. When you click OK to acknowledge the message, you receive an error message. Microsoft is researching this problem and will post more information in this article when the information becomes available.
  • 2538243 MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011
  • 2538242 MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011
  • 2465373 MS11-025: Description of the security update for Visual Studio .NET 2003 SP1: April 12, 2011

    Known issues in security update 2465373:
    • When you install this security update when Visual Studio 2003 is not installed on the computer, you receive a message that states that the update is not applicable. When you acknowledge the message, you receive an error message.
      Microsoft is researching this problem and will post more information in this article when the information becomes available.
  • 2467173 MS11-025: Description of the security update for Visual C++ 2010 Redistributable Package: April 12, 2011
  • 2529021 Visual Studio 2008 SP1 or a Visual Studio 2008 SP1 update cannot be installed when the installer is unable to create a log file
  • Updated and replaced security updates

    On June 14, 2011, the following security updates were replaced with newer security updates.
    Article numberArticle title
    2455033 MS11-025: Description of the security update for Visual Studio 2010: April 12, 2011
    2465361 MS11-025: Description of the security update for Visual Studio 2008 SP1: April 12, 2011
    2465367 MS11-025: Description of the security update for Visual Studio 2005 SP1: April 12, 2011
    2467174 MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: April 12, 2011
    2467175 MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: April 12, 2011


    The following are the newer security updates that replaced the security updates that are listed in the previous table.
    Article numberArticle title
    2542054 MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011
    2538241 MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011
    2538218 MS11-025: Description of the security update for Visual Studio 2005 SP1: June 14, 2011
    2538243 MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011
    2538242 MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011

    ↑ Back to the top


    Keywords: kbsurveynew, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbfix, kblangall, kb, kbexpertiseinter, kbbug, atdownload, kbmustloc

    ↑ Back to the top

    Article Info
    Article ID : 2500212
    Revision : 2
    Created on : 9/15/2017
    Published on : 9/15/2017
    Exists online : False
    Views : 598