Among the other security bulletins released during Patch Day, Microsoft also released three updates covering security vulnerabilities in various development related software packages. These security bulletins included:
- MS11-066: Microsoft Chart Control ( .NET Framework) Information Disclosure Flaw
- MS11-067: Microsoft Report Viewer and Visual Studio Information Disclosure Flaw
- MS11-069: Microsoft .NET Framework Information Disclosure Flaw
The vulnerabilities these three bulletins cover all differ technically, but generally they all allow attackers to gain access to information (such as files within a directory) that they should not have access to. Microsoft rates these bulletins as Important or Moderate.
The .NET Framework does not ship with all Windows computers, though many people do install it to support internal custom Windows applications. Furthermore, only developers install Visual Studio. For those reasons, we don’t believe that these three bulletins will pose much risk to normal Windows users. That said, if you use the affected products, we do still recommend you patch these flaws at your earliest convenience.
You can find the patches for these three issues in the “Affected Software” section of each individual bulletin linked above. — Corey Nachreiner, CISSP (@SecAdept)