Four bulletins are part of the package. They focus on the following issues: A bluetooth vulnerability, two Windows vulnerabilities, and one vulnerability in Microsoft Visio.
Three of the bulletins are rated as important, and one as critical. The four bulletins will correct a total of 22 issues across the previously listed vulnerabilities.
The critical bulletin, the one relating to Bluetooth, received an “Exploitability Index rating of 2,” and is described by the company as follows:
MS11-053 (Bluetooth Stack). This security bulletin resolves one privately reported vulnerability in the Windows Bluetooth Stack. This bulletin is rated Critical for Windows Vista and Windows 7 platforms. All prior versions of Windows are unaffected.
May’s patch Tuesday event was smaller, but April’s was larger than both combined. For the time being, there appears to be no detectable trend, either positive or negative, in the number of bulletins that Microsoft is being forced to issue over security flaws.
The full notes on the other three bulletins are pasted below:
MS11-054 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917). This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
MS11-056 – Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938). This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
MS11-055 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847). This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft’s blog post outlining its view on the patches can be found here.
Read next: Microsoft demos new Windows Phone 7 hardware