MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library could allow remote code execution: April 12, 2011

Microsoft has released security bulletin MS11-025. To view the complete security bulletin, visit one of the following Microsoft websites:

• Home users:
  http://www.microsoft.com/security/pc-security/bulletins/201104.aspx (http://www.microsoft.com/security/pc-security/bulletins/201104.aspx)
  Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:
  http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx (http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx)

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support website: North American customers can also obtain instant access to unlimited no-charge email support or to unlimited individual chat support by visiting the following Microsoft website: For enterprise customers, support for security updates is available through your usual support contacts.

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.

• 2565057  (http://support.microsoft.com/kb/2565057/ ) MS11-025: Description of the security update for Visual Studio 2010 Service Pack 1: August 9, 2011
  
  Known issues in security update 2565057:
  • After you install this security update, three updates that have the name "KB2565057" are listed in Installed Updates. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.
    
    Note We do not recommend that you uninstall any security updates.
    
    
  • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, it is listed in Installed Updates as "Hotfix for Microsoft Visual Studio." However, it should be listed as "Security update for Microsoft Visual Studio." Microsoft is researching this problem and will post more information in this article when the information becomes available.
• 2565063  (http://support.microsoft.com/kb/2565063/ ) MS11-025: Description of the security update for Visual C++ 2010 Service Pack 1: August 9, 2011
  
  Known issues in security update 2565063:
  • After you install this security update on a computer that is running Windows XP Service Pack 3 (SP3), Windows Server 2003 Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1), you cannot uninstall it by using the Installed Updates feature. To remove this security update, you must completely uninstall the Microsoft Visual C++ 2010 Redistributable – 10.0.40219 program by using the Add or Remove Programs item in Control Panel. This is only applicable when uninstalling Microsoft Visual C++ 2010 Redistributable – 10.0.40219 from a computer that has Microsoft Visual C++ 2010 Redistributable – 10.0.30319 installed.
• 2542054  (http://support.microsoft.com/kb/2542054/ ) MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011
  
  Known issues in security update 2542054:
  • After you install this security update, three updates that have the name "KB2542054" are listed in Installed Updates. This is expected behavior. When you install the update, Microsoft Visual C++ 2010 x64 Runtime and Microsoft Visual C++ x86 Runtime updates are also installed. If you uninstall the security update, you must uninstall all three updates individually.
    
    Note We do not recommend that you uninstall any security updates.
    
    
  • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, it is listed in Installed Updates as Hotfix for Microsoft Visual Studio. However, it should be listed as "Security update for Microsoft Visual Studio."  Microsoft is researching this problem and will post more information in this article when the information becomes available.
• 2538241  (http://support.microsoft.com/kb/2538241/ ) MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011
  
  Known issues in security update 2538241:
  • The installation wizard identifies the installation as "Software Update." However, it should be identified as "Security Update." After you install the security update, the installation is listed in Installed Updates as "Hotfix for Microsoft Visual Studio." However, it should be listed as "Security update for Microsoft Visual Studio."  Microsoft is researching this problem and will post more information in this article when the information becomes available.
• 2538218  (http://support.microsoft.com/kb/2538218/ ) MS11-025: Description of the security update for Visual Studio 2005 SP1: June 14, 2011
  
  Known issues in security update 2538218:
  • After you install this security update, the installation progress screen may disappear, and you may not receive confirmation that the installation was successful. To confirm that update is installed successfully, verify that the update is listed in Add or Remove Programs. Or, compare the file versions on the computer to the file versions that are listed in the "File information" section. Microsoft is researching this problem and will post more information in this article when the information becomes available.
  • If you install this security update when Visual Studio 2005 is not installed on the computer, you may receive a message that states that the update in not applicable. When you click OK to acknowledge the message, you receive an error message. Microsoft is researching this problem and will post more information in this article when the information becomes available.
• 2538243  (http://support.microsoft.com/kb/2538243/ ) MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011
• 2538242  (http://support.microsoft.com/kb/2538242/ ) MS11-025: Description of the security update for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011
• 2465373  (http://support.microsoft.com/kb/2465373/ ) MS11-025: Description of the security update for Visual Studio .NET 2003 SP1: April 12, 2011
  
  Known issues in security update 2465373:
  • When you install this security update when Visual Studio 2003 is not installed on the computer, you receive a message that states that the update is not applicable. When you acknowledge the message, you receive an error message. Microsoft is researching this problem and will post more information in this article when the information becomes available.
• 2467173  (http://support.microsoft.com/kb/2467173/ ) MS11-025: Description of the security update for Visual C++ 2010 Redistributable Package: April 12, 2011
• 2529021  (http://support.microsoft.com/kb/2529021/ ) Visual Studio 2008 SP1 or a Visual Studio 2008 SP1 update cannot be installed when the installer is unable to create a log file

Updated and replaced security updates

On June 14, 2011, the following security updates were replaced with newer security updates.

The following are the newer security updates that replaced the security updates that are listed in the previous table.