KB2543893 - MS11-049: Vulnerability in the Microsoft XML Editor could allow information disclosure: June 14, 2011

<html><body><p>Resolves a vulnerability in Microsoft XML Editor that could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file within one of the applications listed in the “Applies to” section.</p><h2>Introduction</h2><div>Microsoft has released security bulletin MS11-049. To view the complete security bulletin, visit one of the following Microsoft websites: <ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201106.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201106.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS11-049.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2></h2><div><h3>More information about this security update</h3><h4>Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link. <br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2251489”>2251489 </a> MS11-049: Description of the security update for Visual Studio 2010: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2251487”>2251487 </a> MS11-049: Description of the security update for Visual Studio 2008 SP1: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2251481”>2251481 </a> MS11-049: Description of the security update for Visual Studio 2005 SP1: June 14, 2011<br /><br />The following are the known issues in security update 2251481. For more information about these known issues, see security update 2251481. <ul><li>If you run Visual Studio Premier Partner Edition (PPE), this security update will be listed in the <strong><span>Programs and Features</span></strong> item in Control Panel as follows:<div><strong><span>Security Update for Microsoft Visual Studio 2005 Team Suite – RUS (KB2251481)</span></strong></div></li><li>When you install this security update on a computer that does not have Visual Studio 2005 installed, you receive a message that states that the update is not applicable.</li><li>When you try to install this security update (which was re-released August 9, 2011) by using Microsoft Update, you may receive an error code “66a.”</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494094”>2494094 </a> MS11-049: Description of the security update for SQL Server 2008 Service Pack 2 QFE: June 14, 2011<br /><br />The following is the known issue in security update 2494094. For more information about this known issue, see security update 2494094.<ul><li>It may be possible to install this SQL Server 2008-based security update on a SQL Server 2005-based system where SQL Server 2008 is not installed.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494089”>2494089 </a> MS11-049: Description of the security update for SQL Server 2008 Service Pack 2 GDR: June 14, 2011<br /><br />The following is the known issue in security update 2494089. For more information about this known issue, see security update 2494089.<ul><li>It may be possible to install this SQL Server 2008-based security update on a SQL Server 2005-based system where SQL Server 2008 is not installed.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/NNNNN6”>2494100 </a> MS11-049: Description of the security update for SQL Server 2008 Service Pack 1 QFE: June 14, 2011<br /><br />The following is the known issue in security update 2494100. For more information about this known issue, see security update 2494100.<ul><li>It may be possible to install this SQL Server 2008-based security update on a SQL Server 2005-based system where SQL Server 2008 is not installed.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494096”>2494096 </a> MS11-049: Description of the security update for SQL Server 2008 Service Pack 1 GDR: June 14, 2011<br /><br />The following is the known issue in security update 2494096. For more information about this known issue see security update 2494096.<ul><li>It may be possible to install this SQL Server 2008-based security update on a SQL Server 2005-based system where SQL Server 2008 is not installed.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494086”>2494086 </a> MS11-049: Description of the security update for SQL Server 2008 R2 QFE: June 14, 2011<br /><br />The following are the known issues in security update 2494086. For more information about these known issues, see security update 2494086.<ul><li>When you use the <span>/?</span> switch or the <span>/Help </span>switch with this security update package, you receive an error message.</li><li>After you install this security update, the <span>Add or Remove Programs</span> entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the installation wizard shows the security update as an “Update Program” instead of as a “Security Update.”</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494088”>2494088 </a> MS11-049: Description of the security update for SQL Server 2008 R2 GDR: June 14, 2011<br /><br />The following are the known issues in security update 2494088. For more information about these known issues, see security update 2494088.<ul><li>When you use the <span>/?</span> switch or the <span>/Help </span>switch with this security update package, you receive an error message.</li><li>After you install this security update, the <span>Add or Remove Programs</span> entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the installation wizard shows the security update as an “Update Program” instead of as a “Security Update.”</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494123”>2494123 </a> MS11-049: Description of the security update for SQL Server 2005 Service Pack 4 QFE: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2494120”>2494120 </a> MS11-049: Description of the security update for SQL Server 2005 Service Pack 4 GDR: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2494112”>2494112 </a> MS11-049: Description of the security update for SQL Server 2005 Service Pack 3 QFE: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2494113”>2494113 </a> MS11-049: Description of the security update for SQL Server 2005 Service Pack 3 GDR: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2546869”>2546869 </a> MS11-049: Description of the security update for SQL Server 2005 Management Studio Express: June 14, 2011<br /><br />The following is the known issue in security update 2546869. For more information about this known issue, see security update 2546869.<ul><li>When you try to manually install security updates for SQL Server Management Studio Express Edition (SSMSEE) by using the SSMSEE packages that are associated with this security update, the installer only extracts the files. The installation does not start. Instead, a Help menu is displayed. This issue does not occur when you use Windows Update or Microsoft Update.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2510065”>2510065 </a> MS11-049: Description of the security update for InfoPath 2010: June 14, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2510061”>2510061 </a> MS11-049: Description of the security update for InfoPath 2007: June 14, 2011</li></ul></div><h2></h2><div><h4>Security update replacement information</h4>This security update does not replace a previously released security update.</div><h2>APPLIES TO</h2><div>In addition to the products that are listed in the “Applies to” section, this issue also affects the following products: <ul><li>SQL Server 2008 Management Studio Express</li><li>SQL Server 2008 R2 Management Studio Express</li></ul></div></body></html>