MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution RRS feed

  • Question

  • Hello,

    Can you please which update (patch) i have to apply to fix MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution  error.

    Server: Windows server 2012 R2


    Monday, January 28, 2019 2:02 PM

All replies

  • Hi,

    You can go to the Microsoft Update Catalog and search there for "MS11-025" and you should find the updates.

    Here's a link to the search result:

    Best regards,

    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, January 28, 2019 2:08 PM
  • According to https://support.microsoft.com/en-us/help/2500212/ms11-025-vulnerability-in-microsoft-foundation-class-mfc-library-could this is a patch for Visual Studio, not specific to a version of Windows Server.  So, using that article, you can select the version of Visual Studio you are using to select the appropriate update manually.  Or, you can use Windows Update to download and apply all the latest patches, which would be a better way to ensure you are fully patched.


    Monday, January 28, 2019 2:14 PM
  • Hi,

    Thanks for posting your query here.

    we can check this to find related update.


    Best regards,

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 29, 2019 7:11 AM
  • Hi, we've received an email from securitynotifications@e-mail.microsoft.com in Sept 2019 informing us about the major revision increment on MS11-025. 

    With the following information: 
    https://docs.microsoft.com/en-us/security-updates/ SecurityBulletins/2011/ms11-025: CVE-2010-3190 | MFC Insecure Library Loading Vulnerability - Reason for Revision: Added Exchange Servers to the Affected Products table. Customers who have any supported Exchange Server installed (Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013, Microsoft Exchange Server 2016) should reinstall KB2565063. - Originally posted: April 12, 2011 - Updated: October 9, 2018 - Aggregate CVE Severity Rating: Important - Version: 5.0 

    We are currently supporting microsoft exchange server 2013 and has been actively ensure our exchange server is patched with the latest security cumulative patch. Question: do we still need to reinstall
    KB2565063 even if we have installed before the issued that it is applied to also exchange servers and requested them to do a re-installation? Do we also need to reinstall even if we have the latest security cumulative patch applied? 

    Hope to hear from you soon. 

    Tuesday, October 22, 2019 4:03 PM