Security

It's Microsoft Patch Tuesday: December 2011

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's December 2011 patches in your organization.

Not only was December a rough month for the patch count (how many more Office file exploits do we need to deal with this year?), but I took a look back at the years 2008 through 2010, and 2010 had only a few more security bulletins than 2011, and 2008 and 2009 had much fewer (around thirty less). Quite frankly, a 40% or even almost 50% increase in bulletins is just not acceptable. By my rough guesstimations, around 30% - 40% of this month's patches have to do with Office.

Happy holidays to all!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-087/KB2639417 - Critical (XP, Vista, W7, 2003, 2008, 2008R2): This patch fixes an issue with TrueType font handling that could allow remote code execution attacks. Not only can this be triggered through documents but also Web pages, so you should install the patch immediately. Warning: there are known issues with this patch, and one of them indicates that Office won't be able to generate PDFs anymore, as will a number of other applications! MS11-088/KB2652016 - Important (Office 2010): If you use the Chinese version of Office or the Pinyin input system, there is a way to use it to escalate privileges. You should install this patch if you use these Office products. MS11-089/KB2590602 - Important (Office 2007, Office 2010, Office for Mac 2011): Opening a Word document can lead to remote code execution attacks with the logged-on user's privileges. Because of the commonality of Word documents, I suggest that you treat this as critical and install the patch as soon as you can. MS11-090/KB2618451 - Critical (XP, 2003): This is a cumulative update for the ActiveX Kill Bits system. Install it when you normally would. MS11-091/KB2607702 - Important (Office 2003, Office 2007): Microsoft Publisher files can be used to exploit a remote code execution vulnerability, and this patch closes the hole. If you use Publisher, install this patch. MS11-092/KB2648048 - Critical (XP, Vista, W7): The Windows Media Player and Media Center applications are vulnerable to remote code execution attacks when opening up Microsoft Digital Video Recording files. You should install this patch as soon as you can. MS11-093/KB2624667 - Important (XP, 2003): Attacks can be made with the OLE system to perform remote code execution attacks. Since OLE is easily done with Office files, I suggest that you install this patch immediately. MS11-094/KB2639142 - Important (Office 2007, Office 2010, Office 2008 for Mac, Office 2007 Compatibility Pack, PowerPoint Viewer 2007): More remote code execution vulnerabilities, this time with PowerPoint. Again, patch ASAP since PowerPoint is so common. MS11-095/KB2640045 - Important (XP, 2003, Vista, W7, 2003, 2008, 2008 R2): A variety of Active Directory related technologies (Active Directory itself, AGAM, and AD LDS) have vulnerabilities with how they handle data, allowing an attacker to access them with an application that can perform remote code execution attacks. The attacker needs to be able to log on to Active Directory, which reduces the impact a good bit. You should install this patch on your normal patch cycle. MS11-096/KB2640241 - Important (Office 2003, Office 2004 for Mac): More remote code execution vulnerabilities, this time with Excel files. Install this patch as soon as you can. MS11-097/KB2620712 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): An issue with the Windows client/server run-time can allow a logged-on user to run an attack application to escalate privileges locally. This is a lower priority issue, and the patch can wait until your normal time. MS11-098/KB2633171 - Important (XP, Vista, W7, 2003, 2008): This bug is a bit unique, in that it affects only 32-bit versions of Windows. In this case, a vulnerability allows a locally logged-on user to run an application and get higher level privileges. Install the patch on your usual cycle. MS11-099/KB2618444 - Low to Important (IE6, IE7, IE8, IE9): This is a cumulative update for Internet Explorer, fixing three vulnerabilities. None of the exploits it fixes are absolutely horrible, but you will want to patch it immediately since you can be sure that folks will try to exploit them as soon as they can. Warning: There is a known issue with this patch, where doing a "Select All" in one page and then trying to paste back into IE will cause it to not work.

Other Updates

KB2633952 - Daylight Savings Time update.

"The Usual Suspects": Updates to the Malicious Software Removal Tool (14.7 - 15.1MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly: None.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certificate update KB2641690 - Update to prevent spoofing through fraudulent certificates

Changed, but not significantly: None.

About

Justin James is the Lead Architect for Conigent.

30 comments
Greg_Clark
Greg_Clark

Win7 couldn't find my network or my Wireless router the update and reboot. I had to reset everything. I have to change my settings, It downloaded in the middle of a game of BF3 ...lagged to buggery ...arghh

ozchorlton
ozchorlton

Somehow one of the patches appears to have changed, 'Download, but don't reboot', to 'Downdload, then reboot, to install', in Group Policy. Two servers, rebooted, taking out my main database, for a few minutes :-( I had to change it back in Group Policy - (SBS 2008) I was logged onto, other servers, so no reboot.

brupub
brupub

Quickbooks 2012 Pro (don't know about any of the other 2012's) is incompatible with this IE9 update. When trying to open QB you receive a fatal error that states you must turn on windows features for IE8. So uninstall this update. Supposedly Microsoft and Intuit are aware.

paul.froehle
paul.froehle

After doing the updates Secunia tells me Silverlight 4 is at end of life. Why is Microsoft not updating it? I recehecked for updates and it isn't on the list. If I'm just playing Silverlight though the browser, Do I need it installed ? Thanks

paul.froehle
paul.froehle

PDF Creator is a free program that creates a PDF printer . You can create smaller pdf's than with the Microsoft add in and will create a pdf for anything you can print.

metso
metso

Yep, the update killed the PDF capability -- XPSp3 and Word2007

Universal Soldier
Universal Soldier

This is the second time a large rollout of patches crashed my Dell XPS9000 system. First Google Chrome stopped working and then my system started to lock up. Now it is toast. Thank you Microsoft!

melinburg
melinburg

just the facts...as strange as they are. User's Automatic update settings were to download but notify before install. They were automatically downloaded. The user clicked to install. The machine prompted him to restart. From that point foward he couldnt log onto the network...getting a message that "windows cant connect to the domain contoller, be sure your user name and password....yada yada yada". I was off site, told him try system restore. Didnt work I logged onto the server with AD. His account was disabled. There is NO WAY anything but the updates somehow did this, although i cant imagaine how or why. just thought I would share in case it could help someone else. thanks! MRE_

art
art

The PDF creation issue only seems to happen if you apply the workaround described in KB2639417. The security bulletin MS11-087 for this patch lists NO known issues with the patch. I think it's safe to apply the patch, just don't do the workaround that temporarily addresses the security issue. Not to criticize but the paragraph by Justin regarding the PDF issue doesn't seem accurate...you might want to test and update this article. Thanks!

geo
geo

if the path really does "MS11-089/KB2590602 - Important (Office 2007, Office 2010, Office for Mac 2011): Opening a Word document can lead to remove code execution attacks", it should not really be installed, since "removing code execution attacks" seems a good thing. Or is it a typo, and it should read "remote"?

gsweeney
gsweeney

Regarding this patch, I received this from MS security team: The issues described in the KB are effected by the workaround (fixit). Workaround is a method that the customer can use to try to block the threat when the security update is not installed/available. When the customer installs the security update, they will not encounter these problems listed in the KB. We shall see...

joy64
joy64

Had my first 'blue screen of death' for the first time yesterday since Windows XP, years ago, not 1 hour after apply the updates! I dread these updates every time they are released!

l.kobiernicki
l.kobiernicki

Use Libre Office. It's free, generates .PDFs, & it's not M$ crippleware. Unless, of course, you have corporatist security policies, ensuring that no non-M$ approved products can be installed and run ! Their so-called " security " doesn't work for you, but maintains their grip on you, preventing you from doing all that you need .. Use Linux, & you just won't have all these M$ self-generated problems

LyleStephens
LyleStephens

Isn't there anyone at Microsoft smart enough to solve this problem without crippling their own products?

Han CNX
Han CNX

I was very concerned about losing the ability to generate PDFs from within Office, so I applied the patch on my XP SP3 with Office 2007 virtual machine. PDF generation still works the same as before. (Save As, then select PDF) So not sure what this is all about. Would still like to know before rolling this one out.

Gisabun
Gisabun

While there were a bit too many bulletins [and generally MS doesn't dump a big batch of bulletins in December because of the holidays and lack of staff at some businesses] many of these bulletins covered mostly single issues. Compare that against other OSs or apps that have multiple issues. A good chunk of these updates were under 1MB as well. As for the PDF issue with MS11-087, the issue could be more related to add-ons. I tried to create a PDF in Word with Acrobat 10 and it was fine. THere is also an issue with Office 2003 with the Compatibility Pack and viewing .PPTX files.

danieltjohnson
danieltjohnson

Reading the Microsoft site, I can pick between a zero day vulnerability or retraining my whole office not to save to pdf's. This patch is going to completely kill the workflow of our company. Where's the eggnog when I need it...

BALTHOR
BALTHOR

I downloaded Win 8 from one of these share sites.It was no good.It installed as Win 7 with a whole bunch of stuff missing.Probably have to wait a while here.14 hours at 73 kb/s.It was buried in rar files.If you use WinRar you need the 64bit model and in File you select group and extract to a folder.I put my folders on the desktop.This method puts all the rar files back together again.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe you peers can help - describe the problems you are having.

Justin James
Justin James

SL5 just came out a few days ago. You should update, but it's not too big of a deal if you wait a bit of time. There's little that's special about SL5 vs. 4, and SL in the browser is quickly going nowhere. J.Ja

gsweeney
gsweeney

Hi sliced.bread :) If you find out which patch BSOD'd your box, please let us know. Thanks

Justin James
Justin James

I know, I was like, "what?" when I saw that the KB said that I'd be losing the ability to save as PDF. I haven't checked Quicken yet to see if I can save as PDF, I need that functionality to send invoices sometimes... J.Ja

Gisabun
Gisabun

Unsure you bothered with a file sharing site. The "preview" of Win8 is available for anyone. Which brings me to this question: What has this to do with Tuesday's patches?

JeaneM
JeaneM

We didn't have any problems with Office 2010 Pro or Adobe Acrobat. PDFFill works okay as does BullZip. However, PDFCreator no longer works on a XPsp3 machine. Going to try uninstall and reinstall of PDFCreator to see if that fixes it.

mike five
mike five

Another fine job by Microsoft. My sound no longer works after the December patches. Not knowing all of the sound files that should autorun at startup, I'm up to three hours trying to fix their fix (no, restore did not work either). Starting manually didn't work either.

Justin James
Justin James

This is yet another one of BALTHOR's famous posts. They are joke posts, and I find them quite funny. :D J.Ja

Gisabun
Gisabun

You sure it's Microsoft. It is not their responsibility to make sure their patches work. They test them but there is no way they can guarantee that the patches work for all. If anything, complain to who ever made your sound card. It's their developers who botched something as mine works fine. Did you have the latest drivers? Did you check their forums?

Editor's Picks