It's Microsoft Patch Tuesday: January 2011

Justin James gathers the information you need to make the right decision on applying Microsoft's January 2011 patches in your organization.

Happy New Year to all!

Let's hope that 2011 is a much calmer year than 2010 on the patch front. I know that getting battered like we did with December's patches (particularly with the issues reported with some of them) is not fun, and it wasn't how I hoped to spend my time before my winter hibernation. At the very least, we didn't see any out-of-band patches during the gap between New Years and Christmas, which was a welcome non-event.

NOTE: Be very cautious about KB2264107! Microsoft is warning folks to test thoroughly before pushing it out, and using it requires reading the Knowledge Base article to learn how to make the needed registry changes. This blog post is also available in PDF format in a TechRepublic download. If you're falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-001/KB2478935 - Important (Vista): Remember last month where there were a ton of patches for this issue where malformed DLLs could be loaded across the network? This is the same problem, specifically in Vista's Backup Manager System. Oddly, it affects only Vista. Install it only if you use Windows Backup Manager on Vista. 884KB - 967KB MS11-002/KB2451910 Critical (XP, Vista, W7)/Important (2003, 2008, 2008R2): This patch closes two security holes that can allow remote code execution attacks to be performed with a malformed Web page. The attacker gets the logged-on user's rights, which mitigates the damage a bit. Still, you will want to patch this immediately. The problem resides in the Data Access Components (MDAC), so it is conceivable that other components are affected as well. It is also not clear if non-IE Web browsers that leverage MDAC are also affected.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Other Updates

KB2264107 - This patch gives admins more control over the loading of DLLs, which has been a major source of security issues in the second half of 2010. Important: Microsoft recommends that you really check this out before using in a production environment. Using the update to enhance security requires registry edits; check the Knowledge Base article for details. (514KB - 5.9MB). KB2454826 - W7 reliability update (4.8MB - 10.1MB). KB976902 - Update to W7 and 2008R2 to allow updates to install properly in the future. Microsoft says that you may need to install this before other updates in order for the others to install properly (4.5MB - 10.7MB).

"The Usual Suspects": Updates to the Malicious Software Removal Tool (11.4MB - 12.8MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

No security updates were released out-of-band.

No minor items were added or updated since the last Patch Tuesday.

Changed, but not significantly:


Justin James is the Lead Architect for Conigent.

Editor's Picks