Windows optimize

It's Microsoft Patch Tuesday: January 2011

Justin James gathers the information you need to make the right decision on applying Microsoft's January 2011 patches in your organization.

Happy New Year to all!

Let's hope that 2011 is a much calmer year than 2010 on the patch front. I know that getting battered like we did with December's patches (particularly with the issues reported with some of them) is not fun, and it wasn't how I hoped to spend my time before my winter hibernation. At the very least, we didn't see any out-of-band patches during the gap between New Years and Christmas, which was a welcome non-event.

NOTE: Be very cautious about KB2264107! Microsoft is warning folks to test thoroughly before pushing it out, and using it requires reading the Knowledge Base article to learn how to make the needed registry changes. This blog post is also available in PDF format in a TechRepublic download. If you're falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-001/KB2478935 - Important (Vista): Remember last month where there were a ton of patches for this issue where malformed DLLs could be loaded across the network? This is the same problem, specifically in Vista's Backup Manager System. Oddly, it affects only Vista. Install it only if you use Windows Backup Manager on Vista. 884KB - 967KB MS11-002/KB2451910 Critical (XP, Vista, W7)/Important (2003, 2008, 2008R2): This patch closes two security holes that can allow remote code execution attacks to be performed with a malformed Web page. The attacker gets the logged-on user's rights, which mitigates the damage a bit. Still, you will want to patch this immediately. The problem resides in the Data Access Components (MDAC), so it is conceivable that other components are affected as well. It is also not clear if non-IE Web browsers that leverage MDAC are also affected.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Other Updates

KB2264107 - This patch gives admins more control over the loading of DLLs, which has been a major source of security issues in the second half of 2010. Important: Microsoft recommends that you really check this out before using in a production environment. Using the update to enhance security requires registry edits; check the Knowledge Base article for details. (514KB - 5.9MB). KB2454826 - W7 reliability update (4.8MB - 10.1MB). KB976902 - Update to W7 and 2008R2 to allow updates to install properly in the future. Microsoft says that you may need to install this before other updates in order for the others to install properly (4.5MB - 10.7MB).

"The Usual Suspects": Updates to the Malicious Software Removal Tool (11.4MB - 12.8MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

No security updates were released out-of-band.

No minor items were added or updated since the last Patch Tuesday.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

11 comments
Rottman3D
Rottman3D

My 64-Bit Win 7 machines have had no issues. My 32-Bit Win 7 machines have a 100% failure rate. Heard around the office "Did Microsoft bother to test this?"

marvin.novello
marvin.novello

KB976902 is a patch required before Windows 7 and Server 2008 can install Service Pack 1. It installed fine on 2 PCs - both of them 64 bit. On my 32 bit HP laptop it caused an issue where the Windows Update check would never complete and also the 'Installed Updates' section showed the message 'There are no updates installed on this machine'. A system restore fixed these issues. Applied KB976902 again and same issues re-occurred. Have now system restored again and will leave this update alone until SP1 is out.

Kamikazematt
Kamikazematt

after the update my laptop keeps coming up with an execution error for lsass.exe. ive tried rebooting in safe mood and a previously known point but it wont get past the error messages. it'll have 2 of them and just sit at the splash screen with nothing else happening. any suggestions?

Mark W. Kaelin
Mark W. Kaelin

Are the patches described by Justin giving you trouble this month? Share your experience with your peers, maybe the TechRepublic Community can help?

dargon
dargon

Sure doesn't look like they did. I've now had a total of 5 failures with this update, including my own laptop

JeaneM
JeaneM

Are the folks with problems strictly on laptops? We have three 32-bit Win7 PCs and all three updated fine.

eladiom
eladiom

Just got a call from a customer that says updates occurred on his system this morning. His laptop is has been stuck on Stage 2 of 2 since 3 am!

glennho
glennho

my 32bit tower also stuck on Stage 2... Hard shutdown, rebooted to safe mode, rebooted. OK since then. This just shortly after 2412171 (in Dec) hit our enterprise (I didn't even have to look it up, the number is etched in my eyballs from uninstalling on so many machines), with its Outlook connect/disconnect repeatedly -- and the January re-release of that misbegotten december patch was no better - we were just faster at catching it before the damage spread again! Disappointing. Very disappointing.

dargon
dargon

Had a staff member call this morning saying their laptop got a BSOD. Had them reboot into safemode, windows reported that an update hadn't installed correctly and was undoing the changes, the laptop then rebooted and began booting into normal mode. Same message, it waited a few seconds and then got to a login prompt, no further issues

bill.helke
bill.helke

Yep - had the same issue. BSOD. Reproducible and occurs with this patch only - installed the others separately with reboots and applied this one last to verify that this is the culprit. I did as Murray suggests and hid this one so it won't install. Bad start to the New Year - never had an issue like this with W7 before.