Security

It's Microsoft Patch Tuesday: July 2011

Justin James gathers the information you need to make the right decision when applying Microsoft's July 2011 patches in your organization.
As far as these things go, July 2011 is nice and easy compared to the last monster Patch Tuesday in June. The big news is that Internet Explorer 9 is now coming down the pike via WSUS. While I've found IE9 to be a massive improvement over IE8, you will want to make sure that your testing is complete before moving to IE9. Once again, our old friend the library loading from network locations bug has struck again, this time with Visio 2003. Why hasn't Microsoft fixed all these by now? I feel like a year from now they will still be finding this with, say, Publisher or Groove or something else that isn't as widely used. This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-053/KB2532531 - Critical (Vista, W7): The Windows Bluetooth stack can allow remote code execution attacks when provided with bad packets. Needless to say, this is a critical issue for any computer with Bluetooth installed and enabled. Microsoft says to make sure that you install KB2552343 before installing this update. 328KB - 464KB MS11-054/KB2555917 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): This patch solves fifteen (yes, fifteen) escalation of privilege vulnerabilities in Windows. They all require the attacker to be logged on locally, which mitigates much of their risk, thankfully. You should install this patch at your usual time. 1.1MB - 4.2MB MS11-055/KB2560847 - Important (Visio 2003 SP3): Remember our old friend the library loading bug, which can allow remote code execution attacks by opening files in network locations? This is another patch for this bug, this time in Visio 2003 SP3. Install the patch if you have this older version of Visio installed. 1.0MB MS11-056/KB2507938: Important (XP, Vista, W7, 2003, 2008, 2008 R2): Another patch for escalation of privilege issues, five fixed with this patch, this time in the Client/Server Run-time Subsystem. Again, these holes need the attacker to be locally logged on to exploit them, and the patch can wait until your normal patch time. 307KB - 4.0MB

Other Updates

KB2263829 - This patch fixes a Hyper-V issue under Server 2008 R2 x64 SP1 where network connections are getting disabled or dropped off. 378KB KB2533623 - An omnibus patch for Vista, W7, 2008, and 2008 R2, to resolve the library loading insecurities. 473KB - 4.0MB KB2552343 - Fixes a problem where Windows Update packages are timing out under for Windows Embedded Standard 7. 293KB - 549KB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (13.9 - 14.3MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

  • KB2529073 - Fix for USB driver issues in W7 SP1 and 2008 R2 SP1.
  • KB973685 - Patch for XML Core Services 4.0 SP3 on Itanium.
  • KB973688 - Patch for XML Core Services 4.0 SP3.
  • KB982018 - Improved compatibility for Advanced Format Disks.
  • MS11-052/KB2544521 - Security update for IE.
  • MS08-069/KB954430 - Security update for XML Core Services 4.0 SP 2.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2541763 - Update to allow IE to read fragmented TLS and SSL handshake messages. KB2545698 - Fix for blurry text in IE9. KB2552343 - Patch to correct timeout issues when installing certain patches for W7 and 2008 R2. KB931125 - Root certificate updates.

Changed, but not significantly:

  • KB943729 - Group policy preference client side extensions for XP.
  • IE9 - Now being pushed via WSUS.

About

Justin James is the Lead Architect for Conigent.

8 comments
JCitizen
JCitizen

now that is a switch! I've had nothing but trouble before. This is the first update cycle that hasn't hosed something! My PC is running better than ever "so far". (knock on wood) I've since learned to do .NET updates separately and after a clean boot.

bulldurn
bulldurn

I really appreciate your articles every month on the MS Patches. I always look them over before pushing them out to our domain. Good job every month !!!

Gis Bun
Gis Bun

KB2552343 is listed twice.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe you peers can help - describe the problems you are having.

juliette.fister
juliette.fister

Ditto on the appreciation. This information is always helpful.

Justin James
Justin James

Yes, that's because when it was released out of band, it was for W7 and 2008 R2, and this week's release was for Windows Embedded Standard 7. J.Ja

jcbronson
jcbronson

KB2555917 and KB2507938 have been giving my web team fits! We've had to remove both. YMMV, but I'd love to hear if anyone else has encountered this and found a fix.

Editor's Picks