In late February we saw a large dump of patches out of band. Not a single one was considered a security item. I know I have said this before, but this is really unacceptable. I do not think a single systems administrator has commented on one of these blog posts with praise for out-of-band, nonsecurity patches, and I would be highly surprised if it ever happens (I know I just invited a rash of sarcastic "I love it!" comments). That being said, there are only two security items this month, both of them related to opening poisoned files.
This blog post is also available in PDF format in a free TechRepublic download.
Security patchesMS10-016/KB975561 - Important (XP, Vista, 7, Microsoft Producer 2003): Specially crafted Movie Maker files can be used to exploit Microsoft's Movie Maker and Producer 2003 applications and remotely execute code. This code is executed with the logged-in user's permissions, which makes this less of a security concern. Install this patch during your next regular patch cycle. 1.7MB - 6.1MB MS10-017/KB980150 - Important (Office XP, Office 2003, Office 2007, Office 2004 for Max, Office 2008 for Mac, Office SharePoint Server 2007, Excel Viewer, Office Compatibility Pack): A number of problems in Excel's file handling exposed it to remote code execution attacks with the user's permissions. Microsoft does not rate this as "critical," but given the prevalence of Excel and the likelihood of users opening Excel files, you will want to install it immediately. 4.9MB - 221.5MB
Other updatesKB976002: This patch adds the new "browser ballot" to existing installs of Windows for European users affected by the recent legal actions around this issue. For some reason, they released it out of band in late February and again on March's Patch Tuesday. 104KB - 745KB "The Usual Suspects": Updates to the Malicious Software Removal Tool (9.7MB - 10MB) and Junk Email filters (2.2MB).
Changed, but not significantly:
- European "Browser Ballot" screen (KB976002)
- IIS Extended Protection for Authentication (KB973917)
- Application Compatibility Update (KB976264)
Updates since the last Patch Tuesday
No new security items were released out of band.
There have been a number of minor items added and updated since the last Patch Tuesday:
- Windows Activation Update (KB971033) fixes some potential ways to work around the "Genuine Advantage" validation. 1.2MB **
- Meiryo Fonts (KB975929) updates the Meirya Japanese fonts in Vista and 2008 to include some new, more easily read fonts. 9.7MB - 10.1MB
- European "Browser Ballot" screen (KB976002) adds the new "browser ballot" to existing installs of Windows for European users affected by the recent legal actions around this issue. 104KB - 572KB
- Application Compatibility Update (KB976264) improves compatibility in Vista, 7, 20008, and 2008 R2 for a large number of applications, including a number of games. 31KB - 3.3MB
- .NET 2.0 SP2 Update (KB976569) and .NET 3.0 SP2 Update (KB976570) are both for XP and 2003 and fix a problem with some objects not serializing with .NET 3.5 and .NET 4. 226KB - 25MB
- IE 8 JSON improvements (KB976662) gets IE8's JSON handling (used in a lot of Web applications) in line with the latest standards. 336KB - 1.2MB
- Fix for Romanian errors showing in Czech Windows (KB977617) 50KB - 57KB
- Hanging W7 update (KB977632) resolves a problem where W7 machines with certain CPUs would hang if put to sleep or hibernated while running a VM in Virtual PC. 161KB - 183KB
- Cumulative Media Center Update (KB977863) and TVPack Update (KB977864) fix a number of issues with Media Center and the Media Center TVPack on Windows 7. 4.2MB - 11.6MB
- Compatibility Settings Fix (KB978637) for W7 and 2008 R2 addresses a scenario where a program that opens another ignores the compatibility settings. 263KB - 1.9MB
- Rights Management Services Client Update (KB979099) for Vista and 2008 handles expired manifests for AD RMS enabled applications better. 4.0MB - 9.2MB
- Daylight Savings Time Update (KB979306) gets Windows up to speed with recent changes to DST around the world. 145KB - 1.3MB
Changed, but not significantly:
- Security update for 32 bit versions of Windows (KB977165) - fix to the Windows Kernel that closed an escalation of privileges hole.
Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!
Justin James is the Lead Architect for Conigent.