Windows

It's Microsoft Patch Tuesday: March 2011

Justin James gathers the information you need to make the right decision on applying Microsoft's March 2011 patches in your organization.

The last month is a perfect example of when Microsoft really sticks it to us on patching. They released a huge pile of patches out-of-band, including Service Pack 1 for Windows 7 and 2008 R2. But the security updates and other scheduled patches were relatively tame. What gives? Note that while SP1 was released out-of-band for Windows Update, WSUS servers are getting it on Patch Tuesday itself.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-015/KB2510030 - Critical (XP, Vista, 7)/Important (2008 R2): There is a remote code execution vulnerability in DirectShow, Windows Media Player, and Windows Media Center. They can be triggered by opening media files. You'll want to patch this immediately since we know how people are more than happy to open videos of cats doing cute things. 476KB - 2.2MB MS11-016/KB2494047 - Important (Microsoft Groove 2007): This patch addresses another in the long line of errors with opening files on a share with a malformed attack DLL. In this case, it's Microsoft Groove 2007. Install this patch if you use Groove. 3.0MB MS11-017/KB2508062 - Important (CP, Vista, 7, 2003, 2008, 2008 R2): A problem in the Remote Desktop Client allows attackers to perform remote code execution attacks by putting an EDP file in the same location as a bad DLL file. This is a variation on a common theme over the last few months. Luckily, this is a somewhat uncommon scenario, and the installation of this patch can wait until your usual patch time. 759KB - 4.9MB

Other Updates

KB2505438 - This patch resolves an issue with DirectWrite slowing down W7 and 2008 R2 machines. 1.6MB - 2.4MB

 

"The Usual Suspects": Updates to the Malicious Software Removal Tool (3.0MB - 12.5MB) and the Junk Email Filter (2.2MB).

Changed, but not significantly:

  • KB972493 - WSUS SP2 Dynamic Installer for Server Manager

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2387530 - Fixes issues with connecting to a Wi-Fi Protected Setup device in Windows 7 192KB KB2483139 - A massive drop of language packs for Windows 7 SP1 37.3MB - 196.5MB KB2484033 - Fixes for problems printing XPS documents in W7 and 2008 R2 343KB - 1.1MB KB2488113 - Reliability update for W7 and 2008 R2, for applications running DirectX in a browser 161KB - 492KB KB2498472 - W7/2008 R2 reliability update to fix a false message about a corrupted file system 1.9MB - 4.4MB KB947821 - February update to the System Update Readiness Tool for Vista, W7, 2008, and 2008 R2 41.3MB - 159.6MB KB976932 - Service Pack 1 for W7 and 2008 R2: According to Microsoft, no new features are introduced in SP1; it's just a giant collection of existing patches. This was released to Windows Update a few weeks ago, but just now deployed to WSUS servers. 569MB - 947MB

Changed, but not significantly:

  • KB2393802 - MS11-011 (Security Update for W7 and 2008 R2)
  • KB2160841 - MS10-077 (Security Update for .NET Framework 4)
  • KB2416472 - MS10-070 (Security Update for .NET Framework 4)
  • KB968930 - Windows PowerShell 2.0 and WinRM 2.0 for Vista/2008
  • KB971029 - Update to AutoPlay functionality in XP, Vista, 2003, and 2008
  • KB971033/KB972493 - Update for Windows Activation Technologies in W7
  • KB982670 - .NET Framework 4 Client Profile
  • KB982671 - .NET Framework 4

About

Justin James is the Lead Architect for Conigent.

23 comments
za5g
za5g

I have installed SP1 to some of our PCs and Servers and averything seems to be OK. Of course all of them have the lastest bios, drivers and patches installed!

cheesedog
cheesedog

sp 1 broke the print spooler on one of my machines. shows as running in services, but printers are not available. trying to add printer says print spooler not running. AAARRGH.

tom_housden2k8
tom_housden2k8

I have tried installing KB2479943 using Automatic Update, Windows Update and installing on shutdown but it still won't install and doesn't give a reason! Why is this?

clockmendergb
clockmendergb

I am not a professional tech guy but I do have 5 win 7 machines and one vista on my small network I have allowed auto update on all but one machine that we use for accounts The only problem lately has been this windows explorer has an error and needs to restart on one win 7. I hope this is my biggest problem. I tend to delay updates to our accounting machine until I have had input from forums like this one as for upgrading to Win 7 I have only one machine that went from vista to 7 that has given me a few problems I finally killed by doing a clean install. I know industry will hang on for a few years yet to XP but I am happy to have made the switch given that win 7 is more able to self heal which is important to a small business situation similar to the one I have. I have been receiving techrepublic since 2000 and I have found it to be a valuable source of reliable information which is credit to all the professionals who spend a moment to input their experiences. Thanks to all of you

jdmeaux
jdmeaux

The updates continually locks ups my wife's laptop. I went through each section of it and still am unable to figure what was freezing it up. So DEATH to Win 7 SP 1..! However, my desktop has no problems with it. But then mine is older, slower, and uses AMD. Could this be the PROBLEM????

alopez
alopez

If you are a Dell shop, like we are... you may have been experiencing random BSOD reports after patching. This unfortunately is due to clashes with the video driver. Microsoft had finally re-released the patches to expand scope for W7 32/64 and Server 2008 32/64. We went about the labor of ensuring vid drivers updated to at least 6.14.10.5284 as a potential fix.

mbwmn
mbwmn

so far 2 of the 4 desktops i put into the test group failed to reboot. "fatal error". the fix involves booting to safe mode and editing a line in the SP! XML file.

matt.puthoff
matt.puthoff

We are seeing some issues on the servers that host Symantec products. Other than that everything seems ok.

majykmyschyf
majykmyschyf

Using Win7 and IE9 beta Another ain't broke so let's fix it Tuesday has come and gone... Every set of updates for two months has created another problem from and not limited to sleep resume, LAN and the currently really aggravating IE has encountered a problem and needs to close, we'll be in touch if we get around to it. I can hardly wait for next Tuesday.

d.p.braune
d.p.braune

Completely hosed my HP laptop. Failed because of Languages packs (as per hundreds of posted on the Net). NTOSKRNL.EXE is consuming 50% of my machine. ARGH!!!

Justin James
Justin James

I've installed W7/2008 R2 SP1 on a number of machines, no problems for me so far. J.Ja

gencvojka
gencvojka

I installed SP1 in my W7 and my w2008 15 servers, and eveything is going smoothly as before... no problems. BR,

RockerGeek!
RockerGeek!

yet... I haven't installed sp1 for my Win7 machines (work/personal), either. A few ppl in my office experienced... um, difficulties after installing it. Perhaps I'll wait another week

Solenoid
Solenoid

"You???ll want to patch this immediately since we know how people are more than happy to open videos of cats doing cute things." Priceless. Otherwise, no difficulties with the patch.

Mark W. Kaelin
Mark W. Kaelin

Are the patches described by Justin giving you trouble this month? Share your experience with your peers, maybe the TechRepublic Community can help?

JCitizen
JCitizen

only on Vista with me, but my Win7 clients are having worse problems. I've never reinstalled an update on anything past XP; so I may have to learn something new!

Justin James
Justin James

A great rule of thumb is to NEVER install language packs unless you need them. They waste massive amounts of space, and the installations of them have been weird for a while. Vista SP1 wouldn't install if you had the language packs installed, for example. J.Ja

rpost
rpost

On the way back up following a shutdown/reboot, "Fatal error C0000034 . . . 291 of 120687," two systems displayed the identical error. One, a Dell OptiPlex 980 the other a Precision T3500. There is actually a link to Microsoft that addresses that specific error. It is: http://www.microsoftpro.nl/2011/03/10/windows-7-doesnt-boot-after-installing-sp1-error-c0000034-or-installing-x-from-x-0000000000000000-cdf-ms/ It involves, in repair mode, editing a file created during the update. Thanks a lot to a tech at Dell for pulling this all together and offering a lot of guidance and patience.

JCitizen
JCitizen

just bought a new DELL, then had to take it back to the store because of the Win7 SP1 update. Looks like MS is continuing as usual at using us as their test lab. Gee thank MS! He had to bring it back to Staples and have it replaced. The techs over there couldn't figure out what happened either. He couldn't even reinstall the operating system using the recovery partition!! I never let a client put anything on their PC until it is fully updated. This providing they are behind a hardware firewall. So far I've found the Win7 x64 firewall is sufficient for folks who only have a modem; for at least as long as it takes to update. Needless to say, like the XP SP3 update year ago; I'm putting SP1 on hold until they get the bugs out. Too bad we didn't get prior warning like we did back then.

JCitizen
JCitizen

I learned that the hard way too! :(

Justin James
Justin James

"He couldn't even reinstall the operating system using the recovery partition!!" There is zero way that a service pack or other patch could make this happen, unless it magically wiped out the recovery partition (not happening). What's MUCH more likely is that his brand new PC experienced a failure a few days after being purchased. Computers tend to either die in the first week of purchase (manufacturing defect), or a long time after you buy them. J.Ja

JCitizen
JCitizen

the computer booted up and was working until the update. I wouldn't be surprised if some of this is DELL's fault; but even the patch cycle that I received that same day for Vista hosed my machine. Browsers would take forever or not open, anti-virus exploded - I ended up reinstalling all AV/AM software and changing one brand on that too! Then MS wouldn't send me my .NET updates that should have come with that package, so I had to go to Secunia PSI to get them. Now my PC is up to snuff again(with the exception of Rapport, but I'm working with Trusteer on that one). When are we going to be relieved of test lab duty!??

Editor's Picks