Security

It's Microsoft Patch Tuesday: May 2011

Justin James gathers the information you need to make the right decision on applying Microsoft's May 2011 patches in your organization.

Last month's patches were brutal, but this month is nice and light. Unfortunately, Microsoft slipped in a big pile of out-of-band patches, which were not terribly appreciated given that none of them were security patches!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-035/KB2524426 - Critical (2003, 2008, 2008 R2): This patch plugs a security hole in the WINS server that is in Windows servers. Malformed WINS packets can allow remote code execution attacks to occur. Even though many, if not most, servers do not have WINS installed anymore and even though WINS should not be going through your firewalls, you will want to install this patch immediately. 218KB - 1.2MB MS11-036/KB2545814 - Important (Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack): Malformed PowerPoint files can take advantage of a pair of security holes to perform remote code execution attacks. The attacker is limited to the locally logged-on user's right, but given the prevalence of PowerPoint files, it is best to install this patch as soon as you can. 2.0MB - 7.4MB

Other Updates

KB2529073 - This patch solves a problem where installing SP1 on W7 or 2008 R2 does not update USB drivers under certain circumstances. 313KB - 786KB KB2533552 - If you are getting the "0xC0000034" error when installing SP1 for W7 or 2008 R2, this patch fixes it. 4.0MB - 12.4MB KB2534366 - Similar to the previous patch, this is for error "0xC000009A" when installing SP1 for W7 or 2008 R2. 2.0MB - 4.9MB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (12.9 - 13.3MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

  • KB2446709 - Security Update for .NET Framework 3.5.1 on W7 and 2008 R2.
  • KB2449742 - Security Update for .NET Framework 3.5.1 on Vista and 2008.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2492386 - Improves compatibility with certain games across all Windows OSs. KB2506928 - Fixes an issue with following links in HTML files that have been dragged into Outlook. KB2512715 - Resolves an issue with detecting the OS when installing the Failover Clustering feature. KB2515325 - Provides a reliability update for W7 and 2008 R2. KB982018 - Improves compatibility with Advanced Format Disks with a 4KB physical sector size.

Changed, but not significantly:

  • KB2388210 - Application Compatibility Update for XP, Vista, W7, 2003, 2008, 2008 R2
  • KB2522422 - Cannot print in IE9 with Canon printer's patch
  • KB2524375 - Fix for the fraudulent Comodo certificates problem
  • KB968930 - Windows Management Framework Core package (PowerShell 2.0, WinRM 2.0)
  • KB982519 - Application Compatibility Update for Vista, W7, 2008, and 2008 R2

About

Justin James is the Lead Architect for Conigent.

12 comments
Neon Samurai
Neon Samurai

April's Powerpoint patch broke powerpoint so that it was unable to open legitimate .ppt. An out of band update was released just before start of last week which corrected Powerpoint 2003 but left the Office2003 compatabilty for Office2007 documents broken; 2003 ppt could again be opened while pptx still returned an ugly errory. It seems patch ending 814 finally fixes the powerpoint issue for both ppt and pptx.

Slayer_
Slayer_

What could they possibly change? They have decided to reintroduce code from Windows 95?

Mark W. Kaelin
Mark W. Kaelin

Are the patches described by Justin giving you trouble this month? Share your experience with your peers, maybe the TechRepublic Community can help?

sysop-dr
sysop-dr

Then use an older system as a patch test system. Do a complete listing of all files with all data such as date size for every file, and dump that into a single text file. Apply patches and do the same. Compare the two files with a diff tool, there are tons of those available on the net free. Our IT dept does this as well as test all of the programs we use (well the main ones anyway) and regularly catches patches that cause issues before they push the patches out to the rest of us. (Yay IT!)

Justin James
Justin James

... since it says that it is for legacy games... J.Ja

Innoviator
Innoviator

Huge trouble getting the KB2534366 and KB259073 to succesfully install on two new W7 Pro (64bit) systems. Even when described as successful the KB 2534366 patch was installed a second time (failed 1st repeat attempt, currently decribed as successful). Not a simple patch I fear, worse than the big April set.

douglasalt1
douglasalt1

I notice that amongst the applications that Alcohol 120% and Alcohol 52% are listed. Does this mean that MS are sober? Do they have gravitas? Or should I get some of this Alcohol?

Slayer_
Slayer_

I am just curious what gets updated. We have a large number of legacy applications where I work (non games) and I want to make sure the update won't wreck any of them. So know which DLL's and OCX's get changed would be helpful.

pgit
pgit

It says it allows you to install and uninstall the virtual driver... no mention as to whether that's a virtual designated driver. MS might be setting us up for a bust. Be careful out there, people. =/

Slayer_
Slayer_

Most other people would call "blocking applications". Further proof MS has no idea anymore what the purpose of an OS is, which is of course, to run applications.