Software

It's Microsoft Patch Tuesday: November 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's November 2010 patches in your organization.

Ah, back to normal with a more manageable dose of patches this month! In fact, this month had no true patches on the official "Patch Tuesday," although the fourth Tuesday of the month remains an unofficial day to release minor items.

This blog post is also available in PDF format in a TechRepublic download.

Security Patches

MS10-087/KB2423930 - Critical (Office 2007, Office 2010)/Important (Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Mac, Open XML File Format Converter for Mac): A remote code execution vulnerability in Office's handling of RTF makes this a "must-install" patch, especially since RTF-formatted e-mails can trigger it. 4.6MB - 110.5MB MS10-088/KB2293386 - Important (Office XP, Office 2003, Office 2004 for Mac, PowerPoint Viewer): Another remote code execution vulnerability in Office, this time for PowerPoint files. People are used to opening PowerPoint files without thinking, so you will want to install this as soon as you can. 3.1MB - 7.4MB MS10-089/KB2316074 - Important (Forefront Unified Access Gateway): Forefront UAG can allow escalation-of-privileges attacks to occur if users visit a malformed URL. You'll want to check the KB on this, since there are a number of minor, known issues with the patch. If you use Forefront UAG, this patch can wait until your usual patch time. 10.7MB - 10.8MB MS10-054/KB982214: The metadata on this patch has changed, but the binaries have not. You may now see it offered when it previously wasn't or see the description change as a result.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Other Updates

KB2345886 - This patch brings the Extended Protection for Authentication to the Server service. 431KB - 1.7MB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (11.8MB - 12.2MB) and the Junk Email Filter (2.2MB).

Updates since the last Patch Tuesday

There were no security updates released out-of-band. However, there have been a number of minor items added and updated since the last Patch Tuesday:

Reliability update for W7, 2008 R2, and Windows Embedded Standard 7 (KB2249857) - 33KB - 45KB

Media Center cumulative update for W7 (KB2284742) 5.2MB - 6.4MB

Fix for the "Consider replacing your battery" problem on HP laptops with W7 (KB2293330) - 86KB - 101KB

Update to DNS Best Practices Analyzer for 2008 R2 x64 (KB2385596) - 249KB

Application-compatibility updates for Vista, W7, 2008, and 2008 R2 (KB2388210) - 32KB - 4.0MB

Root certificate updates (KB931125) - 352KB

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

Editor's Picks