Software optimize

It's Microsoft Patch Tuesday: November 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's November 2010 patches in your organization.

Ah, back to normal with a more manageable dose of patches this month! In fact, this month had no true patches on the official "Patch Tuesday," although the fourth Tuesday of the month remains an unofficial day to release minor items.

This blog post is also available in PDF format in a TechRepublic download.

Security Patches

MS10-087/KB2423930 - Critical (Office 2007, Office 2010)/Important (Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Mac, Open XML File Format Converter for Mac): A remote code execution vulnerability in Office's handling of RTF makes this a "must-install" patch, especially since RTF-formatted e-mails can trigger it. 4.6MB - 110.5MB MS10-088/KB2293386 - Important (Office XP, Office 2003, Office 2004 for Mac, PowerPoint Viewer): Another remote code execution vulnerability in Office, this time for PowerPoint files. People are used to opening PowerPoint files without thinking, so you will want to install this as soon as you can. 3.1MB - 7.4MB MS10-089/KB2316074 - Important (Forefront Unified Access Gateway): Forefront UAG can allow escalation-of-privileges attacks to occur if users visit a malformed URL. You'll want to check the KB on this, since there are a number of minor, known issues with the patch. If you use Forefront UAG, this patch can wait until your usual patch time. 10.7MB - 10.8MB MS10-054/KB982214: The metadata on this patch has changed, but the binaries have not. You may now see it offered when it previously wasn't or see the description change as a result.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Other Updates

KB2345886 - This patch brings the Extended Protection for Authentication to the Server service. 431KB - 1.7MB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (11.8MB - 12.2MB) and the Junk Email Filter (2.2MB).

Updates since the last Patch Tuesday

There were no security updates released out-of-band. However, there have been a number of minor items added and updated since the last Patch Tuesday:

Reliability update for W7, 2008 R2, and Windows Embedded Standard 7 (KB2249857) - 33KB - 45KB

Media Center cumulative update for W7 (KB2284742) 5.2MB - 6.4MB

Fix for the "Consider replacing your battery" problem on HP laptops with W7 (KB2293330) - 86KB - 101KB

Update to DNS Best Practices Analyzer for 2008 R2 x64 (KB2385596) - 249KB

Application-compatibility updates for Vista, W7, 2008, and 2008 R2 (KB2388210) - 32KB - 4.0MB

Root certificate updates (KB931125) - 352KB

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

22 comments
carlsf
carlsf

Are NOW reporting problems with my AVG Internet Security 2011. My MS Security Centre is NOW reporting that I have no Firewall or Malware/Spyware running I have checked with AVG and it would seem this is a MS problem as my AVG is reporting all protection is up and running. Oh well another call to MS tech suppoprt

CMLOtt
CMLOtt

When I booted this morning I found that my XP Pro would not start because NTFS.SYS was "missing or corrupt" Fortunately I have an Acronis clone of my laptop system HD from a few weeks ago. I switched disks and started with the clone. I spent a good amount of the day trying to find the differences between my original and cloned drive. Eventually I realized that there are two new Windows directories on my regular working HD that were created last night, each of about 500 million bytes. Many years ago I renamed my Windows root as WINDNEW Now I find WINDOWS and WINDOWS.0 Renaming them by adding "-2010-11-11" , and switching back to that regular working drive, the boot process identifies that there are 3 copies of XP Pro, and only 1 works. The other 2 both say something is missing or corrupt, and I should please reinstall it. I guess I need to rename those 2 bogus Windows directories so that the boot process won't try them. NOW -- how do I tell MS about their goof??? They forgot to check what my Windows Root directory is. They just assumed it must be WINDOWS.

darpoke
darpoke

defend microsoft - I hardly ever have a reason to... but it seems to me as though they're hardly in the wrong on that particular matter. It's their operating system. Part of what you've paid for is a directory structure that facilitates the organisation of files and software. Renaming root directories, unless you know *exactly* what your're doing - to the extent that you compiled part or all of your OS yourself, for example - is kind of an invitation for disaster. Sounds to me like you simply got away with it for a long time...

wdewey@cityofsalem.net
wdewey@cityofsalem.net

If there is a variable that says where the system root is then patches should check that variable and use it. I personally don't do this because it causes problems with 3rd party software, but MS software should check for these things. Bill

Mark W. Kaelin
Mark W. Kaelin

Are the patches described by Justin giving you trouble this month? Share your experience with your peers, maybe the TechRepublic Community can help?

darpoke
darpoke

I don't know if the patches are to blame but after running the latest updates on my work laptop, it's completely ignored all attempts to shutdown or restart. After the installation was run I had the window pop up informing me I needed to restart my machine to complete the install process. I waited until a convenient moment and clicked 'restart now' but nothing. I repeated this several times. Nada. I then tried multiple times to shutdown or restart from the start menu. No dice. In the end a 'shutdown -r' command issued in CMD managed to close the computer immediately - but that's not exactly a solution and I don't know if/when the problem will go away. I found lots of guidance online for what to when your machine shuts down to the "it is now safe to power off your computer" screen but doesn't actually power off - a quick registry hack solves this apparently - but nothing for when your shutdown/restart command is patently ignored by XP. Thanks, Microsoft, for another productive morning.

ToR24
ToR24

Some machines have taken up to 2 hours to complete the full restart cycle, mostly on servers. I have found that if the smallest chunk of disk doesn't pass the shutdown phase, it looks like it is hung, but it's doing something... very slowly. It has taken up to 10 minutes just to acknowledge the restart and display the correct dialog box in the GUI. On startup for RAID arrays, some machines may perform an automatic recovery. On workstations, I used a chkdsk /f and restart again. The data may have been surrendered in the fleeting memory of the last hot days of summer. After checking disks, all things seemed better.

pgit
pgit

I've been seeing this a lot on XP SP3 machines. Not this patch cycle, but many over the last few months. In all but a couple cases it didn't happen again after restarting.

HckrAdm2005
HckrAdm2005

With this last batch of patches I have had PC's NIC's say limited connectivity. After verifying that there is nothing wrong with our network and hardware and drivers I was then told by a user they just did windows updates and restarted. All my PC's that I monitor here at work are always up to date on all security and critical updates. Not sure how these patches would affect them like this but for some reason it did. The PC's we use are HP Small Form Factor 5800's and 6000's running XP Pro

craigc
craigc

I have been seeing that on my Compaq Laptop 8710p (Vista 64 bit) for several months now. No idea what triggers it. Basically either the system or network driver seem to THINK link dropped and so begins the process of a new network being plugged in. I am relatively certain the LINK has not dropped. While it is possible the network hardware on the laptop is flaky, I consider that unlikley. I have tried hard coding link speeds/duplex. I have replaced all cabling. I have switched ports on the switch. I have switched PDS patches. The system is stationary with no cables being wiggled when the problem manifests. The source of the problem eludes me. Currently I just have to endure and then re-establish connections.

pgit
pgit

That does sound odd. Any idea which patch/patches were the culprit?

pgit
pgit

And it appears something of the versioning between Office and the OS has something to do with it. But good idea, start off with one. That's what I did, I always sacrifice my own machines for the cause.

eyesak
eyesak

Thanks for your reply pgit. I will start out with one, if all good will do the other XP machines. The issues must not be many machines as not that many people posted back here. Must be isolated cases and possible coincidences.

pgit
pgit

And this is over dozens of XP SP3 machines I handle.

eyesak
eyesak

Hi Tech Republic members, I have been waiting before updating Windows XP SP3 machines since seeing some issues here, but there are not many posts about connectivity / browsing issues after running the updates. What is the general consensus regarding the latest Win XP updates? Most people good with it? Thanks, Eyesak

subs
subs

2 of my users, both running on Dell Studio 15 with Win 7 Pro 64-bit and Office 2010, encountered a problem last night after rebooting whereby Outlook 2010 couldn't find profile, then it did after another reboot although some PSTs for multiple email addresses were missing. Many XLS/.Doc documents were also missing. This is a week after something similar happened to both on 10/29 where their profiles and documents just seemed to disappear and files had to be restored from backup. The XLS/.Doc files that were found after the reboot on 11/10 seemed to match the state of the computer as it was on 10/29 prior to the first disappearance. Very weird! Has anyone else encountered this sudden 'loss of profile' scenario? I don't see anything on the 'net, but this isn't just a coincidence as these problems are happening lockstep on 2 different machines and I suspect are due to MS updates.

HckrAdm2005
HckrAdm2005

Thanks for the posts guys. As for your question pgit I haven't experienced that issue yet but will keep my eyes peeled. For my issue earlier the problem isn't consistent. It's only affecting a small number of PC's. this is now leading me to believe it's not the patches that caused the issue but more of a network issue. It could be just a "coincidence" but I'm not a big believer in coincidences specially in the IT world. And G-Man I agree with you it's more reckless not to have the critical/security patches out and deployed right away.

pgit
pgit

In a perfect world you'd have facility to test everything before releasing to the users. Bigger organizations have this luxury, unfortunately many of us don't. I always check updates on a couple machines of my own before going to clients with recommendations. But my systems don't come near 'simulating' all the various environments I deal with. A few people I have done a little work for in the past have called me last night and today, after doing these updates themselves. It's breaking some office functions, most of them sound like something to do with outlook. Two reported that outlook crashes, it disappears "in a flash," when they go to load a large file attached in an email. If they save the file and open it from within the fs, no problem. It's only when they try to view the attachment directly out of an email. Anyone else seeing this?

The 'G-Man.'
The 'G-Man.'

not to have critical rated security patched on board I would say.

Bill.Courtney
Bill.Courtney

What really sounds odd is applying patches so soon after they're released. Seems pretty reckless..

link470
link470

Were any updates applied to a server?