Security

It's Microsoft Patch Tuesday: October 2011

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's October 2011 patches in your organization.

I think this may be the most pleasant Patch Tuesday of 2011. The out-of-band patches were minimal (just an update to root certificates to handle another Iranian-hacked root server). And, even though there are eight security patches, only two are rated "critical." After all is said and done, I'd love to see more like this! Unfortunately, Microsoft is still finding these ridiculous bugs where opening a file on a network share can load a DLL from that same share. I am tired of seeing this bug, and I'm sure everyone else is too.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-075/KB2564958 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): This is another of those "opening a file on a network share can cause a bad DLL to be loaded" error, this time with the Active Accessibility component. This is a less important issue, and you can wait until your next patch cycle to install the fix. 419KB - 2.0MB MS11-076/KB2604926 - Important (Vista, W7, Media Center TV Pack for Vista): Same as above, but for the Media Center in Vista and Windows 7. Install this patch only if you have Media Center installed. 291KB - 907KB MS11-077/KB2567053 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Problems in the kernel-mode drivers are allowing remote code execution vulnerabilities, including one when loading malformed font files. You should patch during your normal time. 1.0MB - 5.5MB MS11-078/KB2604930 - Critical (.NET 1.0, .NET 1.1, .NET 2.0, .NET 3.5.1, .NET 4, Silverlight 4): Problems in the .NET Framework can be exploited so that XAML Browser Apps (XBAPs) and Silverlight apps can be used to attack clients. You should install this patch immediately, since all it takes is viewing a Web site to be attacked. 2.9MB - 31.0MB

MS11-079/KB2544641 - Important (Forefront Unified Access Gateway 2010): A variety of problems in Forefront Unified Access Gateway are fixed, including remote code vulnerability exploits. If you use UAG 2010, install this patch. There are known issues with the patch. 20.0MB MS11-080/KB2592799 - Important (XP, 2003): Locally logged-on users can run applications that exploit problems in the Windows Ancillary Function Driver to escalate privileges. This patch resolves the problem and should be installed at your usual time. 553KB - 1.2MB MS11-081/KB2586448 - Critical (IE6, IE7, IE8, IE9): This is a big, cumulative patch for Internet Explorer, fixing eight vulnerabilities. Microsoft rates this as "Moderate" for servers, with the assumption that servers are more locked down, but I suggest you install it as soon as you can for all your systems. 3.8MB - 48.5MB MS11-082/KB2607670 - Important (Host Integration Server 2004, Host Integration Server 2006, Host Integration Server 2009, Host Integration Server 2010): A variety of versions of Microsoft Host Integration Server are vulnerable to denial-of-service attacks when they receive malformed packets of UDP port 1478 or TCP ports 1477 and 1478. If you use Host Integration Server, you should install this patch on schedule. 477KB - 1.0MB

Other Updates

KB2553018 - Windows SharePoint Services 3.0 update, with fixes for time zone and daylight savings changes. 488KB - 489KB "The Usual Suspects": Updates to the Malicious Software Removal Tool (14.9 - 15.2MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

  • KB2518864 - Security update for .NET Framework 2.0.
  • KB2518870 - Security update for .NET Framework 2.0.
  • KB2607712 - Root certificate updates.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB890830 - Malicious Software Removal Tool

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

7 comments
Justin James
Justin James

... because my WSUS server was hosed! Late last night, while putting together a new one, I set my clients to pull straight from Microsoft. So far, so good. J.Ja

AnsuGisalas
AnsuGisalas

On startup, it was doing a count-up of update steps 1-6487 (arbitrary number in the right ballpark)... and it looked like it was writing to the Registry that whole time. Any hint on which update that would have been?

rayp
rayp

Every time I have used the MSRT, I get told I do not have a legitimate copy of Windows 7. I beg to differ. So I do not use it. Am I missing something ?

Koko Bill
Koko Bill

I guess one of these patches is creating a problem with sleep function with my comp.Since I installed all of them, my comp stoped goin` to sleep as scheduled. My be this will change after a while..but we`ll see about that....

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe you peers can help - describe the problems you are having.

rwsulli
rwsulli

Had several XP machines hang on the automatic reboot after the patches were installed.

toughbook
toughbook

0x643 for .NET 1.1 on XP, everything else was OK

Editor's Picks