Software

It's Microsoft Patch Tuesday: September 2011

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's September 2011 patches in your organization.

This month is pretty mild in terms of recent patches. The interesting surprise this month was Microsoft accidentally making the security patch information known for a few hours the week before it normally does. I saw the items pop up in my RSS feed and thought, "Gee, that's not right?" but by the time I went to read them, they were gone, so I had to wait like everyone else. It will be interesting to see if the advance notice of the patches gives the bad guys something to work on.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-070/KB2571621 - Important (2003, 2008, 2008 R2): WINS packets can be manipulated to perform escalation of privileges attacks against Windows servers. The attack needs a valid username and password and requires the attacker to be locally logged on as well, which mitigates the risk. Install this fix during your usual patch cycle. 219KB - 1.2MB MS11-071/KB2570947 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Yet another exploit for documents on network drives being used to get the PC to load a malicious DLL from that location, for remote code execution with locally logged-on privileges. This time, the document formats are RTF, TXT, and DOC. Ugh. Patch at your usual time. 172KB - 983KB MS11-072/KB2587505 - Important (Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Mac, Microsoft Excel Viewer, Microsoft Office Compatibility Pack for Office 2007 Formats, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Office Web Apps 2010): This patch fixes five bugs with opening Excel documents that can allow an attacker to perform remote code execution attacks with the logged-on user's rights. While the attack is not so bad, Excel documents are so common and trusted that you should patch immediately. 4.0MB - 10.0MB MS11-073/KB2587634 - Important (Office 2003, Office 2007, Office 2010): Even more patches for opening Office files on network shares that can lead to loading libraries. This can wait until your normal patch time. There are known issues with this update. 5.0MB - 19.0MB MS11-074/KB2451858 - Important (Office Groove 2007, SharePoint Workspace 2010, Office Forms Server 2007, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Office Groove Data Bridge Server 2007, Groove Server 2010, Windows SharePoint Services 2.0, Windows SharePoint Services 3.0, Windows SharePoint Foundation 2010, Office Web Apps 2010): A variety of Microsoft server products are allowing cross-site scripting attacks (XSS) that can get a visitor to provide data to a third-party Web site. Patch this issue at your nearest convenience if you have the applicable products installed. There are known issues with this update. 3.4MB - 17.5MB

Other updates

KB2553018 - Windows SharePoint Services 3.0 update, with fixes for time zone and daylight savings changes. 488KB - 489KB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (14.1 - 14.4MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2607712 - Certificate revocation list updates. KB2554629 - Small Business Server 2011 Update Rollup 1, containing a number of bug fixes. KB2554634 - Windows Home Server 2011 Update Rollup 1, containing a number of bug fixes. KB2554636 - Windows Storage Server 2008 R2 Essentials Update Rollup 1, containing a number of bug fixes. KB2570791 - Time zone and daylight savings updates. KB947821 - Update for the System Update Readiness Tool.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

13 comments
b.kreycik
b.kreycik

I have worked on and maintained PCs since the days of the IBM XT, and I have never before experienced something like this. The system booted normally the first time in the morning. I was alerted that updates were ready to install, and went through the process like usual. I was prompted to reboot upon completion, and when I attempted to do so, I was confronted with "NTLDR is missing"! I ran a utility to see what had changed, and all of my boot files were missing from C:\. I restored the missing files and everything returned to normal, but since the missing files were certainly not expected, I ran a complete disk check looking for bad sectors, and found none. Then I ran a thorough virus scan with Norton 360, and found no viruses either. Am I the only one who had these problems? The "coincidence" of those files being removed only after an MS Update is too hard for me to swallow. Any issues with the Malicious Software Removal tool? I should add that this is an XP SP3 system, and I have another XP SP3 system that successfully updated just the day before.

RG Bargy
RG Bargy

It always amazes me that these programs get sold for serious money andthen from the updates and patches, it appears that they are full of holes, bugs and trap doors - and this is from a "respected" and "safe" supplier???

oldbaritone
oldbaritone

I received the Windows Desktop email from TR, and it was titled "It's Microsoft patch time: there are known issues" I interpreted that to mean something possibly amiss with this month's patch-batch, but I don't see anything here. Anyone had any issues with this month's patches? I'm not looking for a general gripe-session about updates in general, just anything specific to the September 2011 patches.

sysop-dr
sysop-dr

Always helpful when pushing these out. the descriptions, links, esp. the known issues; keep up the good work Justin.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe you peers can help - describe the problems you are having.

JCitizen
JCitizen

on OEM updates. Many of them are completely hosed. Microsoft has sent new operating system disks, and I see some incidents where even the hard drive was replaced. None of my XP clients reports any problems.

Justin James
Justin James

Name one vendor that isn't issuing tons of patches for *complex* software, and I'll show you a vendor that isn't maintaining their apps... J.Ja

Mark W. Kaelin
Mark W. Kaelin

The "known issues" are marked in the blog post with the warning icons. The issues are explained in the Knowledge Base articles on Microsoft's site.

Justin James
Justin James

... they seem to be nearly identical, the more recent one revoking more certificates. Thanks! J.Ja

JCitizen
JCitizen

that crackers have managed to steal certificates here and there. I've suspected even Microsoft Update may have been compromised this way. I have a few clients using OEM PCs that report being redirected to what they are sure is a fake MS Update IP address. One of them caught a bug that fools the user into thinking they are going to MS updates, but the browser is being used(Vista/Win7); so you know it is a malicious redirect. There are some really nasty malware out there now, and trying to mitigate it has necessitated the use of some of the most advanced security utilities I have in my tool kit. Unfortunately this has been very difficult for the typical client who is, of course, not that IT advanced.

Editor's Picks