It's Windows Patch Tuesday: May 2009

Justin James presents a rundown on the May 2009 batch of Microsoft Windows patches. He wades through the available resources and brings you the information you need to make the right decision on applying them in your organization.

Welcome to the May 2009 issue of TechRepublic's Patch Tuesday coverage. The biggest item since April is that the Vista and Windows 2008 Service Pack 2 was released to manufacturing. Don't look for it in your automatic updates yet, because it's not there. In fact, at the time of this writing, it's not available to the general public yet either (MSDN and TechNet subscribers can access it, though).

I just finished installing it on one PC this morning, and I am trying to install it on another. I can tell you that as of now, you'll need to uninstall most of your language packs first. And many Vista machines seem to require that language packs be uninstalled one at a time... and each one takes 20 minutes. No idea what's wrong with those language packs (they also seem to interfere with the Add/Remove Windows Add-Ons system), but Microsoft really needs to correct that situation.

As another Microsoft Windows Vista SP2 heads up, it seems to have reset my default sound devices to the most recently installed items, so my soundcard was no longer putting out sound in favor of my phone headset.

Previous TechRepublic Microsoft Windows Blog posts in the Patch Tuesday series are available on the Special Reports search page.

Security patches

MS09-017/KB967340 Critical (PowerPoint 2000) / Important (PowerPoint XP, Office 2003, Office 2007, Office 2004 and 2008 for Mac, Open XML File Converter for Mac, PowerPoint View 2003, PowerPoint Viewer 2007, Office Compatibility Pack 2007, Works 8.5, Works 9.0): There are a number of security bugs in PowerPoint (some privately disclosed, some publicly disclosed) that allow a specially modified PowerPoint file to take over your computer. This patch resolves the problems. It is critical for PowerPoint 2000 users and only important for all other users.

The patch changes the way PowerPoint handles memory when opening files, and it blocks the opening of PowerPoint 4.0 files. You should apply this patch immediately, since it is sure that attackers will be trying to exploit it with PowerPoint files supposedly containing images of serene scenes with words of wisdom and a calming soundtrack, advising you to appreciate the small things in life.

Other updates

There are no major nonsecurity updates this month.

"The Usual Suspects": Updates to the Malicious Software Removal Tool, ActiveX Killbits (released on April 28th), and Junk Email filters.

Changed, but not significantly:

Updates since the last Patch Tuesday

There have been a number of minor items since the last Patch Tuesday:

  • KB969497 — Updated compatibility view list for IE8
  • KB944036 — IE8 for XP with Language Interface Pack
  • KB947821 — System Update Readiness Tool
  • KB953338 — Windows SharePoint Services 3.0 SP2
  • KB955430 — Required update for additional updates to Vista and 2008 to work and a prerequisite from here on out
  • KB961503 — Double-byte character string fix for XP, which affects Windows Live Messenger 14

Changed, but not significantly:

  • IE8 for Vista and 2008 (added new language packs)
  • MS09-012/KB952004 Security Update for Windows 2000 (minor changes to the Norwegian version)
  • KB110806 .Net Framework 2.0 SP1
  • KB929300 .Net Framework 3.0 SP1 (changed priority from "Recommended" to "Important" for Japanese version)
  • KB936330 Vista SP1 (service pack blocker tool is now expired)

In addition, the following items have all been marked as available for Vista SP2 and 2008 SP2:

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!


Justin James is the Lead Architect for Conigent.

Editor's Picks