This month’s patches were nice and short. Unfortunately, two of the patches are for publicly reported vulnerabilities, and it baffles me that we had to wait until Patch Tuesday for them, while we got cumulative updates for Windows Media Play out-of-band.

This blog post is also available in PDF format in a TechRepublic download. The previous month’s Microsoft Patch Tuesday blog entries are also available.

Security Patches

MS10-042/KB2229593 – Critical (XP)/Low (2003): This is the patch for the Help bug that was publicly disclosed in June. You will want to apply it immediately. 745KB – 2.2MB
MS10-043/KB2032276 – Critical (W7)/Important (2008 R2): A problem with the Canonical Display Driver is allowing remote code execution attacks. Even though Windows’ randomization of memory makes it hard for this attack to execute code, you should install this patch as soon as you can. 475KB – 623KB
MS10-044/KB982335 – Critical (Office 2007, Office 2007): There’s a security problem in the Microsoft Office Access ActiveX controls that can allow remote code execution attacks. This fix resolves the problem. Since you should not be allowing untrusted Web sites to run ActiveX, you can wait until your next patch cycle for this one.  3.7MB – 10.3
MS10-045/KB978212 – Important (Office XP, Office 2003, Office 2007): This patch resolves an issue in Outlook that allows remote code execution attacks with the same rights as the logged-in user if the user opens an attachment. Microsoft downgrades this because of the limited rights, but I think it is much more important due to it being an issue with opening attachments. I suggest that you install this patch quickly. 4.2MB – 12.5MB

Other Updates

KB982300 – An update for Windows 7 and Server 2008 R2 to resolve an issue where some computers crash on restart if they have certain LSI 1394 (FireWire) controllers. 160KB – 200KB

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (11.5MB – 11.8MB) and Junk Email filters (2.2MB).

Changed, but not significantly:

Platform Update for Windows Server 2008 and Windows Vista (KB971644)

Updates since the last Patch Tuesday

There have been a number of minor items added and updated since the last Patch Tuesday:

.NET 3.5 SP1 update for 2008 and Vista (KB956250) 2.0MB – 6.3KB

Update for the Active Directory Domain Services Best Practice Analyzer for 2008 R2 x64 (KB980360) 276KB

Update for Windows 7 and 2008 R2 to work better with apps designed for Vista (KB980846) 529KB – 1.4MB

Windows Media Player Cumulative Update for Vista (KB981078) 10.2MB – 11.0MB

Compatibility Update for Vista, Windows 7, 2008, and 2008 R2 (KB982519) 1.7MB – 4.0MB

.NET 2.5 SP1 and 2.0 SP2 Update for 2003 and XP (KB982524) 116KB – 313KB

.NET 3.5 SP1 update for Vista and 2008 (KB982525) 2.0MB – 6.3MB

.NET 3.5 SP1 update for Windows 7 and 2008 R2 (KB982526) 1.9MB – 6.2MB

.NET Client Profile 4 for XP, Vista, and Windows 7 (KB982670) 2.0MB – 43MB

.NET 4 for XP, Vista, Windows 7, 2003, 2008, and 2008 R2 (KB982671) 2.0MB – 54MB

Changed, but not significantly:

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!