Last month’s patches were brutal, but this month is nice and light. Unfortunately, Microsoft slipped in a big pile of out-of-band patches, which were not terribly appreciated given that none of them were security patches!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-035/KB2524426 – Critical (2003, 2008, 2008 R2): This patch plugs a security hole in the WINS server that is in Windows servers. Malformed WINS packets can allow remote code execution attacks to occur. Even though many, if not most, servers do not have WINS installed anymore and even though WINS should not be going through your firewalls, you will want to install this patch immediately. 218KB – 1.2MB
MS11-036/KB2545814 – Important (Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack): Malformed PowerPoint files can take advantage of a pair of security holes to perform remote code execution attacks. The attacker is limited to the locally logged-on user’s right, but given the prevalence of PowerPoint files, it is best to install this patch as soon as you can. 2.0MB – 7.4MB

Other Updates

KB2529073 This patch solves a problem where installing SP1 on W7 or 2008 R2 does not update USB drivers under certain circumstances. 313KB – 786KB
KB2533552 If you are getting the “0xC0000034” error when installing SP1 for W7 or 2008 R2, this patch fixes it. 4.0MB – 12.4MB
KB2534366 Similar to the previous patch, this is for error “0xC000009A” when installing SP1 for W7 or 2008 R2. 2.0MB – 4.9MB

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (12.9 – 13.3MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

  • KB2446709 Security Update for .NET Framework 3.5.1 on W7 and 2008 R2.
  • KB2449742 Security Update for .NET Framework 3.5.1 on Vista and 2008.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2492386 Improves compatibility with certain games across all Windows OSs.
KB2506928 Fixes an issue with following links in HTML files that have been dragged into Outlook.
KB2512715 Resolves an issue with detecting the OS when installing the Failover Clustering feature.
KB2515325 Provides a reliability update for W7 and 2008 R2.
KB982018 Improves compatibility with Advanced Format Disks with a 4KB physical sector size.

Changed, but not significantly:

  • KB2388210 Application Compatibility Update for XP, Vista, W7, 2003, 2008, 2008 R2
  • KB2522422 Cannot print in IE9 with Canon printer’s patch
  • KB2524375 Fix for the fraudulent Comodo certificates problem
  • KB968930 Windows Management Framework Core package (PowerShell 2.0, WinRM 2.0)
  • KB982519 Application Compatibility Update for Vista, W7, 2008, and 2008 R2