Ah, back to normal with a more manageable dose of patches this month! In fact, this month had no true patches on the official “Patch Tuesday,” although the fourth Tuesday of the month remains an unofficial day to release minor items.
This blog post is also available in PDF format in a TechRepublic download.
MS10-087/KB2423930 – Critical (Office 2007, Office 2010)/Important (Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Mac, Open XML File Format Converter for Mac): A remote code execution vulnerability in Office’s handling of RTF makes this a “must-install” patch, especially since RTF-formatted e-mails can trigger it. 4.6MB – 110.5MB
MS10-088/KB2293386 – Important (Office XP, Office 2003, Office 2004 for Mac, PowerPoint Viewer): Another remote code execution vulnerability in Office, this time for PowerPoint files. People are used to opening PowerPoint files without thinking, so you will want to install this as soon as you can. 3.1MB – 7.4MB
MS10-089/KB2316074 – Important (Forefront Unified Access Gateway): Forefront UAG can allow escalation-of-privileges attacks to occur if users visit a malformed URL. You’ll want to check the KB on this, since there are a number of minor, known issues with the patch. If you use Forefront UAG, this patch can wait until your usual patch time. 10.7MB – 10.8MB
MS10-054/KB982214: The metadata on this patch has changed, but the binaries have not. You may now see it offered when it previously wasn’t or see the description change as a result.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!
KB2345886 – This patch brings the Extended Protection for Authentication to the Server service. 431KB – 1.7MB
Updates since the last Patch Tuesday
There were no security updates released out-of-band. However, there have been a number of minor items added and updated since the last Patch Tuesday:
Reliability update for W7, 2008 R2, and Windows Embedded Standard 7 (KB2249857) – 33KB – 45KB
Media Center cumulative update for W7 (KB2284742) 5.2MB – 6.4MB
Fix for the “Consider replacing your battery” problem on HP laptops with W7 (KB2293330) – 86KB – 101KB
Update to DNS Best Practices Analyzer for 2008 R2 x64 (KB2385596) – 249KB
Application-compatibility updates for Vista, W7, 2008, and 2008 R2 (KB2388210) – 32KB – 4.0MB
Root certificate updates (KB931125) – 352KB
Changed, but not significantly: