First off, I would like to welcome you to a new TechRepublic feature, Windows Patch Tuesday. Each month, we will be going through the latest batch of Windows patches as soon as the information is finalized and summarize it for you. We wade through the pages and pages of Knowledge Base articles and other resources and bring you the information that you need to make decisions on these patches. Please let us know in the forum what you think!

Here is the Patch Tuesday roundup for September 9, 2008.

Security patches

MS08-052/KB954593 – Critical: This patch addresses an issue in GDI+ (the graphics subsystem) where malformed images could be used to create a stack overflow, which in turn would let an attacker get control of the system. It is aimed at all versions of Windows and should definitely be installed. There are also a number of patches not just for Windows, but for non-Windows products such as the .Net Framework (1.0 – 2.0) and Visual Studio to correct the same vulnerability. These additional patches are listed in the KB article.

MS08-053/KB954156 – Critical: This patch fixes a security problem in Windows Media Encoder 9, for all versions of Windows. The bug allows attackers to use a Web page to gain full control of the system. The rays of sunshine here are that the bug was not reported yet, and that the user would need to be running as an administrator for the exploit to work. You will want to get this patch installed immediately to protect your users before exploits hit the Web.

MS08-054/KB954154 – Critical: This patch addresses another Windows Media problem, this time with Windows Media Player 11. Like the previous patch, users running with administrator rights can be victimized by a specially targeted media file (in this case, audio files), which can hijack the system. Install this one ASAP too.

Other patches

KB947821: This is an update to the Vista and Windows Server 2008 System Readiness Tool. The System Readiness Tool checks a system out to make sure that there are no inconsistencies in the registry, file system, etc. that would cause updates to fail. Ironically, this patch fixes some issues that it was having, where on occasion it would hang or not work right and prevent updates from installing. It’s not critical, and you probably won’t need it unless you have been having problems.

KB954366: An unfortunate aspect of running Vista is compatibility problems. Microsoft periodically releases Application Security Updates, and this is the August 2008 edition. If you have been having software, hardware, driver, etc. compatibility problems, you will want to install this update. It is a cumulative update, too, so don’t worry if you have missed previous versions. This one includes updates for SQL Server 2005 and .Net Framework 3.5, and more.

KB955302: This is one of those generic “reliability and performance updates” that Microsoft likes to release; it is aimed at Vista and Windows 2008. Big items?

  • Improvements to reliability on systems using ReadyBoost
  • Fixes to WiFi NICs having performance problems after switching networks after coming out of hibernation (that’s a pretty specific problem!)
  • Some data loss issues caused by Disk Cleanup (losing data is one way to do a “disk cleanup” I suppose)
  • Stability improvements for systems using Nvidia video cards (I can stop blaming Nvidia for those now)

You’ll probably want to install this one.

KB956697: Apparently, Hyper-V has been having problems with its Volume Shadow Copy hooks, which are keeping it from backing up VMs properly on systems running Windows Server 2008 x64. This patch fixes that. If you are using x64 Windows Server 2008 and Hyper-V, install this one pronto! Otherwise, don’t sweat it.

KB900325: This is a big rollup patch for Media Center 2005. It also adds a number of additional fixes, all of which are minor. If you are running Media Center 2005 and haven’t patched it in a while, you will want to install this; otherwise it is not a “right now” item.

KB951618: This addresses a problem with Onekey Recovery 5.0 causing black screens on XP SP2 and Vista after installing SP1. If you aren’t using Onekey Recovery, you don’t need this patch.

“The Usual Suspects”: Of course, there is the usual set of Windows Defender updates, Outlook and Exchange Junk Mail signature updates, and so on.