Justin James gathers the information you need to make the right decision on applying Microsoft's April 2011 patches in your organization.
This month we're getting hit with a big one-two punch from Microsoft: the delivery of Internet Explorer 9 via Windows Update (not in the WSUS pipeline yet though) and an enormous drop of seventeen security patches.
Internet Explorer 9 is definitely a must-upgrade from IE8. The problem is, can you upgrade from IE8 yet and not break too many applications? For organizations, that is the million dollar question. While I recommend that everyone upgrade from IE 8 to IE 9, and I suggest that users of other browsers consider looking at it (just as I suggest that IE users take a look at Firefox 4 and Chrome 10), the truth is that most organizations will want to test very thoroughly before upgrading from IE8 to IE9, which is why I'm giving it a "one flag" rating.
Also of note is the root certificate update (KB2524375). This is actually addressing a security related issue. It is also very disappointing that there was only one security issue that newer versions of Windows did not have but older ones did; in fact, for a few of them, the more recent editions of Windows actually had a worse vulnerability! As an added "bonus" we even have a fix for Visual Studio, to correct problems with applications created in it using a standard library. This was not a good month for Microsoft!
Security PatchesMS11-018/KB2497640 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): This is a big update for IE6 - IE8 that fixes five vulnerabilities (one publically disclosed). You will want to install this as soon as you can. 7.6MB - 47.3MB MS11-019/KB2511455 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Attackers can use malformed SMB packets to perform remote code execution attacks. This would be a bit less critical (since SMB traffic should be blocked at the firewall) except that one of the vulnerabilities fixed is already public knowledge. You should patch this immediately. 295KB - 1.5MB MS11-020/KB2508429 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Another remote code execution via SMB packet issue is fixed with this patch, this time on the server side of the equation. Again, get this patch on as soon as you can. 348KB - 1.5MB MS11-021/KB2489279 - Important (Office XP, Office 2007, Office 2010, Excel Viewer, Office Compatibility Pack for Office 2007 file formats, Office 2004 for Max, Office 2008 for Mac, Office 2011 for Mac, and Open XML File Format Converter for Mac): Opening a malformed Excel file can cause remote code execution attacks. While the attacker only gets the locally logged on user's rights, Excel files are common enough to justify extra haste in installing this patch. 5.0 - 331.1MB MS11-022/KB2489283 - Important (Office XP, Office 2007, Office 2010, PowerPoint Viewer, Office Compatibility Pack for Office 2007 file formats, Office 2004 for Max, Office 2008 for Mac, Office 2011 for Mac, Open XML File Format Converter for Mac): More remote code execution issues via Office files, this time it is PowerPoint. Again, the breach itself is not as serious as it could be, but the ubiquity of Office files makes this patch a "must do" item. 2.1MB - 333.1MB MS11-023/KB2489293 - Important (Office XP, Office 2003, Office 2007, Office 2004 Mac, Office 2008 Mac, Open XML File Format Converter for Mac): This is our old friend, the issue where file opening can be exploited to open DLLs on network drivers and attack the system (remote code execution). Patch immediately. 4.6MB - 333.1MB MS11-024/KB2491683 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Attackers can use malformed fax cover page files to perform remote code execution attacks. The fax application is rarely used or installed, so this patch can wait until your next normal patch cycle. 536KB - 5.0MB MS11-025/KB2500212 - Important (VS 2003, VS 2005, VS 2008, VS 20010, Visual C++ 2005 Redistributable, Visual C++ 2008 Redistributable, Visual C++ 2010 Redistributable): A problem with one of the MFC libraries can cause remote code execution attacks in applications built with it. If you use MFC in your apps, install this update and rebuild your apps to protect them from this security problem. Even if you don't write applications, this patch is important due to the number of apps that use it. Install on your normal cycle. 2.6MB - 365.8MB MS11-026/KB2503658 - Important (XP, Vista, W7)/Low(2003, 2008, 2008 R2): Malformed Web pages using MHTML can be used to get the Web browser to provide data that it shouldn't. Install this patch at your scheduled time. 413KB - 3.0MB MS11-027/KB2508272 - Critical (XP, Vista, W7)/Moderate(2003, 2008, 2008 R2): This is one of Microsoft's regular updates to the ActiveX Kill Bits system, which blocks malicious ActiveX controls (save the cynical jokes!). You'll want to get this patch put on your desktop systems quickly. 36KB - 991KB MS11-028/KB2484015 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): This update addresses a remote code execution vulnerability in the way the .NET Framework handles XAML Browser Applications (XBAPs). You should install this patch as soon as you can. Some of the specific patches have known bugs, you will want to check the individualKB article for your specific patch to see what they are if you have any issues. 110KB - 14.4MB MS11-029/KB2412687 - Critical (XP, Vista, 2003, 2008): Malformed image files can be used to perform remote code execution attacks against Windows when they are viewed (including on Web sites). You should get this patch put on your systems immediately. 1.2MB - 3.6MB MS11-030/KB2509553 - Critical (Vista, W7, 2008, 2008 R2)/Important (XP, 2003): This patch fixes issues with DNS lookups that can cause escalation of privilege attacks in XP and 2003, and remote code execution attacks in more recent versions of Windows. You'll want to get this patch put on as soon as possible. 195KB - 4.7MB MS11-031/KB2514666 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Issues with the JScript and VBScript engines can allow remote code execution attacks, which this patch resolves. These attacks can be delivered via Web sites, so you should get this patch installed as soon as you can. 456KB - 3.0MB MS11-032/KB2507618 - Critical (Vista, W7, 2008, 2008 R2)/Important (XP, 2003): An issue with OpenType font handling can cause security problems ranging from escalation of privileges on XP and 2003 to remote code execution attacks on new Windows versions. Install the update quickly. 254KB - 1.3MB MS11-033/KB2485663 - Important (XP, 2003): Opening files in WordPad can allow remote code execution attacks. This patch can wait, unless you have users who actually use WordPad. 603KB - 1.3MB MS11-034/KB2506223 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged on users can run an application to gain higher rights. This patch should be installed the next time you normally patch. 1.1MB - 5.5MB
Other UpdatesKB2506014 - This patch fixes a problem where you would receive the error message "Error Code FFFFFFFE" when installing Windows updates. 1.8MB - 3.2MB KB2511250 - As of the time of writing, there is no information available on this patch for W7 and 2008 R2. 122KB - 353KB
Changed, but not significantly:KB976932 - Windows 7 and 2008 R2 SP1
Updates since the last Patch Tuesday
There were no security updates released out-of-band.
Minor items added or updated since the last Patch Tuesday:KB982861 - Internet Explorer 9 KB2505189 - Update for DirectWrite and XPS problems in Vista SP2 and 2008 SP2 KB931125 - Update for root certificates KB2524375 - Fix for the spoofed Comodo root certificates
Changed, but not significantly: