Justin James gathers the information you need to make the right decision on applying Microsoft's March 2011 patches in your organization.
The last month is a perfect example of when Microsoft really sticks it to us on patching. They released a huge pile of patches out-of-band, including Service Pack 1 for Windows 7 and 2008 R2. But the security updates and other scheduled patches were relatively tame. What gives? Note that while SP1 was released out-of-band for Windows Update, WSUS servers are getting it on Patch Tuesday itself.
Security PatchesMS11-015/KB2510030 - Critical (XP, Vista, 7)/Important (2008 R2): There is a remote code execution vulnerability in DirectShow, Windows Media Player, and Windows Media Center. They can be triggered by opening media files. You'll want to patch this immediately since we know how people are more than happy to open videos of cats doing cute things. 476KB - 2.2MB MS11-016/KB2494047 - Important (Microsoft Groove 2007): This patch addresses another in the long line of errors with opening files on a share with a malformed attack DLL. In this case, it's Microsoft Groove 2007. Install this patch if you use Groove. 3.0MB MS11-017/KB2508062 - Important (CP, Vista, 7, 2003, 2008, 2008 R2): A problem in the Remote Desktop Client allows attackers to perform remote code execution attacks by putting an EDP file in the same location as a bad DLL file. This is a variation on a common theme over the last few months. Luckily, this is a somewhat uncommon scenario, and the installation of this patch can wait until your usual patch time. 759KB - 4.9MB
Other UpdatesKB2505438 - This patch resolves an issue with DirectWrite slowing down W7 and 2008 R2 machines. 1.6MB - 2.4MB
Changed, but not significantly:
- KB972493 - WSUS SP2 Dynamic Installer for Server Manager
Updates since the last Patch Tuesday
There were no security updates released out-of-band.
Minor items added or updated since the last Patch Tuesday:KB2387530 - Fixes issues with connecting to a Wi-Fi Protected Setup device in Windows 7 192KB KB2483139 - A massive drop of language packs for Windows 7 SP1 37.3MB - 196.5MB KB2484033 - Fixes for problems printing XPS documents in W7 and 2008 R2 343KB - 1.1MB KB2488113 - Reliability update for W7 and 2008 R2, for applications running DirectX in a browser 161KB - 492KB KB2498472 - W7/2008 R2 reliability update to fix a false message about a corrupted file system 1.9MB - 4.4MB KB947821 - February update to the System Update Readiness Tool for Vista, W7, 2008, and 2008 R2 41.3MB - 159.6MB KB976932 - Service Pack 1 for W7 and 2008 R2: According to Microsoft, no new features are introduced in SP1; it's just a giant collection of existing patches. This was released to Windows Update a few weeks ago, but just now deployed to WSUS servers. 569MB - 947MB
Changed, but not significantly:
- KB2393802 - MS11-011 (Security Update for W7 and 2008 R2)
- KB2160841 - MS10-077 (Security Update for .NET Framework 4)
- KB2416472 - MS10-070 (Security Update for .NET Framework 4)
- KB968930 - Windows PowerShell 2.0 and WinRM 2.0 for Vista/2008
- KB971029 - Update to AutoPlay functionality in XP, Vista, 2003, and 2008
- KB971033/KB972493 - Update for Windows Activation Technologies in W7
- KB982670 - .NET Framework 4 Client Profile
- KB982671 - .NET Framework 4