It's Microsoft Patch Tuesday: November 2011

Justin James gathers the information you need to make the right deploy decisions when applying Microsoft's November 2011 patches in your organization.

So, we're treated to one of the lightest Patch Tuesdays of the year, with no really big items done out of band either. And the whole thing is ruined by MS11-083, which looks like it fixes the worst vulnerability of the year, a problem where attackers can hit closed UDP ports to perform remote code execution attacks.

All those systems directly connected to the Internet, from home PCs to Windows boxes set up to be firewalls, can be hit by this, even if they have nothing open on those UDP ports.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-083/KB2588516 -- Critical (Vista, W7, 2008, 2008 R2): This may be one of the nastiest bugs we've seen in a long time. Malformed UDP packets sent to a closed port can allow a remote code execution attack. This is a "patch before the day is out" item for sure. 487KB - 1.8MB MS11-084/KB2617657 -- Moderate (W7, 2008 R2): Opening malformed TrueType fonts from emails, network shares, or WebDAV locations can create a denial of service attack. Apply the patch on your normal cycle. 1.1MB - 3.0MB MS11-085/KB2620704 -- Important (Vista)/Moderate (2008)/Low (W7, 2008 R2): You know that "opening a file on a network drive can load a DLL from that location" bug? This patch addresses it with Windows Mail and Windows Meeting Space, for opening .eml and .wcinv files. Few folks use these apps, so this patch can wait until your usual scheduled patch time. 660KB - 1.3MB MS11-086/KB2630837 -- Important (XP, Vista, W7, 2003, 2008, 2008 R2): Various Active Directory services (Active Directory, Active Directory Application Mode -- ADAM, Active Directory Lightweight Directory Service -- AD LDS) have a flaw where a revoked certificate for a valid account can be used to authenticate using LDAP over SSL (which is off by default). This is a fairly low-priority issue, and the patch can wait until you usually do your patching. 836KB - 5.5MB

Other updates


"The Usual Suspects": Updates to the Malicious Software Removal Tool (14.9 - 15.2MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly: None.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

  • KB2526305 - Windows SharePoint Services 3.0 SP3
  • KB2598845 - Update for the IE8 Compatibility View List
  • KB2603229 - Fixes a problem with license information on 32-bit versions of Windows 7 and 2008 R2
  • KB2607576 - Fixes a bug with "Jump Lists" longer than 999 items in Windows 7 and 2008 R2
  • KB931125 - Root certificate update

Changed, but not significantly: