Justin James gathers the information you need to make the right deploy decision when applying Microsoft's October 2011 patches in your organization.
I think this may be the most pleasant Patch Tuesday of 2011. The out-of-band patches were minimal (just an update to root certificates to handle another Iranian-hacked root server). And, even though there are eight security patches, only two are rated "critical." After all is said and done, I'd love to see more like this! Unfortunately, Microsoft is still finding these ridiculous bugs where opening a file on a network share can load a DLL from that same share. I am tired of seeing this bug, and I'm sure everyone else is too.
Security PatchesMS11-075/KB2564958 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): This is another of those "opening a file on a network share can cause a bad DLL to be loaded" error, this time with the Active Accessibility component. This is a less important issue, and you can wait until your next patch cycle to install the fix. 419KB - 2.0MB MS11-076/KB2604926 - Important (Vista, W7, Media Center TV Pack for Vista): Same as above, but for the Media Center in Vista and Windows 7. Install this patch only if you have Media Center installed. 291KB - 907KB MS11-077/KB2567053 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Problems in the kernel-mode drivers are allowing remote code execution vulnerabilities, including one when loading malformed font files. You should patch during your normal time. 1.0MB - 5.5MB MS11-078/KB2604930 - Critical (.NET 1.0, .NET 1.1, .NET 2.0, .NET 3.5.1, .NET 4, Silverlight 4): Problems in the .NET Framework can be exploited so that XAML Browser Apps (XBAPs) and Silverlight apps can be used to attack clients. You should install this patch immediately, since all it takes is viewing a Web site to be attacked. 2.9MB - 31.0MB MS11-079/KB2544641 - Important (Forefront Unified Access Gateway 2010): A variety of problems in Forefront Unified Access Gateway are fixed, including remote code vulnerability exploits. If you use UAG 2010, install this patch. There are known issues with the patch. 20.0MB MS11-080/KB2592799 - Important (XP, 2003): Locally logged-on users can run applications that exploit problems in the Windows Ancillary Function Driver to escalate privileges. This patch resolves the problem and should be installed at your usual time. 553KB - 1.2MB MS11-081/KB2586448 - Critical (IE6, IE7, IE8, IE9): This is a big, cumulative patch for Internet Explorer, fixing eight vulnerabilities. Microsoft rates this as "Moderate" for servers, with the assumption that servers are more locked down, but I suggest you install it as soon as you can for all your systems. 3.8MB - 48.5MB MS11-082/KB2607670 - Important (Host Integration Server 2004, Host Integration Server 2006, Host Integration Server 2009, Host Integration Server 2010): A variety of versions of Microsoft Host Integration Server are vulnerable to denial-of-service attacks when they receive malformed packets of UDP port 1478 or TCP ports 1477 and 1478. If you use Host Integration Server, you should install this patch on schedule. 477KB - 1.0MB
Other UpdatesKB2553018 - Windows SharePoint Services 3.0 update, with fixes for time zone and daylight savings changes. 488KB - 489KB "The Usual Suspects": Updates to the Malicious Software Removal Tool (14.9 - 15.2MB) and the Junk Email Filter (2.1MB).
Changed, but not significantly:
- KB2518864 - Security update for .NET Framework 2.0.
- KB2518870 - Security update for .NET Framework 2.0.
- KB2607712 - Root certificate updates.
Updates since the last Patch Tuesday
There were no security updates released out-of-band.
Minor items added or updated since the last Patch Tuesday:KB890830 - Malicious Software Removal Tool
Changed, but not significantly:
- KB2607712 - Fraudulent certificate update