It's Microsoft Patch Tuesday: September 2011

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's September 2011 patches in your organization.

This month is pretty mild in terms of recent patches. The interesting surprise this month was Microsoft accidentally making the security patch information known for a few hours the week before it normally does. I saw the items pop up in my RSS feed and thought, "Gee, that's not right?" but by the time I went to read them, they were gone, so I had to wait like everyone else. It will be interesting to see if the advance notice of the patches gives the bad guys something to work on.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-070/KB2571621 - Important (2003, 2008, 2008 R2): WINS packets can be manipulated to perform escalation of privileges attacks against Windows servers. The attack needs a valid username and password and requires the attacker to be locally logged on as well, which mitigates the risk. Install this fix during your usual patch cycle. 219KB - 1.2MB MS11-071/KB2570947 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Yet another exploit for documents on network drives being used to get the PC to load a malicious DLL from that location, for remote code execution with locally logged-on privileges. This time, the document formats are RTF, TXT, and DOC. Ugh. Patch at your usual time. 172KB - 983KB MS11-072/KB2587505 - Important (Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Mac, Microsoft Excel Viewer, Microsoft Office Compatibility Pack for Office 2007 Formats, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Office Web Apps 2010): This patch fixes five bugs with opening Excel documents that can allow an attacker to perform remote code execution attacks with the logged-on user's rights. While the attack is not so bad, Excel documents are so common and trusted that you should patch immediately. 4.0MB - 10.0MB MS11-073/KB2587634 - Important (Office 2003, Office 2007, Office 2010): Even more patches for opening Office files on network shares that can lead to loading libraries. This can wait until your normal patch time. There are known issues with this update. 5.0MB - 19.0MB MS11-074/KB2451858 - Important (Office Groove 2007, SharePoint Workspace 2010, Office Forms Server 2007, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Office Groove Data Bridge Server 2007, Groove Server 2010, Windows SharePoint Services 2.0, Windows SharePoint Services 3.0, Windows SharePoint Foundation 2010, Office Web Apps 2010): A variety of Microsoft server products are allowing cross-site scripting attacks (XSS) that can get a visitor to provide data to a third-party Web site. Patch this issue at your nearest convenience if you have the applicable products installed. There are known issues with this update. 3.4MB - 17.5MB

Other updates

KB2553018 - Windows SharePoint Services 3.0 update, with fixes for time zone and daylight savings changes. 488KB - 489KB

"The Usual Suspects": Updates to the Malicious Software Removal Tool (14.1 - 14.4MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2607712 - Certificate revocation list updates. KB2554629 - Small Business Server 2011 Update Rollup 1, containing a number of bug fixes. KB2554634 - Windows Home Server 2011 Update Rollup 1, containing a number of bug fixes. KB2554636 - Windows Storage Server 2008 R2 Essentials Update Rollup 1, containing a number of bug fixes. KB2570791 - Time zone and daylight savings updates. KB947821 - Update for the System Update Readiness Tool.

Changed, but not significantly: