Welcome to the May 2009 issue of TechRepublic's Patch Tuesday coverage. The biggest item since April is that the Vista and Windows 2008 Service Pack 2 was released to manufacturing. Don't look for it in your automatic updates yet, because it's not there. In fact, at the time of this writing, it's not available to the general public yet either (MSDN and TechNet subscribers can access it, though).
I just finished installing it on one PC this morning, and I am trying to install it on another. I can tell you that as of now, you'll need to uninstall most of your language packs first. And many Vista machines seem to require that language packs be uninstalled one at a time... and each one takes 20 minutes. No idea what's wrong with those language packs (they also seem to interfere with the Add/Remove Windows Add-Ons system), but Microsoft really needs to correct that situation.
As another Microsoft Windows Vista SP2 heads up, it seems to have reset my default sound devices to the most recently installed items, so my soundcard was no longer putting out sound in favor of my phone headset.
Security patchesMS09-017/KB967340 — Critical (PowerPoint 2000) / Important (PowerPoint XP, Office 2003, Office 2007, Office 2004 and 2008 for Mac, Open XML File Converter for Mac, PowerPoint View 2003, PowerPoint Viewer 2007, Office Compatibility Pack 2007, Works 8.5, Works 9.0): There are a number of security bugs in PowerPoint (some privately disclosed, some publicly disclosed) that allow a specially modified PowerPoint file to take over your computer. This patch resolves the problems. It is critical for PowerPoint 2000 users and only important for all other users.
The patch changes the way PowerPoint handles memory when opening files, and it blocks the opening of PowerPoint 4.0 files. You should apply this patch immediately, since it is sure that attackers will be trying to exploit it with PowerPoint files supposedly containing images of serene scenes with words of wisdom and a calming soundtrack, advising you to appreciate the small things in life.
There are no major nonsecurity updates this month.
"The Usual Suspects": Updates to the Malicious Software Removal Tool, ActiveX Killbits (released on April 28th), and Junk Email filters.
Changed, but not significantly:
- MS09-008/KB961063 — Security Update for 2003 (updated metadata)
- .Net Framework 1.1 SP1 — (available for Vista SP2 and 2008 SP2)
- PowerShell 1.0 for Vista — (available for Vista SP2)
- .Net Framework 3.5 SP1 — (made smaller, CPU specific packages)
Updates since the last Patch Tuesday
There have been a number of minor items since the last Patch Tuesday:
- KB969497 — Updated compatibility view list for IE8
- KB944036 — IE8 for XP with Language Interface Pack
- KB947821 — System Update Readiness Tool
- KB953338 — Windows SharePoint Services 3.0 SP2
- KB955430 — Required update for additional updates to Vista and 2008 to work and a prerequisite from here on out
- KB961503 — Double-byte character string fix for XP, which affects Windows Live Messenger 14
Changed, but not significantly:
- IE8 for Vista and 2008 (added new language packs)
- MS09-012/KB952004 — Security Update for Windows 2000 (minor changes to the Norwegian version)
- KB110806 — .Net Framework 2.0 SP1
- KB929300 — .Net Framework 3.0 SP1 (changed priority from "Recommended" to "Important" for Japanese version)
- KB936330 — Vista SP1 (service pack blocker tool is now expired)
In addition, the following items have all been marked as available for Vista SP2 and 2008 SP2:
- MS07-040/KB929729 and MS07-040/KB928367 — Security updates for .Net Framework 1.1 SP1
- MS08-076/KB952068 — Security Update for 2008
- MS08-069/KB954430 — Security Update for MSXML 4.0 SP2
- KB948014 — WSUS SP1 Dynamic Installer
- KB955706 — SQL Server 2006 SP3 (all made available for Vista SP2 and/or 2008 SP2)
Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!
Justin James is an OutSystems MVP, architect, and developer with expertise in SaaS applications and enterprise applications.