Microsoft ‘Patch Tuesday’ – a big one this week

June 16th, 2011 by Stephen Jones Leave a reply »

Security Patches

MS11-037/KB2544893 – Important (XP, Vista, W7)/Low (2003, 2008, 2008R2): The way Windows handles the MHTML protocol can result in “information disclosure” (it looks like it would be similar in effect to a cross site scripting attack). You will want to patch this on your usual schedule.

MS11-038/KB2476490 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Image files in the WMF format can be used to perform remote code execution attacks, thanks to a vulnerability in the OLE Automation subsystem, this patch fixes it. Since it is easy to get a Web browser to display an image file, you should apply this patch immediately.

MS11-039/KB2514842 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A security hole in the handling of Silverlight is allowing Silverlight and XAML Browser Applications (XBAP’s) to be used to perform remote code execution attacks. Isn’t the whole point of Silverlight to make these things harder? Install this patch as soon as you can. Also, there are a lot of known issues with the patch, check out the KB article before installing it.

MS11-040/KB2520426 – Critical (Threat Management Gateway 2010 Client): The TMG client has a flaw that allows remote code execution attacks to be performed. If you use the TMG client, you should install this patch.

MS11-041/KB2525694 – Critical (Vista, W7, 2008, 2008 R2)/Important (XP, 2003): Problems with the OpenType font handler can allow remote code execution and escalation of privilege attacks. This patch closes those holes. Since an attacker can point a Web page to a network share to get a font file, you will want to close the hole with this patch as soon as you can.

MS11-042/KB2535512 – Critical (XP, 2003), Important (Vista, W7, 2008, 2008 R2): A flaw in the way Windows handles DFS processing can allow DoS and remote code execution attacks to be performed. Of course, you should be blocking DFS at the firewall, but this is still a concerning issue that you will want to patch immediately.

MS11-043/KB2536276 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): SMB packets can be used to exploit a vulnerability and perform remote code execution attacks. Like the DFS patch, you should be blocking this at the firewall, but you will still want to install this patch quickly.

MS11-044/KB2538814 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A flaw in the .NET Framework and the XBAP handling system can allow applications to run code that they are not allowed to run. This is a critical issue and should be treated as an emergency patch scenarioThe patch has some known issues that you should review first,

MS11-045/KB2537146 – Important (Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Max, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack): This patch resolves a eight vulnerabilities when opening Excel files, which can give the attacker the same rights as the logged on user. Microsoft says this is an “important” patch, but Excel files are so widespread that I recommend that you do not hesitate to install the patch.

MS11-046/KB2503665 – Important (XP, Vista, W7, 2003, 2008, 2008 R2): A problem with the Ancillary Function Driver (used to hook Winsock to the kernel) can be exploited to perform escalation of privileges attacks. This is a good example of Microsoft rating a patch as “important” when it really should be “critical.” Install the patch quickly.

MS11-047/KB2525835 – Important (2008, 2008 R2): In the “odd bug of the month” category, a logged on user in a Hyper-V guest VM can send a malformed packet to the Hyper-V host in order to perform a denial of services attack. If you use Hyper-V, you should install this patch during your normal patch time.

MS11-048/KB2536275 – Important (Vista, W7, 2008, 2008 R2): A problem with SMB packet processing can lead to DoS attacks. Your firewall should block these out, but you will still watch to install the patch when you have the chance.

MS11-049/KB2543893 – Important (InfoPath 2007, InfoPath 2010, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010): An XML editor control used in a number of Microsoft data handling products can be exploited to perform information disclosure attacks. Install this patch as needed for systems using the affected software, but check the KB article first for known vulnerabilities.

MS11-050/KB2530548 – Critical (IE 6, IE 7, IE 8, IE 9): This is a big cumulative update for IE 6 – IE 9 that resolves eleven vulnerabilities. Install it ASAP.

MS11-051/KB2518295 – Important (2003, 2008, 2008 R2): The Active Directory Certificate Services Web Enrollment is vulnerable to cross site scripting attacks that this patch fixes. This shouldn’t be available outside your network, and the patch only needs to be applied to your servers that support this functionality. Beware, the patch has some known “gotchas.”

MS11-052/KB2544521 – Critical (IE 6, IE 7, IE 8, IE 9): Vector Markup Language (VML) can be exploited in IE to perform remote code execution attacks. I didn’t even know that VML was still around. You will want to patch as soon as you can.

Other Updates

There are no non-security patches released with this Patch Tuesday.

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (12.9 – 13.3MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly: None.


Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2541014 – Fixes issues with hibernation in 2008R2 and W7 after installing SP1.

KB947821 – System Readiness Tool for Vista, W7, 2008, and 2008 R2.

Changed, but not significantly:

Patching M$ boxes

If you use the built-in M$ Windows Update or M$ Update services, then it’s a  M$-capped – ie. a truncated – connection ( it used to run @ a miserly 4kb/sec .. ) – rather like dropping down to the old modem-speed connectivity …

Consider  install & use of Autopatcher which queries the M$ download sites for your OS directly, and then downloads whatever it can find there – usually finding a more varied selection than the M$ updating services are able to display.

You can then apply those patches you wish to authorize. A bit like the Administrator-managed SUS/WSUS, but better – with fewer overheads, because directly end user-controlled

It’s also a good deal faster, customizable, storing downloaded patches on a logical drive or even a 2nd physical drive, ie. wherever you choose – and allow sufficient drive space – say 5 GB so those can be updated & redone as needed ( whereas M$ updating defaults to its own choice of directory & doesn’t allow user-defined destination selection )

Applied patches are shown in BLUE. Ones not yet applied to the system, are shown in BLACK


Here are some of the download(s) you will need to use AutoPatcher:

AutoPatcher Updater v1.3.0.1

File size – ~1.07 MB / MD5 Hash – 4381A7CEB003F02D598B8647FEE89D87

AutoPatcher User Guide Instructions PDF

File size – 679,607 Bytes

Rev Date: April 28th, 2008

For additional information on how to use the above files, please follow one of the below resources:

  • F.A.Q. – Frequently asked questions / common issues
  • AutoPatcher Forums – For all other questions / issues not answered in the FAQ

Trackbacks /

  1. md5 decrypt
  2. Entrepreneurship

Leave a Reply

You must be logged in to post a comment.