Microsoft has detailed the contents of yesterday's "Patch Tuesday" release, a massive security update that includes a grand total of 17 Microsoft security bulletins covering 64 separate security vulnerabilities. The impacted technologies and products include several variants of Windows client and Windows server, Internet Explorer 6 through 8, multiple version of Microsoft Office, and multiple versions of Microsoft Visual Studio, GDI+ and the .NET Framework. (Microsoft alsoissued an advance patch notification
on April 7th.)
I spoke earlier this week with Jerry Bryant, Microsoft group manager of response communications in the trustworthy computing group. Bryant suggested that IT administrators focus on the following updates as being the most significant: an update to the 64-bit edition of winload.exe, back-porting of file validation to Office 2003/2007, and three other specific security bulletins:
Security Advisory 2506014 - Update to 64-bit Winload.exe to Prevent Certain Rootkits: Microsoft has updated winload.exe on 64-bit systems in order to more effectively expose installed rootkits and improve interoperability with third-party anti-malware software, allowing them to more easily detect and elminate rootkits. (Read more in Microsoft Security Advisory 2506014.)
More patch resources:
Security Advisory 2501584 - Backporting of Office 2010 File Validation to Office 2003/2007: A successful security feature introduced in Office 2010 -- Office File Validation -- is now being added retroactively to Office 2003 and 2007. Read more details on the Microsoft Office blog or on the relevant Microsoft security advisory page.
Security Bulletin MS11-018 - Cumulate IE 6/7/8 Vulnerabilities Update: Microsoft MSRC tweeted about this update earlier this week, and Bryant added that this vulnerability has come under some limited, targeted attacks. "It's not a widespread attack, but we'd advise everyone to apply this update," Bryant said. This update addresses five IE vulnerabilities, including one that was exploited by a security researcher to defeat Internet Explorer 8 at the recent CanSecWest Pwn2Own contest. Read more about this update on the relevant security bulletin page.
Security Bulletin MS11-019 - Vulnerability in SMB Client: This update resolves a pair of reported vulnerabilities for Microsoft Windows that could allow remote code execution. It impacts most versions of Microsoft Windows from Windows XP SP3 onwards. Read more in the related Microsoft security bulletin.
Security Bulletin MS11-020 - Vulnerability in SMB Server: According to Bryant, this update was the result of private disclosure of the flaw by a third party. It impacts all currently supported version of Windows Server, and Bryant encourage IT administrators to patch this as soon as possible. Read more in the related Microsoft security bulletin.
nice risk assessment by Jonathan Ness
of the MSRC engineering team of all the April security updates on the Microsoft Security Research & Defense blog, and a Microsoft webcast by Ness and Bryant provides a
good overview of all the updates in video form
Have any thoughts on this mother of all patch Tuesdays? Tell me what you think by commenting on this blog post or taking up the discussion on
Follow Jeff James on Twitter at @jeffjames3
Windows IT Pro
on Twitter at