Here's some info on the past web browser updates and last month's patch Tuesday updates. I copy & pasted this from the 4/14/2011 Windows Secrets newsletter.
April brings showers of browser patches
[FONT=Arial,Sans-Serif]
[/FONT]
[FONT=Arial,Sans-serif]
By Susan Bradley
It seems like every other month is an especially large Patch Tuesday, but this week's is the largest we've ever had.
The flood of patches — including fixes for Internet Explorer — leaves no room for the update chart in the newsletter; you'll find it in the Windows Secrets Lounge via the link at the bottom of this story.
[/FONT][FONT=Arial,Sans-serif]
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-018 (2497640), MS11-019 (2511455), MS11-020 (2508429)
[/FONT][FONT=Arial,Sans-serif]
Start with these three critical updates
Because of the volume of updates this month, I've organized them by priority, starting with the three most critical: one for Internet Explorer (MS11-018; KB 2497640) plus two for Microsoft's SMB Client (MS11-019; KB 2511455) and SMB Server (MS11-020; KB 2508429).
The update detailed in MS11-018 affects Internet Explorer Versions 6–8 but not IE 9. Even so, I recommend that businesses hold off on IE 9 until I finish testing it. (I'll report my findings later this month.) In the meantime, Microsoft has already rolled out a preview of IE 10, as announced on an MSDN IEBlog page.
These IE patches were no surprise: they fix flaws revealed at the Pwn2Own hacking contest held during the recent CanSecWest Security conference. As noted in a Microsoft SRD blog, it took three blended vulnerabilities to attack a fully patched IE 8 machine. However, more IE 8 patches are in store, according to the blog — there are more vulnerabilities that Microsoft is still testing that do not pose a direct threat.
The patch also includes five nonsecurity fixes, including one for an IE 8 flaw that causes the browser to flicker on some computers with hybrid graphics.
Both of the SMB updates affect all versions of Windows — from XP to Server 2008 R2. The patches fix a file-sharing flaw that lets hackers trick users into making connections to malicious SMB servers.
► What to do: Everyone should put IE's KB 2497640 on their priority patch list. Businesses should do the same for KB 2511455 and KB 2508429. But I recommend everyone install them soon; they can be used as components in blended attacks that come in via Web browsing and then enter the network.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-026 (2503658), MS11-029 (2489979), MS11-032 (2507618) and MS11-031 (2514666)
[/FONT][FONT=Arial,Sans-serif]
Some critical fixes for browser-based attacks
This next set of updates to install addresses browser vulnerabilities, even though they're not patching Internet Explorer. The patch detailed in MS11-026 (KB 2503658) removes a threat in which specially crafted malicious websites (or parts of sites) can be used to attack and steal information from your browser cookies. The update is rated critical for all versions of Windows, from XP to Windows 7; and important for server operating systems.
MS-029 (KB 2489979) patches a remote-code exploit within graphics files; the attacks can occur when a user views maliciously crafted images or visits websites containing these images. The affected systems are Windows XP, Server 2003, Vista, and Server 2008 — as well as Office XP SP3.
The patch in MS11-032 (KB 2507618) is rated critical for systems running Vista, Windows 7, and Windows Server 2008; and important for Windows XP. The vulnerability is similar to the one described in MS11-029 but addresses fonts instead of graphics files.
Update KB 2514666, detailed in MS11-031, follows the same threat pattern as the previous two, but it fixes flaws in JScript and VBScript scripting engines.
► What to do: Install when offered or download manually KB 2503658, KB 2489979, KB 2507618 and KB 2514666 as soon as possible. Note that none of these threats can be initiated on its own; systems become vulnerable when the user clicks on Web content or links.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-033 (2485663), MS11-021 (2489279), MS11-022 (2489283), and MS11-023 (2489293)
[/FONT][FONT=Arial,Sans-serif]
A profusion of confusing Office apps updates
My advice for the following Office updates might be a bit confusing — so please follow this carefully.
If you are running Office 2007 and later, you should install all of these updates (all of which are rated important).
For Office 2003 and earlier, hold back until the next Patch Watch (in two weeks) — I need to test the interaction between PowerPoint 2003 and certain types of images.
These updates are a preliminary update to Security advisory 2501584, which has numerous Office Fixits, plus an update for the Office File Validation component.
OFV was introduced in Office 2010 and is a security feature that scans the content of files before it allows you to open them. It's now being backported to earlier versions of Office. Excel and Word documents have been used in recent attacks that even took on RSA Security, as reported in a Kaspersky Lab Threatpost story, compromising the company's two-factor security product. An Excel spreadsheet contained a zero-day, flash-embedded attack that was used to gather information needed to gain entrance to the firm's data.
Microsoft will probably offer both Office 2003 and 2007 versions of these preliminary updates — even if you have only Office 2003 installed (due to the Office Compatibility Pack that most Office users have installed on their systems).
► What to do: For more information on these updates, check out the following security bulletins:
MS11-033 for WordPad, MS11-021 for Excel 2002 and later, MS11-022 for PowerPoint 2002 and later, and MS11-023 for Office. Again, all of these patches are rated important.
If you use Office 2003, be careful when opening up files from unknown sources for now; I'll walk you through the solution for PowerPoint in the next Patch Watch.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-024 (2527308)
[/FONT][FONT=Arial,Sans-serif]
Vulnerability uses faxes to take over PCs
If you use Windows' built-in faxing service, I urge you to install the update described in MS11-024: otherwise, a hacker could use a malicious fax cover sheet to gain access to your computer. The update is rated important for all current versions of Windows.
Depending on the fax services installed, you might see two updates offered. Patches KB 2491683 and KB 2506212 showed up on my XP system. Home versions of Vista will probably not get KB 2491683, but business versions likely will.
► What to do: Go to Support Bulletin MS11-024 for more information and downloads. Install KB 2491683 for the fax cover sheet editor on business operating systems and the fax component of KB 2506212 on all other operating systems.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-028 (2484015)
[/FONT][FONT=Arial,Sans-serif]
.NET can be .skipped for now
The .NET 2.0, 3.5, and 4 provided in MS11-028 are large and icky — icky because historically they've had the worst reputation for installation problems. So I recommend you hold off installing these updates until you have the time, patience, and fortitude to tackle them. The vulnerability they address is not expected to be easily coded into an attack, so I feel reasonably confident that there will be less harm in not patching than in the damage that might occur if you do.
Patches KB 2446704 (for .NET 2 and 3) and KB 2446708 (for .NET 4) will inevitably bring up the "Do I need .NET, and can I uninstall it if it causes this many issues?" question. The answer is in the applications you have installed. Quickbooks 2011, for example, uses .NET 3.0. So if you use that application, I strongly recommend you not uninstall .NET.
► What to do: Skip the MS11-028 updates until the next Patch Watch, in which I'll give you a refresher course in .NET patching.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-025 (2500212), MS11-027 (2508272) and MS11-030 (2509553)
[/FONT][FONT=Arial,Sans-serif]
Patches that might affect line-of-biz apps
I recommend holding off on the next three updates until there is more data on what they do to line-of-business applications.
MS11-025 is an update to several developer applications, and I've seen both the C++ 2005 and the C++ 2008 versions installed with various versions of QuickBooks, a popular small-business accounting package. The update has numerous known issues, listed in MS Support article 2500212. For example, you might get a message that the update is not applicable. When you acknowledge the message, you receive an error message. Microsoft is still researching this, as noted in the article.
Active X kill bits can also affect line-of-business apps, so I always recommend holding back and not patching these immediately. Wait for the next Patch Watch before installing the patches in MS11-027.
MS11-030 patches a flaw in the MS DNS Client service (definition). The threat is more likely to occur within large, corporate networks. I don't see any real risk for home or small-business users.
► What to do: Hold back on all these updates — I'll report back next time. For more information, consult security bulletins MS11-025, MS11-027, and MS11-030.
[/FONT][FONT=Verdana,Arial,Sans-serif]
MS11-034 (2506223)
[/FONT][FONT=Arial,Sans-serif]
Windows kernel update is a whopper
Of the 64 vulnerabilities patched this month, almost half are included in this update. With that many fixes, you'd think I'd be urging you to patch. But precisely because these are kernel updates, I recommend holding off at least until the end of the month. Frequently, before installing a kernel update, you need to make sure your antivirus program is up-to-date. In this case, an attacker must have direct access to a system to take advantage of these vulnerabilities — which means most PC users can err on the side of patching caution.
In the meantime, make sure you are on the latest engine of your antivirus product.
► What to do: Put the update in MS11-034 on hold for now.
[/FONT][FONT=Verdana,Arial,Sans-serif]
2506014
[/FONT][FONT=Arial,Sans-serif]
A new tool for preventing troublesome rootkits
An interesting security advisory was released this month that gives antivirus vendors enhanced ability to detect rootkits, which are often hard to detect and remove.
► What to do: Before installing KB 2506014, install and run Malwarebytes' AV scanner Anti-Malware. Once it's done, install the update and then scan again. Why? It will let you see whether you have a rootkit and whether the update has any real effect.
[/FONT][FONT=Verdana,Arial,Sans-serif]
2509470
[/FONT][FONT=Arial,Sans-serif]
Outlook gets extended authentication
Since 2009, Microsoft has been releasing updates that strengthen the authentication of different applications. This month is Outlook's turn, via the update provided in support article 2509470.
► What to do: Pass on KB 2509470 for now. Given the various types of e-mail connectivity we work with today, it's best to let others test the update and make sure it works perfectly.
Regularly updated problem-patch chart
This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. On heavy patch weeks (such as this week), you'll find the table in the Windows Secrets Lounge Patch Watch column post via the link below.[/FONT]
