RONAR.net

Sharable & Reusable Information Technology

March 10th, 2010

Microsoft Patch Tuesday: March 2010

In late February we saw a large dump of patches out of band. Not a single one was considered a security item. I know I have said this before, but this is really unacceptable. I do not think a single systems administrator has commented on one of these blog posts with praise for out-of-band, nonsecurity patches, and I would be highly surprised if it ever happens (I know I just invited a rash of sarcastic “I love it!” comments). That being said, there are only two security items this month, both of them related to opening poisoned files.

This blog post is also available in PDF format in a free TechRepublic download.

Security patches

MS10-016/KB975561 – Important (XP, Vista, 7, Microsoft Producer 2003): Specially crafted Movie Maker files can be used to exploit Microsoft’s Movie Maker and Producer 2003 applications and remotely execute code. This code is executed with the logged-in user’s permissions, which makes this less of a security concern. Install this patch during your next regular patch cycle. 1.7MB – 6.1MB

MS10-017/KB980150 – Important (Office XP, Office 2003, Office 2007, Office 2004 for Max, Office 2008 for Mac, Office SharePoint Server 2007, Excel Viewer, Office Compatibility Pack): A number of problems in Excel’s file handling exposed it to remote code execution attacks with the user’s permissions. Microsoft does not rate this as “critical,” but given the prevalence of Excel and the likelihood of users opening Excel files, you will want to install it immediately. 4.9MB – 221.5MB

Other updates

KB976002: This patch adds the new “browser ballot” to existing installs of Windows for European users affected by the recent legal actions around this issue. For some reason, they released it out of band in late February and again on March’s Patch Tuesday. 104KB – 745KB

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (9.7MB – 10MB) and Junk Email filters (2.2MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

No new security items were released out of band.

There have been a number of minor items added and updated since the last Patch Tuesday:

Windows Activation Update (KB971033) fixes some potential ways to work around the “Genuine Advantage” validation. 1.2MB **
Meiryo Fonts (KB975929) updates the Meirya Japanese fonts in Vista and 2008 to include some new, more easily read fonts. 9.7MB – 10.1MB
European “Browser Ballot” screen (KB976002) adds the new “browser ballot” to existing installs of Windows for European users affected by the recent legal actions around this issue. 104KB – 572KB
Application Compatibility Update (KB976264) improves compatibility in Vista, 7, 20008, and 2008 R2 for a large number of applications, including a number of games. 31KB – 3.3MB
.NET 2.0 SP2 Update (KB976569) and .NET 3.0 SP2 Update (KB976570) are both for XP and 2003 and fix a problem with some objects not serializing with .NET 3.5 and .NET 4. 226KB – 25MB
IE 8 JSON improvements (KB976662) gets IE8’s JSON handling (used in a lot of Web applications) in line with the latest standards. 336KB – 1.2MB
Fix for Romanian errors showing in Czech Windows (KB977617) 50KB – 57KB
Hanging W7 update (KB977632) resolves a problem where W7 machines with certain CPUs would hang if put to sleep or hibernated while running a VM in Virtual PC. 161KB – 183KB
Cumulative Media Center Update (KB977863) and TVPack Update (KB977864) fix a number of issues with Media Center and the Media Center TVPack on Windows 7. 4.2MB – 11.6MB
Compatibility Settings Fix (KB978637) for W7 and 2008 R2 addresses a scenario where a program that opens another ignores the compatibility settings. 263KB – 1.9MB
Rights Management Services Client Update (KB979099) for Vista and 2008 handles expired manifests for AD RMS enabled applications better. 4.0MB – 9.2MB
Daylight Savings Time Update (KB979306) gets Windows up to speed with recent changes to DST around the world. 145KB – 1.3MB