Windows Patches. Article by Susan Bradley about WIN patches, etc.

Copyright © 2010 by WindowsSecrets.com. All rights reserved. Subscribe here:
http://windowssecrets.com/links/l65l3zq32heid/1cc1edh/?url=WindowsSecrets.com%2Finfo%2F


Keeping you up to date: say no to .NET — again

By Susan Bradley

.NET is one of the most troublesome updates we deal with.

In case you think you need June's .NET security updates, I'm here to tell you they're trouble — skip them.

MS11-039 and MS11-044
Two .NET updates with low security risks

Normally, I urge you to install all patches eventually. You want to act at the point that the risk of installing a patch is less than the risk of not patching. For the .NET updates MS11-044 and MS11-039, the risk of installation errors is greater than the risk of not patching. In the SRD blog, Microsoft remarks that it will be difficult to build a reliable exploit, even when a vulnerable application is found.

The list of known issues documented in KB 2538814, however, is long. In the worst-case scenario, you have to rip out all of the .NET versions on your system using the Aaron Stebner tool. In the least-terrible case, you must run a repair install of .NET 4, if it gets stuck.

Here's what's on offer:

MS11-039 — XP: KB 2478656, KB 2478658, and KB 2478663; Vista: KB 2478657, KB 2478659, and KB 2478663; Win7: KB 2478662 and KB 2478663

MS11-044 — XP: KB 2518864, KB 2530095, KB 2518864, and KB 2518870; Vista: KB 2518863, KB 2518865, and KB 2518870; Win7: KB 2518867, KB 2518870, and KB 2518869

I think Microsoft ought to be ashamed of how difficult it is to keep .NET updated. I don't come to this conclusion lightly. If you have already successfully installed these updates, congratulations. For the rest of you who are waiting, skip these updates altogether.

► What to do: Hide the June .NET security updates; do not install them.

2468871
Hold off on Office 2010 SP1 for now

The same day that Microsoft's online version of Office left beta and became final, Microsoft released Office 2010 Service Pack 1. When you go to Microsoft's update page, you can see that it's offered. But it hasn't been checked yet and thus won't automatically install. Given that it was JUST released this week, I strongly urge you to skip it for now because the service pack didn't go through a public beta process.

Not to be left out, Office 2003 and 2007 now get the security improvements that were offered among Office 2010's security enhancements. KB2501584 provides Office File validation that checks Office file formats and ensures that the binaries included in the files you open are appropriate and not malicious.

► What to do: For now, pass on both the Office 2010 service pack KB 2510690 and KB 2501584 until further testing is done.

2541763, 2547666, 2552343
Pass on the various issue patches

By now, you probably can guess what I'm going to say about the fourth Tuesday "issue" updates. At the end of the month, Microsoft releases its nonsecurity updates, which include resolving problems in Windows. In this case, we have some that affect Windows update conflicts with drivers in KB 2552343, a patch that fixes trouble with long URLs in browsing histories in KB 2547666, and one that ensures that SSL website pages can properly complete in KB 2541763.

Given that these are nonsecurity updates, I advise you to hold off on all of these to make sure there are no new problems or side effects.

► What to do: For now, hold off on installing KB 2541763, KB 2547666, and KB 2552343.

931125
Secure browsing with Root certifications

On a pretty regular basis, Microsoft releases updates to Root certificates. These are key to the Secure Socket Layers process on your computer.

Windows 7 and Vista automatically get their root certificates updated. For Windows XP, however, you have to install 931125 when the updated version is offered to you.

► What to do: Install KB 931125 on Windows XP.