April brings showers of browser patches

Topic

New Reply

	PATCH WATCH[/size][/font] April brings showers of browser patches[/size]
	By Susan Bradley It seems like every other month is an especially large Patch Tuesday, but this week’s is the largest we’ve ever had. The flood of patches — including fixes for Internet Explorer — leaves no room for the update chart in the newsletter; you’ll find it in the Windows Secrets Lounge via the link at the bottom of this story.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2011/04/14/08 (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Regularly updated problem-patch chart[/b]
This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table.[/size]

Patch [/size]	Released [/size]	Description [/size]	Status [/size]
2387530 [/size]	02-22 [/size]	Win7 hotfix for configuring Wi-Fi services (optional update) [/size]	Skip [/size]
2484033 [/size]	02-22 [/size]	XPS document print patch for Windows 7 (optional update) [/size]	Skip [/size]
2505438 [/size]	02-22 [/size]	Fixes possible performance problems running some apps [/size]	Skip [/size]
2487426 [/size]	02-08 [/size]	Win7 fix; running x32 apps in x64 OS (optional update) [/size]	Hold [/size]
976932 [/size]	02-22 [/size]	Windows 7 Service Pack 1 [/size]	Hold [/size]
2446708 [/size]	04-12 [/size]	.NET 4 — historic patching issues [/size]	Hold [/size]
2446709 [/size]	04-12 [/size]	.NET 2/3.5 — historic patching issues; KB 2446710 for Win7 SP1, KB 2446704 for XP [/size]	Hold [/size]
2509470 [/size]	04-12 [/size]	Extended Protection for Outlook — past issues [/size]	Hold [/size]
2464588 [/size]	04-12 [/size]	PowerPoint 2003; KB 2464617 for 2002, 2464594 – 2007, 2519975 – 2010 [/size]	Wait [/size]
2467023 [/size]	02-08 [/size]	Win7 fix; load/unload binaries flaw [/size]	Wait [/size]
2467174 [/size]	04-12 [/size]	MS11-024, Visual C++ — check line-of-business impact [/size]	Wait [/size]
2467175 [/size]	04-12 [/size]	MS11-025, Visual C++ 2005 — check LOB impact [/size]	Wait [/size]
2506014 [/size]	04-12 [/size]	Hardening the system for prevention of root kits [/size]	Wait [/size]
2506223 [/size]	04-12 [/size]	Windows Kernel patch [/size]	Wait [/size]
2508272 [/size]	04-12 [/size]	ActiveX Kill bit — wait for further testing [/size]	Wait [/size]
2509503 [/size]	04-12 [/size]	Office 2003; KB 2509461 for XP, 2509488 – 2007 [/size]	Wait [/size]
2509553 [/size]	04-12 [/size]	DNS flaw — unlikely threat for home/small-biz users [/size]	Wait [/size]
2511250 [/size]	04-12 [/size]	Printing fix for IE9 — hold back on IE9 for now [/size]	Wait [/size]
971029 [/size]	02-22 [/size]	Flash-drive patch for Windows XP [/size]	Optional [/size]
2393802 [/size]	02-22 [/size]	Kernel patch triggered BSOD; use Symantec solution [/size]	Install [/size]
2412687 [/size]	04-12 [/size]	GDI+ — exploits unlikely [/size]	Install [/size]
2464623 [/size]	04-12 [/size]	PowerPoint viewer 2007 [/size]	Install [/size]
2466156 [/size]	04-12 [/size]	Office Compatability Pack security update [/size]	Install [/size]
2485663 [/size]	04-12 [/size]	WordPad — more critical on XP [/size]	Install [/size]
2491683 [/size]	04-12 [/size]	Windows Fax cover-page flax; KB 2506212 for XP [/size]	Install [/size]
2497640 [/size]	04-12 [/size]	Internet Explorer — attacks in the wild [/size]	Install [/size]
2503658 [/size]	04-12 [/size]	MHTML — public exploits seen [/size]	Install [/size]
2507618 [/size]	04-12 [/size]	OTF Font — attacks unlikely [/size]	Install [/size]
2508429 [/size]	04-12 [/size]	SMB Server — not at high risk [/size]	Install [/size]
2508958 [/size]	04-12 [/size]	Fixes issues with Office updates [/size]	Install [/size]
2510531 [/size]	04-12 [/size]	JScript and VBScript — exploit unlikely [/size]	Install [/size]
2511455 [/size]	04-12 [/size]	SMB client — likely to see exploits [/size]	Install [/size]

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.
[/size][/font]

Reply | Quote

Re Patch 2393802 (Kernel patch triggered BSOD): Should I install the patch or use the Symantec solution? After reading the information on the Symantec site, I’m not even sure if the patch would be a problem for my home computer. I use Windows XP SP3 and I know what the BSOD is, but I don’t really understand the rest of the issue. Thanks.

Reply | Quote

IF you have those video cards, look for a new driver, otherwise install the update.

Reply | Quote

What are the video cards that would require a new driver? How do I know if I have them? If I do, how do I get the new driver? I have a Dell Dimension 8300, purchased in 2004.

Reply | Quote

What are the video cards that would require a new driver? How do I know if I have them? If I do, how do I get the new driver? I have a Dell Dimension 8300, purchased in 2004.

Please post this question in the hardware forum.

Joe

--Joe

Reply | Quote

Please post this question in the hardware forum.

Joe

Sorry. I was trying to get a further explanation from Susan Bradley of how to handle KB2393802 and determine whether, as she wrote, I install the patch or use the Symantic solution and update my graphics driver. I don’t know how to determine whether I have the video card that requires the Symantic solution and then, if I do, how to get the appropriate driver. Do I need to post that to the hardware forum? Thanks.

Reply | Quote

Sorry. I was trying to get a further explanation from Susan Bradley of how to handle KB2393802 and determine whether, as she wrote, I install the patch or use the Symantic solution and update my graphics driver. I don’t know how to determine whether I have the video card that requires the Symantic solution and then, if I do, how to get the appropriate driver. Do I need to post that to the hardware forum? Thanks.

All the more reason to post in the hardware forum. The folks who hang out there have lots of experience with most aspects of hardware.

Joe

--Joe

Reply | Quote

Certain systems that have Intel integrated graphics or AMD ATI HD graphics cards may crash after this security update is installed. Microsoft has investigated this issue in partnership with both Intel and AMD. We have identified an incompatibility between this update and certain older versions of the Intel and AMD graphics drivers. Both Intel and AMD have posted updated drivers that resolve this issue.

For more information about how to obtain updated drivers to resolve this issue, visit the following webpages:

Intel
http://wer.microsoft.com/responses/resredir.aspx?sid=3320 (http://wer.microsoft.com/responses/resredir.aspx?sid=3320)

AMD
http://wer.microsoft.com/responses/resredir.aspx?sid=3319 (http://wer.microsoft.com/responses/resredir.aspx?sid=3319)

Reply | Quote

Certain systems that have Intel integrated graphics or AMD ATI HD graphics cards may crash after this security update is installed. Microsoft has investigated this issue in partnership with both Intel and AMD. We have identified an incompatibility between this update and certain older versions of the Intel and AMD graphics drivers. Both Intel and AMD have posted updated drivers that resolve this issue.

For more information about how to obtain updated drivers to resolve this issue, visit the following webpages:

Intel
http://wer.microsoft.com/responses/resredir.aspx?sid=3320 (http://wer.microsoft.com/responses/resredir.aspx?sid=3320)

AMD
http://wer.microsoft.com/responses/resredir.aspx?sid=3319 (http://wer.microsoft.com/responses/resredir.aspx?sid=3319)

There is also the real underlying issue with this and other MS Updates which attempt to change Windows system kernel drivers. And we all know that Microsoft has a dismal history with any sort of driver updates.

The patch installers are set up by default to avoid overwriting OEM modified system files or drivers. This means that a small percentage of OEM Windows installations will not be patched, even though MS Updates reports that the patch has been successfully installed. So the patch is endlessly reoffered each time MS Updates is run.

Note Bene! Have an Image Backup of your Windows System ready if you attempt to force any Windows patch to install after an initial error.

There is a workaround, but it involves running a stand-alone installer in Windows Safe Mode with a RUN Command and a “/overwriteoem” switch. This is a dangerous operation which can result in a BlueScreen of Death or a complete loss of video display.

Best to leave well enough alone if this patch does not install properly the first time around. Driver updates may help, but in some cases they do nothing to improve the chances of a successful installation. In any event, many security programs will also cause issues with this patch, and they must be uninstalled before and reinstalled after successful application of the patch.

The Intel Driver Update Utility will identify and update any obsolete Intel drivers, including graphics drivers. But this utility installs generic Intel drivers. Some OEM drivers are modified, and the Intel generic drivers have been known to be incompatible with some OEM hardware configurations. The Intel utility is at:

http://www.intel.com/support/graphics/sb/CS-009482.htm

The conclusion I have reached is that this and other Windows kernel driver patches are more trouble than they are worth. This entire class of patches should be hidden from MS Updates if any problems are encountered on a particular computer with any one of them.

Just my opinion, based on forcing this update onto an old Windows XP laptop with OEM Windows and Intel chipsets.

And there’s another patch just like this one in the April MS Updates. Oy!

-- rc primak

Reply | Quote

Is there a recommendation for KB2464583 (for Excel 2007)?
Thank you.

Reply | Quote

Is there a recommendation for KB2464583 (for Excel 2007)?
Thank you.

Haven’t seen issues with that one. I think I missed it in the chart, go ahead and deploy and I’ll have Tracey update it.

Reply | Quote

Windows Vista & Office 2000… I always wait to read the Patch Watch column before installing my patches but I’m often frustrated because I usually have one or more patches that are not listed in the column! For example, in this set of patches I have KB2509488, KB2464635 & KB2449742 that were not listed in the column and are not in the table of patches above. Also, this time I have 2 or 3 additional new patches that were not listed in the column but are listed in the table above! Is there any explanation for all these missing patch numbers?

Thanks, Bill

Reply | Quote

With regards to the Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2467175) patch, the text displayed is correct, but the url points to http://support.microsoft.com/default.aspx?scid=kb;en-us;246175
It should read 2467175. It’s missing the first ‘7’.

Reply | Quote

For KB2596014: I ran the free version of MalwareBytes (MBAM) on my Win7 machine, then installed this patch, then reran MBAM again and everything was fine. Looked at patches offered for my XP machine and this one wasnt among them. Is it not for XP? I tried to look in MS support for info but the current info for 2596014 has changed and there is no mention of rootkit but it refers to unsigned drivers and to an error that occurs when the update is installed. I’m curious why that changed, but mostly want to know if this patch is not for XP.

Thanks for any help,
Gary

Reply | Quote

MS Release Bulletin: Also http://www.microsoft.com/security/pc-security/bulletins/201104.aspx is handy

Reply | Quote

For KB2596014: I ran the free version of MalwareBytes (MBAM) on my Win7 machine, then installed this patch, then reran MBAM again and everything was fine. Looked at patches offered for my XP machine and this one wasnt among them. Is it not for XP? I tried to look in MS support for info but the current info for 2596014 has changed and there is no mention of rootkit but it refers to unsigned drivers and to an error that occurs when the update is installed. I’m curious why that changed, but mostly want to know if this patch is not for XP.

Thanks for any help,
Gary

Yes, it’s only for Win7’s not xp because xp doesn’t enforce signed drivers.

Reply | Quote

Haven’t seen issues with that one. I think I missed it in the chart, go ahead and deploy and I’ll have Tracey update it.

Just want to let everyone know I have 6 PC’s out of 200 that are crashing after this update has been installed. the weird part is that it only happens to excel files that are on a users desktop. I am working with MS to resolve the issue. I will update once I get this resolved.

Reply | Quote

KB2524375 – regarding the fraudulent digital certificates and possible spoofing: I was not able to find a recommendation on this patch, which I was offered. Is this a new one, or did I just miss it in previous newsletters? It looks new, as the advisory was published March 23 and revised April 19, 2011. Any recommendations?

Thanks,
Gary

Reply | Quote

I have been following Window’s Secrets and Woody’s Watches for quite a while. They have been a great source and resource which I have recommended to many people. I normally wait until the “reviews” of current updates and patches come out before I let Microsoft Update install a plethora of security fixes. This time I put caution aside and blindly accepted Microsoft’s offering on a Windows 2000 Pro platform. Little did I know what would happen next!

I know that Microsoft ended support for Win2k last July, but I also know they continue to supply security updates, even for obsolete platforms like Win2k. What I did not expect was for the security update to “break” existing software installed on Win2k. It took me several hours to discover why my antivirus was failing and what the culprit was. The Microsoft DLL Hell has returned!

I do not know if other users have had the same experience, but I wanted to pass along what I have found for you to use as you see fit. The (my) problem started with the April 12th release of updates, specifically Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package
(KB2467175) and 2008 Service Pack 1 Redistributable Package (KB2467174). After rebooting my AVG Antivirus failed to load with a cryptic error message:
“…FindActCtxSectionStringW not found in Kernel32.dll…”
A Google search finally led me to the following site.
http://tedwvc.wordpress.com/2011/04/13/new-redists-break-all-dynamically-linked-mfc-20052008-apps-on-windows-2000/
>> “New redists break all dynamically linked MFC 2005/2008 apps on Windows 2000. The new
>> VCRedists that were rolled due to the multi-version security update breaks all dynamically
>> linked MFC 8.0 and 9.0 (VC2005/VC2008) apps that have ever shipped and are deployed to
>> Windows 2000. Any app that doesn’t have a local copy of MFC in their program folder is
>> affected. Windows 2000 still installs the DLLs to WinSxS. So the old ones are still there. …
>>…So the workaround is to copy from the WinSxS folder the older version of MFC8 or 9 back to
>> system32 or your program folder. But of course, this solution not benefitting from the security
>> updates that are so important. So the best workaround is wait for a new version to be
>> issued by Microsoft.”

I opened a complaint with Microsoft Support with a closing line of
” So when will Microsoft “FIX” the faulty updates?? Win 2000 may be obsolete, but I do NOT expect Microsoft Update to break my software. Operating System: Windows 2000”.

I got a response within the 24 hours and replied. In addition I added another blurb of info:
http://blog.m-ri.de/index.php/2011/04/14/bug-black-patchday-for-all-os-from-xp-and-later-3-mfc-8-0-vc-2005-or-mfc-9-0-vc-2008-linked-dynamically-to-the-mfc-may-not-find-the-mfc-language-dlls-after-installation-of-the-security-packs-d/
>> Problem with FindActCtxSectionString in MFC security updates on all platforms Martin Richter
>> has written a blog entry on a serious issue that was introduced when the MFC security
>> updates were released on April 12. The culprit is, again, FindActCtxSectionString, but in
>> this case it actually affects ALL platforms. Please read the following blog entry.
>> This is the English translation of >> the already published German article:
>> BUG: Schwarzer Patchday für alle OS XP und später 3. – MFC 8.0 (VC-2005) oder MFC 9.0
>> (VC-2008) die dynamisch gelinkt wurden finden die MFC Sprach-DLLs evtl. nicht mehr nach
>> Installation der Sicherheitspatches vom
>> 12.04.2011
>>
>> BUG: Black Patchday for all OS from XP and later 3. – MFC 8.0 (VC-2005) or MFC 9.0 (VC-2008)
>> linked dynamically to the MFC may not find the MFC language DLLs after installation of the
>> security packs dated April 12th 2011 Affected are:
>> All programs created with MFC 8.0 and MFC 9.0 that link dynamically to the MFC DLLs .
>> All operating systems from Windows XP and later. 32bit as 64bit Al programs that do not
>> use an application local installation (program directory, see note at the bottom of the article).
>> So all programs that use and depend on WinSxS and VCRedist_x86.exe ( VCRedist_x64.exe).
>> All programs that are localized and use the MFC90xxx.DLL or. MFC80xxx.DLL language-DLLs
>> and the OS system language is not set to English. It is affected due to the security fixes
>> offered April 12th, 2011:
>> For VS-2005 SP1 http://support.microsoft.com/kb/2465367 and
>> http://support.microsoft.com/kb/2467175
>> For VS-2008 SP1 http://support.microsoft.com/kb/2465361 and
>> http://support.microsoft.com/kb/2467174
>> Failure description:
>> The MFC language DLLs (satellite DLLs) are not loaded any longer. Parts of the application
>> appear in English and not the selected language from the OS.
>> Background:
>> To prevent loading of wrong satellite DLLs (Binary Planting), an internal function in appcore.
>> cpp named _AfxLoadLangDLL was changed. It checks if an activation context is active or not
>> and if the DLLs should be loaded using this context. If there is an activation context active it
>> is safe to load the satellite DLLs(MFCDEUxxx.DLL etc.) without defining a full path. If no
>> activation context is active the path of the current application is used to load and find the
>> satellite DLLs. The DLLs are loaded with a call to LoadLibrary.

If the support cycle for Windows 2000 has ended, why was a security patch rolled out which globally updates all Operating Systems including Windows 2000? I find it difficult to believe that a Security Update would be rolled out without full knowledge of the consequences of applying said updates to “unsupported” or “obsolete” Operating Systems. I am not asking Microsoft to open support for Windows 2000. I do expect Microsoft to take responsibility for the “Automatic Update” process, and to acknowledge when they have mishandled a Security Update. Consumers who are unfortunate enough to “trust” the “Automatic Update” process are left with disabled software. The Microsoft solution appears to be “open your wallet”, not “we made a mistake”.

After I replied to Microsoft Support, I received my anticipated response:
>> Thank you for your reply.
>> I am sorry for the inconvenience the issue have brought to you. However, please understand that
>> we have stopped the Extended Support for Windows 2000 as part of the Microsoft Lifecycle
>> Support Policy since July 13, 2010. Meanwhile, please be assured I will forward your feedback
>> to our Product Team.
>> At this time, I will close this Service Request as Not Resolved.
>> Although we didn’t provide the effective solution this time, we still want to let you know
>> that we always strive to provide high level support to our customers and hope you are happy
>> with the whole process so far with this service request. If there is anything you are not very
>> satisfied with, please don’t hesitate to let us know as your feedback is very valuable and
>> meaningful to help us improve our service process and quality. Your feedback can be the
>> overall experience for this case and the Microsoft product. Our goal is to provide 1st class
>> customer service to our customers.
>> Thank you again for using Microsoft Support Services.
>> Best Regards,

I really should have known better than to accept Microsoft Updates without going to Window’s Secrets first. Tuff luck to anyone who falls victim to said updates. “Caveat Emptor”

Reply | Quote

They screwed up the detection on this one. They pulled win2k detection later. It never should have been offered in the first place.

Reply | Quote

And what about Update for Microsoft Silverlight (KB2526954). Advice please. Thanks.

Reply | Quote

What’s your recommendation for KB2526954 (Update for MS Silverlight)? Thanks.

Reply | Quote

Has anyone installed Service Pack 1 for MS Office 32-bit KB2510690? It’s not on Susan’s list.

Reply | Quote

Has anyone installed Service Pack 1 for MS Office 32-bit KB2510690? It’s not on Susan’s list.

Yes. And it’s been a week without any problems.

Reply | Quote

In your review of Windows patches, you sometimes reference the Security Bulletin number and sometimes the Knowledge Base number. For us SOHO users, all we’re seeing in Windows Update is the KB number. Would you please always reference this, even if you’ve already give the SB number?

That would be a great help, making it easier to follow your advice.

Thanks!

Reply | Quote

Any reason that 2446710 released on 4/12 is not on the list??

Reply | Quote

Missed it. I’ll have Tracey add it. For now hold off on ANY .net update.
OH I see why. 2446710 is for .net on Win7 sp1. I haven’t installed Win7 sp1 so that’s why I didn’t list it.

Reply | Quote

Missed it. I’ll have Tracey add it. For now hold off on ANY .net update.
OH I see why. 2446710 is for .net on Win7 sp1. I haven’t installed Win7 sp1 so that’s why I didn’t list it.

Makes sense. Thanks for the info.

Reply | Quote

Print issues Outlook 2007 after installing KB2509470 | HowTo-Outlook:
http://www.howto-outlook.com/news/print-issues-outlook-2007-after-installing-kb2509470.htm

After installing KB2509470 , you can experience an issue with printing or previewing messages or other Outlook items in Memo style and receive the following error;

There is a problem with the selected printer. You might need to
reinstall this printer. Try again, or use a different printer.

For Plain Text messages this error can be preceded by;

Outlook has encountered a problem. You will not be able to undo this
action once it is completed. Do you want to continue?

After this error, Outlook could take high CPU (100% CPU for a single core).

Workarounds

1. Close Outlook.
2. Locate |OutlPrnt| and rename it to .old. This will reset your
current print settings.
* Windows XP
|C:Users%username%AppDataRoamingMicrosoftOutlook|
* Windows Vista and Windows 7
|C:Documents and Settings%username%Application
DataMicrosoftOutlook|
3. Restart Outlook and you should now be able to print again.

Sadly this often only works for 1 print or preview and you’ll have to repeat the process again for your next print. In some cases, restarting Outlook is sufficient and you can print as long as you no longer use the Print Preview function.

*Workaround 2*
Another workaround is to save the message as a htm-file or txt-file first and then print the saved file.

The Outlook Team is aware of this issue and is looking into it. If you need to do a lot of printing and suffer from this issue, you can safely uninstall the update for now as it is a functional update and not a security update.

Reply | Quote

My system was down recently, & I had to reinstall Win7 and probably missed an issue or two of Windows Secrets. I held off on reinstalling some updates which hadn’t been given a green light at the time my system went down. I have identified all but 4 for which I haven’t been able to find a recommendation – KB2286198, KB2419640, KB2475792 & KB2454826. Did I miss something somewhere?

The patch table is really a great tool and you provide a lot of peace of mind with the screening you do.

Reply | Quote

Like BillWilson, my MS Updates included KB2464635, and also KB2502786, neither of which I could find in the column or on the list. However, when I clicked on the web links for those numbers on my Updates list, they took me respectively to MS11-022 and MS11-021, which I did find in the column. Question: Am I correct that these are the Office 2003 versions of KB248283 and KB2489279, and are two more of the Office apps updates I need to wait on? Thanks.

Reply | Quote

Bobprimark Post #21 It would be nice if you mentioned which patch you were talking about!

Reply | Quote

Bobprimark Post #21 It would be nice if you mentioned which patch you were talking about!

http://support.microsoft.com/kb/2393802

Reply | Quote

Every month, Microsoft publishes a description of all the fixes they release for that month:

http://www.microsoft.com/technet/security/bulletin/MS11-jan.mspx

This is the release description for January 2011. To see the other release bulletins for 2011, just edit the URL and change the 3 char month ID.

In this release bulletin, they have a section describing the affected software versions in a big table sorted by MS11-0xx across the top. There should be no reason to ask if a KB# applies to your Windows Version or Office Version if you read this bulletin.

There should also be no reason to miss a KB# which applies to Win 7 SP1 instead of SP0 because this is clearly described in the bulletin.

Reply | Quote

Hello there Susan. Thanks for the great table, it is really a great benefit.

I do have a thought, which you can take or leave as you will.

With respect to the table, I for one would really appreciate it if the table has the column where the MS**-*** item is listed as well as the KB item. This would make cross referencing the item or looking for it in the lists easier.

Just my thoughts and two cents – or is it 102 cents with inflation – worth.

Sincerely,
Clifford

Reply | Quote

Susan, re: “Some critical fixes for browser based attacks”. If they’re all critical, why was I only offered 1 (KB 2503658) out of the 4 updates? Using XP with SP3, and it looks like all 4 updates apply. Would they be offered later? Is it safe to manually download if not offered? Many thanks!

Reply | Quote

Hello Ms. Bradley,
I tried to do the larger WSL subscribers a “value-added” favor by forwarding my own checklist based on your article, “April brings …”
The moderator deleted it for not obtaining your permission (it was sufficiently different using public knowledge that I don’t believe I needed as long as I gave credit) and he deleted it for reducing the potential for the unsubscribed to subscribe. I disagree on both accounts; please find my reply as well the checklist. To the latter question, I think of the “checklist” as a “teaser rate” that might induce folks to subscribe to WSL and seek out your other works or WSN.
Regards, Robin

7:42 PM 4/19/2011
I am a paid subscriber and I quoted the source. It took me sometime to make a simple list from the somewhat wordy article and thought it might
be helpful to administrators; no copyright infringement was intended. I do think the writer should have linked to a table; this article begged for a simple table summarizing the steps. Today, I needed the list from another location and was disappointed to find it had disappeared.
Regards, Robin

10:00 PM 4/15/2011

7:21 PM 4/17/2011

Install when offered or download manually soon as possible

• MS11-026 (KB 2503658) update is rated critical for all versions of Windows, from XP to Windows 7; and important for server
operating systems

• MS-029 (KB 2489979) Windows XP, Server 2003, Vista, and Server 2008 — as well as Office XP SP3
• MS11-032 (KB 2507618) is rated critical for systems running Vista, Windows 7, and Windows Server 2008; and important for

Windows XP
• Update KB 2514666, detailed in MS11-031

3. Put the update in on hold for now
• MS11-028 .Net
• MS11-025, Online Biz
• MS11-027 Online Biz
• MS11-030 Online Biz
• MS11-034 Kernel

4. troublesome rootkits

• Install and run Malwarebytes’ AV scanner Anti-Malware
• Once it’s done, install the update KB 2506014 and then scan again

5. Outlook gets extended authentication

Pass on KB 2509470

Reply | Quote

Susan,

I was just offered KB2526954 as “Important”. How do you feel about Silverlight updates? Are they ‘always install’ as with the monthly Malwares from Microsoft?

You might put a message at the top of your table about the types of updates to which you never object.

Norman

Reply | Quote

Ditto re Silverlight update KB2526954. Is it OK to install this one? All Silverlight updates?

Reply | Quote

I have installed the Silverlight update KB2526954 on three machines now without incident. But then, I stream Netflix, which requires Silverlight, and I want to keep it updated.

Reply | Quote

Hi. The text of the article says

Update KB 2514666, detailed in MS11-031, follows the same threat pattern as the previous two, but it fixes flaws in JScript and VBScript scripting engines.

Maybe I don’t understand how it works, but in WSUS, this update comes out with different KB numbers. 2514666 is nowhere to be found.

Reply | Quote

Trying to clean up loose ends, and have one from the April 14 problem-patch chart. Susan suggested we wait on MS11-023 (kb2509503, kb2509461, kb2509488). I have reviewed every subsequent problem patch chart and can’t find follow-up/mention of any of these. Susan, are you still reviewing or have you reached a conclusion?

Reply | Quote

I see that I installed kb2509488 on 7/13 and have not had any problems. Not sure what prompted me to do it, maybe just figured it had been hanging around so long. :rolleyes:
I don’t have the others in my hidden file so guess I didn’t get them. Will be interested to see what the correct answer is.

BJ

Reply | Quote

My system was down recently, & I had to reinstall Win7 and probably missed an issue or two of WindowsSecrets. I held off on reinstalling some updates which hadn’t been given a green light at the time my system went down. I have identified all but 4 for which I haven’t been able to find a recommendation – KB2286198, KB2419640, KB2475792 & KB2454826. Did I miss something somewhere?

The patch table is really a great tool and you provide a lot of peace of mind with the screening you do.

Reply | Quote

Any word on KB2538242 Security update for Visucal C 2005 Service Pack 1?

Reply | Quote

I’ve got 4 MSOffice updates waiting. Nothing in chart on (KB2553310) (KB2553310) (KB2553290) (KB2553323). Does that mean they’re save to install?

Reply | Quote