Microsoft Security Patches for the Month July 2010

Microsoft Security Patches for the Month July 2010

MS10-042/KB2229593 - Critical (XP)/Low (2003): This is the patch for the Help bug that was publically disclosed in June. You will want to apply it immediately. 745KB - 2.2MB

MS10-043/KB2032276 - Critical (W7)/Important (2008 R2): A problem with the Canonical Display Driver is allowing remote code execution attacks. Even though Windows’ randomization of memory makes it hard for this attack to execute code, you should install this patch as soon as you can. 475KB - 623KB

MS10-044/KB982335 - Critical (Office 2007, Office 2007): There’s a security problem in the Microsoft Office Access ActiveX controls which can allow remote code execution attacks. This fix resolves the problem. Since you should not be allowing untrusted Web sites to run ActiveX, you can wait until your next patch cycle for this one.  3.7MB - 10.3

MS10-045/KB978212 - Important (Office XP, Office 2003, Office 2007): This patch resolves an issue in Outlook that allows remote code execution attacks with the same rights as the logged in user if the user opens an attachment. Microsoft downgrades this because of the limited rights, but I think it is much more important due to it being an issue with opening attachments. I suggest that you install this patch quickly. 4.2MB - 12.5MB

Other Updates

KB982300 - An update for Windows 7 and Server 2008 R2 to resolve an issue where some computers crash on restart if they have certain LSI 1394 (FireWire) controllers. 160KB - 200KB
“The Usual Suspects”: Updates to the Malicious Software Removal Tool (11.5MB - 11.8MB) and Junk Email filters (2.2MB).
Changed, but not significantly:
Platform Update for Windows Server 2008 and Windows Vista (KB971644)

Updates since the last Patch Tuesday

There have been a number of minor items added and updated since the last Patch Tuesday:

.NET 3.5 SP1 update for 2008 and Vista (KB956250) 2.0MB - 6.3KB

Update for the Active Directory Domain Services Best Practice Analyzer for 2008 R2 x64 (KB980360) 276KB

Update for Windows 7 and 2008 R2 to work better with apps designed for Vista (KB980846) 529KB - 1.4MB

Windows Media Player Cumulative Update for Vista (KB981078) 10.2MB - 11.0MB

Compatibility Update for Vista, Windows 7, 2008, and 2008 R2 (KB982519) 1.7MB - 4.0MB

.NET 2.5 SP1 and 2.0 SP2 Update for 2003 and XP (KB982524) 116KB - 313KB

.NET 3.5 SP1 update for Vista and 2008 (KB982525) 2.0MB - 6.3MB

.NET 3.5 SP1 update for Windows 7 and 2008 R2 (KB982526) 1.9MB - 6.2MB

.NET Client Profile 4 for XP, Vista, and Windows 7 (KB982670) 2.0MB - 43MB

.NET 4 for XP, Vista, Windows 7, 2003, 2008, and 2008 R2 (KB982671) 2.0MB - 54MB

Changed, but not significantly:

• MS10-026 Security Update for Windows 2000 (KB977816)
•  
• MS10-035: Cumulative Security Update for Internet Explorer (KB982381)
•  
• MS10-041: Microsoft .NET Framework 3.5 Security Update for XP and 2003 (KB982865)
•  
• MS09-061: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for 2000, XP, Vista, and 2008 (KB953297)
•  
• Update for Windows PowerShell 2.0 and WinRM 2.0 for Windows Server 2008 (KB968930)
•  
• Update for Best Practices Analyzer for File Services for Windows Server 2008 R2 x64 Edition (KB981111)