June 15, 2011

Microsoft on Tuesday released 16 software updates to fix at least 34 security vulnerabilities in its Windows operating systems and other software. More than half of the updates address flaws Microsoft rates “critical,” meaning the bugs can be exploited with little to no user interaction.

For organizations that need to test patches before deploying them, Microsoft said four of the updates deserve priority:

  • MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
  • MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
  • MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
  • MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical.

Another update, labeled “important,” fixes at least eight security problems in all versions of Microsoft Excel, including Office for Mac.

More information on this week’s updates is available at this summary. Updates are available from Windows Update and via Automatic Updates. You may want to set aside some time for this update package: Among the critical patches is an update for Microsoft’s .NET software, and .NET updates are typically bulky. If you experience problems after applying any of the updates, please leave a note about it in the comments below.


19 thoughts on “Microsoft Patches Fix 34 Security Flaws

  1. SFdude

    Brian,

    FYI – from gHacks blog 6/15 (today!):

    “Adobe Bulletin APSB11-18 … describes a vulnerability in Adobe Flash Player that affects Adobe Flash Player 10.3.181.23 and earlier on Windows, Macintosh, Linux and Solaris, as well as Flash Player 10.3.185.23 and earlier for Android.

    The vulnerability could be exploited to cause a crash which could allow the attacker to gain control over the affected system. Adobe has confirmed reports that the vulnerability is exploited in the wild in the form of targeted attacks on specifically prepared websites.”

    It’s a pain…

    1. Phoenix

      I downloaded an update yesterday that takes me up to … .26.

  2. Alan

    Ahh that’s great. I always love security patches. But until I had not update my Windows 7 – Ultimate 64-bit to Service Pack 1 edition. Do you think it is a good time for me to do the Service Pack upgrade and apply these 34 security patch?

    >.<

    1. Phoenix

      Perhaps you should p;hrase your question another way: Is this ma good time to be runninbg without important security fixes?

      1. Alan

        I last heard it is not recommended to upgrade to Service Pack 1 at the moment. Is this concept still apply? I don’t think it is safe to run without those security fixes based on Brian’s post 🙂

        1. Laav

          “I last heard it is not recommended to upgrade to Service Pack 1 at the moment.”

          You gotta be fucking kidding me…
          it was recommended since day one.

          1. Heron

            Actually, if memory serves, BK recommended holding off a bit at first, since some bugs needed to be ironed out. It’d be adviseable to update now if you haven’t already done so, though.

            1. Alan

              Ahh thanks Heron for the clarification. Patching now. Yah, that time I did hold due to BK’s post on the Windows 7 SP1 but after that I think i got kinda lost. Anyway, patching makes me feel better. Thanks again everyone.

        2. Heron

          Alan, I think the suggestion was to wait until the first update to SP1 was issued to download SP1.

  3. Heron

    The .Net updates didn’t take as long this time. I downloaded them separately from the rest of the updates.

  4. Lee

    Not on the subject, but this are good news and we’d like to hear your comments about it.
    A Michigan court has ruled that Comerica Bank is liable for a US$560,000 cyberheist, saying the bank should have done a better job to spot millions of dollars in fraudulent transactions after one of the bank’s customers was tricked in a phishing attack two years ago.

  5. Bob

    I installed all the latest updates plus the SP1. I had my first full system crash right after installing. My disk is full of errors from the crash but repairable with chkdsk/f — I hope. Anyway, not confidence inspiring.

    1. Heron

      Did you download SP1 separately first? That seems to be the logical way to do it.

      1. Bob

        Heron, Windows Update presented me with the list of updates, including SP1. I left them all checked for install. I don’t know the order in which they were installed. Anyway, all seems to be working OK now. Bob

  6. JohnJ

    Due to a past blue-screen-lockup during the reboot/installation phase, I now manually install updates, one at a time. That way, if something goes wrong, only one update needs to be uninstalled, increasing the chances of a successful recovery.

    1. Alan

      I used to do that just like you to ensure everything is smooth and preventing BSOD. However, I kind of ignored this good habit recently due to the time for my computer to create a restore point is taking too long. If the list of patches is long, it will take forever for me to completely update my Windows.

  7. Adnan

    Microsoft don’t test the product before releasing them, in fact they release raw products and we (the users) test them on our PCs and tell Microsoft they are flawed and then Microsoft gives us patches.. Who needs software tester???

    1. JCitizen

      You got that right as far as I’m concerned!

Comments are closed.