UPDATED 11/04/09: Microsoft has revised two of the critical updates it released during its epic October Patch Tuesday to fix bugs in the patches. A reader writes to inform me that one buggy patch, which breaks Office Communication Server, has not yet been fixed has been fixed via another patch that OCS users can obtain and install manually.
The two revised patches are MS09-054, which fixes a critical hole in Internet Explorer and MS09-062, which fixes the infamous GDI bug. The new version of MS09-054 was released on Tuesday. It contained a bug that, for some users, caused IE8 to have problems displaying pages and executing Visual Basic scripts. Microsoft will be pushing the revised patch out through its various automated update systems including Windows Update.
The revised MS09-62 fixed a dangerous vulnerability with Windows Graphics Device Interface that could allow a malicious graphic to infect a computer. Images that use GDI are everywhere on the Web from ads to Silverlight. The revised patch notes several more products or versions that are affected, including various versions of Visio, and noted one that was immune, SQL Server 2008 Service Pack 1. The revision also fixed a problem with installing the patch on Windows 2000 Service Pack 4.
Additionally, Microsoft updated a patch originally issued in August, MS09-043, so that it would install itself on Microsoft Office 2003 Service Pack 3 and Microsoft Office 2003 Web Components Service Pack 3. There were no bugs fixed in the patch itself.
In the meantime, OCS users should manually download and install a fix for the no word has come for the unfixed bug MS09-056 patch which addresses a vulnerability in the Windows CriptoAPI used in most Windows clients (from Windows 2000 through Windows 7). The patch breaks most versions of Office Communication Server causing the client to think it is running an expired version of the OCS component. For now, Microsoft recommends that OCS users do not install the critical patch while it investigates a solution. The fix can be found at http://go.microsoft.com/fwlink/?LinkId=168248
Like this post? Check out these others.
- Windows Server 2008 R2: Security Changes and Additions Part III
- AppLocker in Server 2008 R2
- Microsoft Linux: Why one free software advocate wants it
- Are you ready for Windows 7 and Windows Server 2008 R2?
- Torvalds offers a thumbs-up to Windows 7
- Exchange 2010 Prerequisites Made Easy
- Microsoft, Dell, Spectrum Bridge launch first public white spaces network
- 7 tools for Windows 7 rollouts
Plus, visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Follow All Microsoft Subnet bloggers on Twitter
Follow Julie Bort on Twitter
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, and is written by Online Community editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
The Leader in Network Knowledge
Microsoft has released a
Microsoft has released a manual patch for OCS to fix the problem caused by MS09-056.
Post new comment