Monday, 11 April 2011

Microsoft Patch Tuesday for April 2011: A Preview


Well, we had a bit of a break last month with just a few Microsoft Security Updates. Most importantly, last month we really could not see any real application compatibility or dependency impact on our sample application portfolio of roughly 1000 application packages.

That said, Look out for April - we have a massive update coming. And our preview tells us that there are going to be some issues.

From the previous it looks like we have the following update profile;

  • 9 Updates rated as Critical, 8 rated as Important
  • 1 Update related to Elevation of Privilege
  • 15 updates to resolve Remote Code Execution issues
  • 1 Update is related to potential Information Disclosure issues

I have created a chart that details the affected platform here:



Note: I have BOLDED the interesting updates, and the * for the Windows 7 and Server 2008 platforms relate to both 32-bit and 64-bit platforms.

You can read the preview here: http://www.microsoft.com/technet/security/Bulletin/MS11-apr.mspx

As we do every month, I will post an update on the sample results from out test portfolio on the potential application compatibility issues that each Microsoft Security update may present.


3 comments:

JackRussell said...

One of the MS hotfixes patched mfc42.dll, and this change has broken one of our old applications. And given that the application involves explorer extensions, it causes the windows explorer to appear to hang.

I have done some debugging - it seems to be related to changes that MS made to the CArchive class.

What I want to know is who do I contact about this? MS doesn't seem to want to make it easy for people to report these types of compatibility problems.

greghudd said...

I am hearing my pal on the cell phone going over a service issue where it sounds like a win7 customer broke citrix with this service pack... Anyone having similar experiences?

Ben Cook said...

JackRussell: The hotfix which updated your file is MS11-024: http://support.microsoft.com/kb/2506212
I think your best bet would be to speak to the software vendor. You could uninstall the patch but this isn't recommended as your system may be vulnerable to attack as described in the URL above.
ChangeBASE AOK has a module called 'Manage-It' which can scan Microsoft patches and check if there will be issues such as this with your existing app estate before you deploy the patches. It's a great tool to prevent this sort of issue from occurring.
If you need further info contact sales@changebase.com.