May 2012

May 2012 Security Bulletin Webcast Q&A

 

Hosts:                Dustin Childs, Senior Security Program Manager, MSRC
                           Pete Voss, Senior Response Communications Manager, Trustworthy Computing
Website:             TechNet/security
Chat Topic:         May 2012 Security Bulletin Release
Date:                    Wednesday, May 9, 2012

Q: We did not deploy MS12-025 KB2656370, KB2656369, and KB2656368 last month because of printing problems and I have not seen a fix yet. Will I be able to deploy the two May .NET Framework bulletins without any issue? What about deploying the fixed MS12-025 after the May patches? 
A: You can deploy the May .NET updates before or after applying the updates made available through MS12-025.  There should be no conflict between these updates.  You can also reference KB2671605 for the status of currently known issues with MS12-025. This KB also lists workarounds to the known issues. 

Q: What is the recommended best practice from Microsoft to deploy MS12-030 with the known issue with Excel 2010?
A: Actually, there is a documentation error in this bulletin. There are no known issues with MS12-030. We will revise the bulletin to clarify that there is no known issue at this time. Speaking more generally, whenever there is a known issue with a bulletin we recommend customers review the information about the issue and test the update to determine possible impacts in the their test environment before deploying the update broadly in your production environment.

Q: So is KB2681578 going to be picked up by Windows Automatic Updates? I have scanned my servers and not one shows it as needed.
A: KB2681578 is just an identifier for MS12-034. All package KBs related to the bulletin are listed in MS12-034, and they are available in Windows Update

Q: Does MS12-035 tie to or change the previous MS11-100? If so, could it affect forms authentication if multiple servers are at different update levels?
A: MS12-035 does not tie to the previously released MS11-100.  There should be no conflict or issues with forms authentication between servers at different update levels.

Q: Has there been any feedback in regard to any issues arising from applying these patches?
A: We have no verified technical issues with the updates at this time. We have been made aware of a couple of documentation issues-- basically minor edits needed in a bulletin or two. Specifically, we have to update the mitigations listed for the TCP/IP bulletin (MS12-032), and evaluate the known issue statement for MS12-030. [Edited to add: These changes are both currently reflected in the bulletins.] 

Q: My question was really about deploying the .NET FX updates from this month if we did not deploy MS12-025? Are there any issues?
A: You can deploy the .NET Framework updates offered in MS12-025, MS12-034, and MS12-035 in any order.

Q: In our WSUS server, we are not able to find KB2604044 in MS12-035. Is this update being offered through WSUS? Which product and/or classification should be selected?
A: Security update KB2656353 is available through all standard deployment channels, including Microsoft Update, Windows Update, and the Microsoft Download Center. There were no changes to the security update files. Customers who have successfully installed either KB2656353, from MS11-100, or KB2604044, previously offered through this bulletin; do not need to take any action. Customers running Microsoft .NET Framework 1.1 Service Pack 1 on all supported systems except Windows Server 2003 Service Pack 2, who have not installed either KB2656353 or KB2604044, should apply the KB2656353 update immediately using update management software, or by checking for updates using the Microsoft Update service. 

Q: MS12-034 has no uninstall. Is there something administrators can do to mitigate this?
A:
MS12-034 fully supports removal for all operating system updates, all Office Updates, and all .NET Framework packages. Removal is scriptable in some cases, but in all cases you can use the Add or Remove Programs item in Control Panel. The interesting affected component is Silverlight. If you remove the Silverlight update it will remove the entire product, so you will need to re-install Silverlight after the removal.