|
|
| |
| |
| |  There's a potential problem the bad guys are scoping out right now, and it's fixed by MS08-037. Nobody's cracked the DNS problem on Windows machines, but the situation is scary enough - and attracting enough attention - that I think it's prudent to patch.
Details on my
main page. | |
| | I have a rating system that lets individual Microsoft consumers know when it's safe to install patches. I call it the Microsoft Patch Defense Condition Level, or MS-DEFCON for short. It's modeled after the US armed forces DEFCON system.
MS-DEFCON 1: Current Microsoft patches are causing havoc. Don't patch.
MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.
MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you're affected and if things look OK, go ahead and patch.
MS-DEFCON 5: All's clear. Patch while it's safe.
Note that the MS-DEFCON level applies to Windows XP Service Pack 2 systems only. I assume that you have a firewall installed, an up-to-date antivirus program (I use AVG Antivirus, which is free for personal use, and have recommended it in all of my books for years), some form of hardware protection, and a good scumbuster, as described on the Security Baseline page of the Windows Secrets Newsletter. The MS-DEFCON level also assumes that you're using Firefox 2, not Internet Explorer.
I firmly believe that Windows Automatic Update is for chumps, and I've said so for years: go ahead and let Microsoft notify you when it wants to install something on your computer, but don't blindly allow the 'Softies to install whatever they want. Follow the instructions in any of my books to disable automatic updating, or click Start | Control Panel | Security Center and take it from there.
In general, I apply Windows Defender updates and Outlook Junk E-mail Filter updates as soon as they're available. Why? Microsoft hasn't screwed up any of those too badly - and the one bad Junk E-mail Filter update was patched quickly. You're better off applying those updates than letting them slide for a week or two.
Many of you have written asking about non-critical updates. Unless you have an immediate, painful, obvious reason to install one of them immediately, I'd avoid them like the plague. Microsoft has really screwed up several hardware patches, in particular. Don't trust Microsoft to deliver hardware updates; go to the hardware manufacturer's site and install them manually. If your computer stops working, you only have yourself to blame! | |
| | Few patches have caused as much confusion as this one.
As part of the July Black Tuesday crop, Microsoft tried to push out one giant bunch of patches for its bloated .NET Framework 1.0, 1.1 and 2.0. (In case you didn't know, .NET Framework adds a programming infrastructure to Windows. It's kind of an uber-program that makes it easier to write other programs.)
As of this writing, the KB article is up to version 10.0. Simply incredible.
The best suggestion is, if you have .NET Framework 1.0, 1.1 or 2.0, you should upgrade to .NET Framework 3.0, which isn't nearly as buggy. Unfortunately, upgrading can break certain applications, so you're kinda left between a rock and a programmatic hard place.
If you find yourself struggling with MS07-040, be sure to check out Philip Elder's MPECS Inc blog, which contains all sorts of bug-busting suggestions.
UPDATE November 4: I just checked and the KB article is up to version 12.0, with the latest update (and presumably a fix) posted on November 1. Microsoft has been patching and re-patching this patch for almost four months. Wotta mess. | |
| |  Based on my Windows Secrets article:
This patch, billed as a "microcode reliability update that improves the reliability of systems that use Intel processors" has been wreaking havoc. Although the patch appears to be directed at buggy Core 2 Duo chips (Microsoft hasn't released enough information to know for sure), many people with older chips got the patch anyway. The really strange part about the reported problems: as far as I can tell, the patch should only affect Core 2 Duo systems such as those using the E4000, E6000, T5000 and T7000 chips. But the people reporting the problems are running many different kinds of machines.
Check with your hardware manufacturer's web site (or your motherboard manufacturer's website) and upgrade to the latest BIOS version. The Windows-based BIOS flash programs make updating the BIOS relatively painless.
I also think its wise to remove KB 936357 after you've flashed your BIOS. It's a simple process. In Windows XP click Start, Control Panel, Add or Remove Programs, check the box marked Show Updates, then scroll waaaaaay down to Update for Windows XP (KB 936357) and click Remove. In Vista, click Start, Control Panel, and under Programs click Uninstall a Program. Click the link on the left that says View Installed Updates. Click once on Update for Microsoft Windows (KB936357) and click the Uninstall icon.
More details in
this news posting.
UPDATE November 2: Microsoft has re-released, once again, its "microcode reliability update" patch known as KB 936357. I talked about the poorly documented, apparently ill-conceived, and laughably implemented patch more than a month ago.
I strongly recommend that you NOT apply the patch if it's offered to you. Instead, figure out how to flash your BIOS, and solve the problem the old-fashioned way.
Thanks to EP, who noticed that the Knowledge Base article 936357 has just been updated to version 4.3. For reasons I don't understand, several sites are recommending that folks install the patch.
It's a load of garbage. Don't put it on your machine.
UPDATE November 29: Reader EP advises that Microsoft has changed the patch again, and if you look you'll see that they botched it once again. The Knowledge Base article is now up to Version 5.0. Apparently the patch has been re-issued for Windows Server 2003. I say "apparently" because the KB article says that the patch is from May 28, which doesn't match the patch, which is dated October 15. More details coming in this week's Windows Secrets Newsletter. | |
| | I'm seeing lots and lots of anguish over the April Black Tuesday patches. If Microsoft Update or Windows Update reports that it is "Searching for Available Updates" and then it goes out to lunch for a long, long, long time, well, you've been bitten by the latest round of botched patches.
I'm still not sure of the cause - much less the solution - but many people are reporting that installing the April patches makes Microsoft Update and/or Windows Update hit the 100% CPU utilization red-line mark during scans. "I am now not getting the svchost application errors, BUT automatic updates, or even manual Windows/Microsoft Updates, is causing near 100% CPU utilization for, well... on my own laptop (1200MHz Pentium M), which has yet to have had this updates problem thus far, got hit this month (April 2007). The rogue svchost.exe process used 14 minutes of CPU time just to show me what updates I had ready to install." "Even when the so-called patch(es) is installed it takes the updater much longer than it used to, to scan for needed updates."
This isn't a new problem. Heavens, no. Various patches have, on some machines, at some times, driven svchost to a frenzy. Automatic Updates are broken. As if you needed me to tell you that.
Jim Byrd reports, "I regret to say that I was told that this known issue requires too much
change to be implemented in a hotfix. A change will instead be implemented
in the next Automatic Updates client, which we are planning to release in Q2
this year."
"According to the feedback from Product Development team, this fix will be
published as a security update on the Windows Update site and the relevant
KB article will also be released by us. Therefore, we just need to keep the
system on the network up to date. In addition, the Product Development team
also indicates that the WSUS 3.0 client may contain this patch if this fix
can released timely. At that moment, we can also attempt to upgrade to the
WSUS client 3.0 to test the issue."
So there you have it, folks. Microsoft Update and Windows Update are broken big-time, but only for a small number of people. It appears as if Microsoft is fully aware of the problem, but we won't see a fix for quite some time.
I suggest you live with it. If Microsoft Update or Windows Update seem to take over your computer for 15 minutes, go get a latte and chalk it up to experience. If you doggedly want to try to fix the problem, follow Chairman Mow's advice and delete DataStore.edb. If that doesn't work, try Jim Byrd's advice at the end of this thread. | |
| | MS07-017 consists of a bundle of GDI-related patches which affect all modern versions of Windows, including (notably and damningly) all versions of Windows Vista. It fixes the notorious 0day Animated Cursor hole, but the patch breaks many programs. There's a lot of controversy about the patch. Here's my best take on what really happened.
Reading the tea leaves, it looks like Microsoft was ready to release MS07-017 as part of March's Patch Tuesday (which didn't happen at all). Apparently, Microsoft was aware of a conflict between MS07-017 and Realtek's High Definition Audio Control Panel. Apparently, Realtek was made aware of the problem and didn't fix its drivers in time to make March Patch Tuesday's cutoff. 0day exploits for the Windows Animated Cursor (ANI) flaw began appearing on March 29. With more than 400 "bad" Web sites dishing up live 0day ANI exploits, and a widely distributed infected ANI email message offering to show Britney Spears in the buff, Microsoft finally released MS07-017 on April 3.
Microsoft knew that every MS07-017 patched Windows XP SP2 computer would fail to run Realtek HD Audio Control Panel, spewing an incredibly inscrutable message:
Rthdcpl.exe - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
Simultaneously with the MS07-017 patch, Microsoft released KB 935448 that includes a hotfix which, when applied to an XP SP2 system, allows the Realtek HD Audio Control Panel to run.
At about the same time - probably a day before MS07-017 came out, but it's hard to tell for sure - Realtek released an updated version of the Realtek HD Audio Control Panel. This new version doesn't conflict with the MS07-017 patch.
Realtek's HD Audio Control Panel isn't the only program that's turned belly up with MS07-017 applied. Microsoft's official known issues site doesn't give any details about other problems. But here's what I've been able to piece together:
After you install MS07-017, if you receive the error message listed above, Rthdcpl.exe - Illegal System DLL Relocation, then (whether you know it or not) you are running the Realtek HD Audio Control Panel. Do NOT follow Microsoft's advice. Do NOT install the Realtek hotfix. Instead, go to the Realtek driver site and install the latest version of the Realtek drivers. That will solve the problem.
UPDATE: Microsoft has just posted a fix for folks who get the Blue Screen of Death after installing MS07-017. If you see a 0x0000007f Stop Blue Screen after installing MS07-017, this new patch is supposed to fix the old patch. Details in KB article 935843, if Microsoft ever gets it posted.
Here are the other problematic programs that I've been able to find:
After you install MS07-017, if you use both AVG antivirus and CrystalXP, you may get an error message similar to the one above with the title avgcc.exe - Illegal System DLL Relocation . Although the message would have you believe that AVG is causing the problem, in fact it's a complex interaction between the two. At this point the best advice is to uninstall the CrystalXP Bricopacks and refrain from using CrystalXP until the folks there get it all sorted out. You don't need to touch AVG.
After you install MS07-017, if you use Matlab 2007a, you may get an error message similar to the one above with the title startdir.EXE Illegal System DLL relocation. Several people have reported the problem in the newsgroups, but I haven't found a solution. In particular, the Realtek hotfix doesn't fix the problem.
CD-Tag has similar problems. The CD-Tag main page recommends that you download and install the Realtek hotfix. I can't find any independent confirmation on the Web that the hotfix actually fixes the CD-Tag problem.
TUGZip has the same problem. Apparently the Realtek patch solves the problem.
MiKTeX and Ghostscript also have the same problem, but the Realtek patch doesn't seem to fix them. I haven't seen any reliable information yet about how to fix things, short of uninstalling the MS07-017/KB925902 patch.
Will keep you posted.
UPDATE: Microsoft's KB 935448 now lists ElsterFormular 2006/2007, TUGZip and CD-Tag as afflicted programs. According to MS, the Realtek patch does solve the problems with all three of these programs (as noted above). No word yet on the AVG/CrystalXP conflict, Matlab, or on MiKTeX or Ghostscript. My guess is that the Realtek fix doesn't work with any of them, thus Microsoft hasn't documented anything. (In addition, CrystalXP digs deep into WinXP's internals, so Microsoft may never lend a hand with that one.) Time will tell.
ANOTHER UPDATE: Twelve days after the problems appeared, Microsoft updated KB 935448 with additional information about programs that don't work correctly after installing MS07-017. "Microsoft has confirmed that this problem affects AVG Anti-Virus Control Center (made by Grisoft, Inc), version 7.5; BMC PATROL (made by BMC Software, Inc), version 7.1; and BricoPack Vista Inspirat (made by CrystalXP), version 1.1... [and] Suunto Ski Manager (made by Suunto), versions 1.0.2 , 1.1, and 1.2." Apparently this version of the 935448 patch fixes problems with all of those programs.
Microsoft still hasn't acknowledged the bug's effect on MTopsoft. And I haven't heard anything about Matlab, MiKTeX or Ghostscript.
Finally, you need to be concerned about the order of updates, because MS07-008 stomps on this 935448 patch: if you install MS07-008 after you install the 935448 patch, you have to re-install 935448. Got that? | |
| | The SANS Internet Storm Center ran a report about a submitter who had significant problems with this patch - nothing dire, just a couple of pain-in-the-neck side-effects.
I see that Microsoft hasn't bothered to fix them.
Microsoft has not just one but two Knowledge Base articles describing problems with this patch. KB 927977 covers a minor pain in the neck, where a generated log file and its folder doesn't get deleted. KB 927978 also talks about the error message "Could not register type library for file c:\Windows\system32\msxml4.dll. Contact your support personnel."
This patch is a mess, but it looks like Microsoft isn't going to fix it. Go ahead and install it. | |
| | If you got tricked into installing the bloated, buggy ASP.NET, this patch is one of your just desserts.
Susan Bradley, in the paid version of Windows Secrets newsletter reports that she tracking three separate problems with installing this patch. In all cases, uninstalling .NET 2.0 and re-installing it clears up the problems.
Go ahead and try to install it. If you can't get it to install, shoot me a message. | |
|
|
|
| |
|
|
|
