Newsletter Archives

  • MS-DEFCON 2: Black Tuesday – no need to patch if you don’t use Internet Explorer

    Posted on February 11, 2009 at 15:51 CST by Comment in the Forums

    Microsoft just released four security bulletins, covering seven separately identified security holes. A couple of them could turn into something nasty, if the bad guys figure out how, but for now if you don’t use Internet Explorer 7, you should be OK.

    Yes, I said IE 7. The patch doesn’t involve IE 6.

    SANS Internet Storm center reports no known exploits for any of the new security bulletins, except the SQL Server fix, MS09-004 / KB 959420. Microsoft only rates that’n as “Important” because “An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.”

    No need to patch yet, unless you insist upon using Internet Explorer 7. Let’s sit tight and see what breaks.

    Windows Patches/Security

  • MS-DEFCON 2: Four security bulletins coming

    Posted on February 6, 2009 at 06:33 CST by Comment in the Forums

    Microsoft just announced that they have four security bulletins coming next Tuesday.

    Yet another Internet Explorer patch is rated “critical” as is the Exchange Server patch (which you probably don’t have to worry about). The two “important” bulletins, for SQL Server and Visio, may or may not affect you.

    All in all, it looks like a pretty ho-hum crop this month. Get everything patched up right now, then make sure Automatic Update is turned off. I’m raising us to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security

  • Windows 7 UAC insecurity “by design”

    Posted on January 31, 2009 at 09:53 CST by Comment in the Forums

    Microsoft’s taking a lot of flak over this one.

    It’s trivially easy to change the User Account Control settings in Windows 7 with a program. Long Zheng has posted full details, along with a proof of concept demonstration.

    By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.

    The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.

    I wonder how long it’ll take MS to patch it?

    Windows Patches/Security

  • .NET Framework 3.5 Service Pack 1 pushed in weird places

    Posted on January 30, 2009 at 14:53 CST by Comment in the Forums

    I just received an automatic notification on my 32-bit Vista machines, saying there’s a high priority update available. When I click through, I’m informed that Microsoft wants to update .NET Framework 3.5 to Service Pack 1.

    That’s a little annoying, but here’s the weird part:

    My Windows 7 Build 7000 machine isn’t getting nagged, and

    Several of my Windows XP machines are getting nagged, but they’re running .NET Framework 2.0.

    Where does Microsoft get off pushing a version upgrade of .NET Framework as a “high priority update”?

    Thanks to SB for the heads-up!

    UPDATE: Microsoft’s article

    KB894199 identifies this as the anticipated “out of sequence” patch I wrote about a few days ago. The KB article says:

    The Microsoft .NET Framework 3.5 Service Pack 1 is a full cumulative update that contains many new features that build incrementally upon the .NET Framework 2.0, the .NET Framework 3.0, and the .NET Framework 3.5. It includes cumulative servicing updates to the .NET Framework 2.0 and the .NET Framework 3.0 subcomponents. The .NET Framework 3.5 Family Update provides important application compatibility updates.

    So there’s something seriously out of whack: either the update is identifying itself incorrectly (Windows Update says it’s offering .NET 3.5 SP 1, when it may just be updating .NET 2.0 or 3.0), or somebody at Microsoft set things up so the wrong patch is pushed.

    Either way, you would be well advised to avoid the patch until it’s all sorted out.

    Windows Patches/Security

  • Conficker update

    Posted on January 29, 2009 at 09:09 CST by Comment in the Forums

    A week ago, my Top Story in Windows Secrets Newsletter discussed what was known about the Conficker worm, how to protect your PC, and how to get disinfected. (Some vendors call the Conficker worm “Downadup” but they’re just two different names for the same thing.)

    Much has happened since then. If you’re concerned about Conficker – and with many millions, if not tens of millions, infected, you should be – here’s what researchers have learned, and what you need to know.

    CERT issued a Technical Cyber Security Alert that contradicts Microsoft’s advice about disabling Autorun. Since Conficker seems to be spreading rapidly via infected USB drives, and even camera memory cards, it would be well to heed CERT’s advice.

    Eric Chien at Symantec has posted a series of blogs with many details about the worm. In order:

    Downadup Statistics

    Downadup Peer to Peer Payload Distribution

    Downadup: A Lock with No Key

    Downadup: Small Improvements Yield Big Returns

    Downadup: Attempts at Smart Network Scanning

    Downadup: Playing with Universal Plug and Play

    SANS Internet Storm Center reports that Conficker has successfully infected Windows Embedded machines.

    And lest you think some of the press is losing its perspective, drop by Rob Rosenberger’s Vmyths site for a hilarious, dead-on look at truth and fiction in the Conficker/Downadup milieu. Good on ya, Rob.

    Windows Patches/Security

  • MS-DEFCON 2: Another out-of-sequence patch coming

    Posted on January 27, 2009 at 07:17 CST by Comment in the Forums

    This time we aren’t sure what to expect.

    Microsoft Security Bulletin KB 894199 says that we’re going to get a bunch of patches on Tuesday, January 27. Most of them aren’t terribly interesting, although there’s a patch for Windows Home Server that could prove to be problematic.

    What caught my eye about the announcement is this line:

    New security content: To be announced

    That’s enough to make me raise the warning flags. We’re headed to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Keep an eye out for a possible out-of-sequence patch, warn your friends that a patch is coming, so if something really bizarre happens it might not be their fault. And be ready to apply the patch if the proverbial stuff hits the fan.

    Windows Patches/Security

  • One patch – hold off

    Posted on January 14, 2009 at 17:20 CST by Comment in the Forums

    As expected, Microsoft released just one security bulletin on Tuesday. MS09-001 (KB article 958687) deals with the way Windows handles Server Message Blocks.

    So far, Zero Day Initiative has only found ways to crash an unpatched system, not infect it.

    Sit back and see what happens. You have more important fish to fry. We’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security

  • Time to get caught up – even with Windows XP Service Pack 3

    Posted on December 30, 2008 at 07:59 CST by Comment in the Forums

    It looks like the December crop of Black Tuesday patches are working out. MS08-070, -072 and -074 all had documentation changes, but the patches haven’t caused any loud screams of pain.

    For those of you who haven’t installed Windows XP Service Pack 3, now is the time to do so. The biggest problem arises if you have an, uh, “ungenuine” copy of Windows XP – one that gets flagged by Microsoft’s snooper as being a pirate copy. The downside: if you install XP SP3 and you have an ungenuine copy of XP, your desktop wallpaper will turn black and you’ll get annoying messages down in the system tray – but that’s it. There are no other ill effects. You can even change your wallpaper, but SP3 will check every hour and make it black again.

    If you have problems installing XP SP3, take a look at Microsoft Knowledge Base article KB 950718 for suggestions.

    I’m moving us down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

    Windows Patches/Security
  • « Older Entries
    Newer Entries »
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.