Are the January security patches still relevant?

Topic

New Reply

Good question from Reader P: I’m in Group B when it comes to updates — security is my only concern, I quit using IE years ago. I saw your Devcon 3 ra
[See the full post at: Are the January security patches still relevant?]

Reply | Quote

Replies

Reader P needs to bear in mind that even tho he isn’t using IE himself, if he’s running a machine with an OS that has IE as part of it then both the OS and other applications on his machine may well be doing accessing IE behind the scenes and it’s important therefore to keep IE up-to-date both in respect of the latest supported version and the monthly patch updates for it. It remains a weak point on your machine even if you never use it directly.

In Group B you therefore need to look out for IE updates as well as just the Windows security ones.

There are also separate security updates from time to time for other things like .Net Framework and Office of course. They too should be installed as appropriate for your machine.

Reply | Quote

Yes they are
there still a 3 weeks before February security patches
not a short period

Reply | Quote

Plus if you’re in Group B then security only patches aren’t cumulative therefore you need to install every month? Whereas if you’re Group A you play catchup each month with a cumulative roll-up.

@Woody : the instructions aren’t difficult if one has a modicum of experience and take care – just a pain!

Reply | Quote

+1

Reply | Quote

So I should probably unhide and install KB3212646 this point?

Reply | Quote

Are you Group A or Group B?

Reply | Quote

Thank you so much, Woody! Always a great help. Looking forward to the Lounge! Well done!

Reply | Quote

Group A. I have never seen this 642 on my update list.

Reply | Quote

If you’re in Group A, yep, go ahead and install the Monthly Rollup.

Reply | Quote

Thank you again.

Reply | Quote

Win 7 Group B. I downloaded and saved the January “Security only” update from Windows Update Catalog. I’ll install it later. There’s also an Update for IE-11 but it’s not a Security update (KB3210694). Should I bother with it?

WU is not showing anything other than the Group A monthly rollup and MSRT. No IE-11 update, no Office 2010 updates, nothing else.

Reply | Quote

Forget the IE update. You’re doing fine.

Reply | Quote

I wonder how this works, exactly.

Ever since I installed Windows 7, I’ve had IE “uninstalled” via the turn on or off Windows features dialog. While it doesn’t really and truly eliminate IE, it does come closer than it ever did on XP, despite all of the noise about the “block IE” concessions to the anti-trust investigators. IE came up fairly frequently back then, even though it was “blocked.”

With Windows 7, though, uninstalling IE triggers a dire warning about how IE is an integral part of Windows, and how disabling it might cause malfunctions, which sounds like it’s actually doing what I want it to. If something is going to try to access IE, I would rather it fail and give me an error message (or just not work) so I know it’s trying it rather than for it to happen silently.

Allowing the IE uninstall to go forward actually removes the executable from the Program Files and Program Files (x86) directories. I’ve never had IE pop up unexpectedly since then (the executable for IE is still in WinSXS, so it’s not “gone” gone).

Since I did that, I don’t recall seeing any updates for IE in Windows Update. There certainly are not any right now when I look, hidden or otherwise.

Any updates at all to IE would mean first upgrading IE to 11, I think, and there is no update listed, presumably because IE is “uninstalled.” To get the updates, I would have to re-enable IE 8 and then allow it to upgrade IE to 11. I thought about doing that and then “removing” IE, so that the remnants will at least be the updated ones, but that’s not possible by normal means.

If I did re-enable IE and allow the updates, it would then have IE 11 in the “add or remove Windows features” dialog, and checking the box to remove that just reverts to IE 8, which is then fully active and vulnerable.

It would seem that “uninstalling” IE really does what it says on the tin. I’ve taken ownership of the IE directories and deleted all the files therein except ieproxy.dll and not had any differences in behavior compared to the standard “uninstalling” of IE. Removing ieproxy.dll has had bad effects, though (I don’t exactly remember what, though). It was the only file that was locked by the OS in the IE directories, so narrowing down what component had to be put back wasn’t hard.

Reply | Quote