Do you want to protect yourself against BlueKeep, or break Visual Basic?

Topic

New Reply

Gawd this is tiresome. If you read somewhere that you have to install the August patches, even though you read somewhere that you can’t install the Au
[See the full post at: Do you want to protect yourself against BlueKeep, or break Visual Basic?]

3 users thanked author for this post.

WildBill, Bluetrix, geekdom

Reply | Quote

Replies

Isn’t this a defcon 1 situation at this point, Woody?  Installing the August patches is actively breaking a variety of business-critical applications.

Reply | Quote

There doesn’t appear to be a need to do any patching at the moment. Reports are still coming in — and most describe difficulties in either installation or system operations.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I am, reluctantly, going to move forward with the August patches (~500 PCs) and will just deal with the breakage on a case by case basis.

The fairly catastrophic downside should an exploit for the latest RDP RCEs begin to circulate trumps the annoying, but not earth-shattering, impact of breaking some apps here and there.

Situations like these make me really despise the all-or-nothing approach MS has taken with these forced rollups. And I don’t think it’s done a d*** thing for patch reliability, like they claimed it would.

 

Reply | Quote

Bah. Humbug! DejaBlue hasn’t appeared for real, & previous patches from July should have already patched various Windows versions for it. I’ll take the chance that a piece of The Falling Sky hits me; I’m staying inside anyway, thanks to the 100-degree-plus temperatures south Texas has been getting for the last week or 2. MS-DEFCON 2; Don’t Patch unless it’s Really Pressing. Still waiting for at least MS-DEFCON 3…

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Yes that and also I get Norton Security Suite “free” from my ISP as part of my Internet Service and that’s maybe not the best solution but it’s included in my bill(Use it or Not). So the Virus/Firewall protection  and realtime protection can not disabled long term in order to install any KBs that may have some necessary DLLs/other removed by the Security software because of that SHA-2 only code signing that MS moved to.

Maybe MS/Security Software vendors should have made sure that the Security Folks’ products all worked properly with the New KB key signing updates as that security software is just as necessary for security as MS’s latest round of security patches.

Maybe  MS’s IE/Edge and all the others browsers need a top level No-Script button built into the Browser for times like this when MS’s KBs can not be installed because they break things and we all Know  where the nastiest vulnerabilities are enabled via that scripting attack vector. And that’s mostly nefarious  scripts being pushed out packaged with all that annoying ad content. If they really want to stop anything nefarious then they need to look no further than Ads running scripts and those scripts/script pushing servers not properly vetted and secured.

So its DejaBlue and there will be a DejaBlue all over again… And so both MS/Vendors  maybe need to make sure that any security software is properly vetted against any new KBs/Servicing Stack KBs and changes because that security software is the first line of defense.

With so many regular MS employees on vacation this time of year maybe that SHA-2 deadline should have been in September or October instead of summer time/August.

I’ll install the July Windows 7 Security Only Patch if and when MS’s reissues that patch without the Telemetry included and am looking froward to the time that I’m able to install the August windows 7 Security Only Patch if it has been vetted as having no Telemetry included. MS/Symantec Get cracking  with a fix for that SHA-2 issue ASAP.

Reply | Quote

[ek]

I don’t ever need or use RDP.  So, I just disable RDP in Windows AND make sure my home firewall to blocks inbound & outbound RDP. Done & no need to patch.

But if you are a mobile user with Windows on a laptop (ie: no external firewall you control) and/or need RDP & VB, then I feel your pain.  Tough decision.

• This reply was modified 5 years, 9 months ago by ek.

Reply | Quote