![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Freeware outdoes Windows’ built-in system tools
In this issue
- TOP STORY: Freeware outdoes Windows' built-in system tools
- KNOWN ISSUES: Readers are vocal about EULA wording changes
- WACKY WEB WEEK: Office prank busts out more than laughs
- LANGALIST PLUS: Fine-tune your Registry for faster startups
- IN THE WILD: Malware may lurk in your browser's cache
- PATCH WATCH: Malicious media files could deliver exploits
Freeware outdoes Windows' built-in system tools
By Scott Dunn
Most standard Windows maintenance tasks can be accomplished using the utilities included with the OS itself — but that doesn’t mean those tools are your best option.
Whether you’re looking for an easier way to browse the image files in a folder, create a restore point, revert to XP’s Classic Start Menu, or customize your file associations, there’s a (free) app for that.
PC users have no shortage of things to complain about. But we can thank our lucky stars for one thing: free software that’s constantly being created, revised, and improved. I unearthed a handful of new or recently revised system tools that make your computing life a whole lot easier without costing you a red cent.
Skim through graphics and PDF files in a jiffy
If you can get past the program’s clumsy name, the Scientific and Technical Documentation Utility (STDU) Explorer is a file manager that beats Windows Explorer by providing superior preview and thumbnail options. The program is designed especially for previewing and managing such image-file formats as .psd, .bmp, .png, .gif, .jpg, and .wmf. You can also use STDU Explorer to view Acrobat PDF files and DjVu books.
The file manager lets you skim quickly through folders chock-full of image and PDF files. Finding the one you need is facilitated by STDU Explorer’s thumbnail previews, which you can enlarge, shrink, or otherwise customize on the fly. (See Figure 1.)
Figure 1. Use STDU Explorer’s slider control to resize file thumbnails on the fly.
The program’s preview pane is great for flipping through multipage files, and its familiar folder tree and Office-like toolbar simplify navigation and basic file-management tasks. One useful feature missing from the utility is an address bar for entering folder paths, but otherwise, STDU Explorer is a winner that works with all Windows versions.
You’ll find more information about the program and a download link on the product’s page.
Simple utility creates instant restore points
There are various ways to set a restore point in Vista and Windows 7, but none of them is notably quick or easy. For example, one such method is to click Start, right-click Computer, choose Properties, click System Protection, select Create, type a name, and click Create again.
Even if you devise a shortcut to SystemPropertiesProtection.exe, you still have to launch the applet and then take at least three more steps. With the free Quick Restore Maker utility, you simply launch the tool, confirm the User Account Control prompt, and wait while it creates a restore point for you. When it’s done, click Exit. (See Figure 2.)
Figure 2. Create Windows restore points faster and easier with the free Quick Restore Maker utility.
Quick Restore Maker has no other features, but sometimes the simplest tools are the best. Get your copy of the program on the Windows Club site.
Free and easy way to tweak Vista and Windows 7
In the not-too-distant past, Microsoft provided the free Tweak UI utility that let you customize Windows via the simple point-and-click metaphor rather than having to dig into the Windows Registry. Unfortunately, there’s no Tweak UI equivalent for Vista and Win7 — at least not from Microsoft.
Ultimate Windows Tweaker is designed specifically for those two more-recent versions of Windows, and although it’s not a new program, the utility was recently updated to add even more Tweak UI–like capabilities. The program’s settings are presented on eight different tabs representing such categories as system info, personalization, performance, and security.
On the downside, the utility’s many checkbox options aren’t always clear. And unfortunately, documentation for the product is close to nonexistent. Consequently, I recommend this tool only for advanced PC users. If you try it out, be sure to click the handy Create Checkpoint button to make a restore point before you begin experimenting.
Ultimate Windows Tweaker is available from the Windows Club site.
Restore features removed from Vista and Win7
When you upgrade from XP to Vista or Windows 7, you may notice certain of your favorite XP features are missing in the new Windows releases. For example, XP’s Classic Start Menu is an easy way to launch dozens of programs with just a few keystrokes, but the option is gone from Windows 7. Many former XP users — among them, me — also miss the Explorer toolbar’s cut, copy, paste, and other buttons for performing common operations with a single click.
Classic Shell restores these and other useful XP features without depriving you of the new functions in Vista and Win7. After you install the utility, the Start menu behaves the way it did in XP; however, you can revert to the standard Vista/Win7 functionality by Shift-clicking the Start button.
The program’s optional Explorer toolbar appears on the right side of the menu bar, where it takes up as little screen real estate as necessary.
If you’ve missed these and other XP features in Vista and Windows 7, download your free copy of Classic Shell from the product’s page on SourceForge.
Uninstaller picks up where Windows leaves off
Absolute Uninstaller claims to go beyond Windows’ normal uninstall features; in my tests, the utility did just that. Often when you uninstall a program, it leaves behind settings, folders, and other items you no longer need. Absolute Uninstaller gives you the option of deleting these items automatically or browsing the ghost folder’s contents to review the leftovers before deleting them.
You can use the program to batch-uninstall when you want to eliminate many programs at one time. It also lets you remove dead or outdated entries in the list of installed programs or search for items in the uninstall list. All in all, Absolute Uninstaller provides a full-featured replacement for Windows’ built-in uninstaller, and at zero cost.
There’s just one gotcha to be aware of: by default, Absolute Uninstaller installs the Ask.com toolbar and makes it your default search engine. Be sure to uncheck those options in the installer if you don’t want them.
Absolute Uninstaller is designed to work with all Windows versions and is available from the vendor’s site.
Simpler way to customize your file associations
Prior to Vista, Explorer’s Folder Options dialog had a File Types setting that let you not only adjust programs associated with a particular file type but also edit the context (right-click) menu for almost every object on your system.
That feature is gone in Vista and Win7. In its place, Microsoft gives us the Default Programs Control Panel applet for modifying application, file type, AutoPlay, and other default settings. That works, but it’s a far cry from the simplicity of a directly accessible context menu.
If you’d like some of that lost functionality back — without having to edit the Registry — try Default Programs Editor. The utility duplicates most of the functions of XP’s File Types options and has a similar wizard-like interface.
But Default Programs Editor also does more. It lets you edit context menus, change file-type icons and descriptions, and remove a program’s associations with selected file types. (See Figure 3.)
Figure 3. The free Default Programs Editor brings you more features than Windows’ Default Programs Control Panel applet does.
Default Programs Editor works with Windows XP, Vista, and Win7. Get your free copy from the product’s page.
Have more info on this subject? Post your tip in the WS Columns forum. |
Scott Dunn is a contributing editor of the Windows Secrets Newsletter. He has more than 20 years of experience as a technical writer and editor and has won multiple business-press awards.
Readers are vocal about EULA wording changes
By Stephanie Small
Microsoft’s Web site often bears end-user license agreements (EULAs) that differ from the ones displayed to users during software installation, as described in a Feb. 4 top story by WS senior editor Woody Leonhard.
Whatever your feelings about EULAs in general, the idea that a EULA might change after that fact sparked a lively discussion among members of the Windows Secrets Lounge.
Art Johnson notes in a Lounge post how he uses a utility to quickly review EULAs for unusual provisions before he clicks the Accept button:
- “For several years, I have been using the tool called EULAlyzer, which is free for personal or educational use.
It is an easy job to analyze any EULA quickly and flag any text of interest, as well as to save that EULA within the app.
For WinXP Pro, EULAlyzer included fourteen paragraphs flagged to read, and it said:
Details: The license agreement above has a high calculated Interest ID. It’s extremely long, and there were many detected ‘interesting’ words and phrases.
On addition, you can submit online any EULA:
Built by our users, for our users. The EULA Research Center is built by the kind submissions from users like you. Submissions are used to enhance and improve EULAlyzer’s detection of potentially ‘interesting’ words and phrases, to better the experience for all of our users.
I never accept or agree to any EULA without first doing a ‘drag & drop’ of EULAlyzer’s plus [+] icon over it to capture it for analysis.”
EULAlyzer Personal is available for free as a download from the EULA Research Center site.
Bruce Waldie has a long memory of the way EULAs used to be, which often seems to be the way they’re still done, as he describes in his own post:
- “Microsoft has not changed its licensing tactics in years. I am still in possession of an envelope of 3.5″ diskettes for Windows 286. It clearly states ‘you must accept the terms of the license agreement inside before opening this envelope.’ I am not Superman, so it was a little hard to do.”
To comment on any of our columns, all Windows Secrets readers can get a free membership in the Lounge using our registration page.
If you’re already a member, or you’d just like to see the latest comments, visit Woody’s thread in the WS Lounge.
Readers Art and Bruce will each receive a gift certificate for a book, CD, or DVD of their choice for submitting comments we printed. Send us your tips via the Windows Secrets contact page. |
The Known Issues column brings you readers’ comments on our recent articles. Stephanie Small is research director of WindowsSecrets.com.
Office prank busts out more than laughs
![]() |
By Stephanie Small
Working the 9-to-5 office drill can drive you a little batty — unless you look for ways to liven things up a bit. Just don’t take it too far. Watch as this guy tries to spice up his routine with a seemingly harmless prank: taking unseemly advantage of the copy machine. What starts off as funny quickly turns into a big oops. Wonder what he’ll tell his boss to get out of this one … Play the video |
Fine-tune your Registry for faster startups
![]() |
By Fred Langa
A little Registry maintenance and tweaking can make your system boot faster. In fact, free Registry tools can improve all your system’s phases: startup, shutdown, and everything in between. |
These Registry mods will kick-start your workday
Melvin Billik successfully applied some Registry edits to improve his PC’s performance and is now looking for other speedup tweaks:
- “I enjoyed reading Scott Dunn’s Registry fixes article in the Jan. 21 Windows Secrets. I did try the fixes that will hopefully shorten my PC’s shutdown time. I think they’re working.
“Now I’m wondering whether there are fixes to shorten the boot-up time. My computer always takes about two minutes or more to boot to a usable state. I’ve tried a few assorted things — like limiting some of my startup programs — but I’m wondering about possible Registry fixes.”
You’re off to a good start if you’re already controlling the software that auto-starts at boot time. Doing that, and limiting the amount of housekeeping that Windows has to do at startup, are usually the very best ways to shorten boot times.
For a quick refresher on Windows startup management, see my Oct. 4, 2007, LangaList Plus column, “Reducing start-up software shortens boot time,” and my Oct. 11, 2007, piece, “Limit IE and Recycle Bin caches for speed” (third topic down in the column).
There are a few Registry-based options for speeding Windows startups, though they probably won’t deliver as much oomph as the above-referenced methods. But if you’re looking to wring every last bit of speed out of your system, the following Registry tweaks are worth a try.
These changes aren’t particularly difficult or dangerous, but of course, it’s always smart to make a backup before you do any serious maintenance work on your system.
- Clean out the clutter. Windows parses the Registry at startup. If there’s lots of junk in there, the initial parsing will take longer than otherwise. Two excellent and free Registry cleaners are Macecraft’s PowerTools Lite (site) and Piriform’s CCleaner (site).
- Defrag your Registry keys. The Registry is contained in one or more large files. Like any large file, the Registry can get broken into noncontiguous blocks. This slows access times because your hard drive’s heads may have to jitter all over the platter to gather the Registry’s separate pieces.
Having your Registry in one unbroken piece can speed access. To defrag your Registry, use Microsoft’s free PageDefrag (info/download).
- Condense your XP Registry. Many Registry-optimization tools for XP can reindex and rebuild the system in a more-compact form. For example, both PurifySoft’s Registry Purify (site; free to try for 7 days; $29.95 to buy) and Macecraft’s jv16 PowerTools (site; free to try for 30 days; $29.95 to buy) have Registry-compaction modes for XP.
Alas, Vista and Windows 7 use a different Registry structure and aren’t amenable to this sort of compacting.
And although this isn’t a Registry tip per se, if you’re looking for faster starts, keep your hard drive defragged. Windows loads a ton of software at boot, and a defragged disk makes this initial loading go faster.
With all these techniques, you’ll have done just about everything possible to make your boot times as fast as they can be!
Three options for running old software on Win7
Jeff Grigg is concerned about running essential — but very old — software on Windows 7:
- “I have two 5- to 6-year-old systems that are getting long in the tooth. Problem is, many of my programs won’t run under Windows 7. Some are absolutely necessary for my business.
“I talked to Dell and [was told] their new systems come only with Win7. So do I get a new system, wipe it, and reinstall XP? Is there an alternative that’s workable and takes advantage of the new hardware, or am I stuck with an old operating system and old hardware?”
No, you’re not stuck at all. In fact, you have three different options for supporting old software in Win7.
First, Windows 7’s built-in compatibility mode manages to run most software designed for earlier versions of Windows. You can read Microsoft’s official compatibility screed for Win7/Vista in the article, “Make older programs run in this version of Windows.”
If you prefer information from an independent source, read Windows 7 Forums’ article, How to Run a Program in Compatibility Mode in Windows 7.
Should Win7’s standard compatibility mode fail to get the job done, you can use the new OS’s heavy-duty compatibility engine: Microsoft’s free “XP Mode” add-on (info/download).
XP Mode is actually a special version of the old Microsoft Virtual PC and sets up an XP-based virtual PC within Windows 7. You view the virtual PC’s screen in a window on your regular Win7 desktop, though you can also run XP Mode full-screen, if you wish.
The XP Mode virtual PC has its own dedicated hard-drive area — borrowed from your main drive — and you can load and run software on it exactly as you would on a standalone XP PC.
In the unlikely event that your problem software won’t run even in XP Mode, try the free VirtualBox software (info/download) from Sun/Oracle. This virtual PC option is more complete than XP Mode and usually can run even the most ancient of apps, including raw 1980’s-era DOS software.
So if it’s time to upgrade, definitely go with Win7. The OS’s built-in compatibility tools and free add-ons give you all the benefits of a truly up-to-date system while also letting you access and use your old software.
Save local copies of Windows Update files?
Harold Moss used to speed reinstalls by bringing his system up to date using Windows Update files previously saved to his local drive. Unfortunately, the technique is no longer working:
- “I used to save all my Windows Updates for quick reuse when I do a clean install. But when I recently tried to install the saved Windows Updates, I failed and had to download all new ones. Updates are getting bigger all the time! Any advice?”
I’m guessing you’re running XP and your letter arises from the frustration of having to download nine years’ worth of patches, updates, and service packs. With an OS as battle-scarred as XP, those updates and patches really add up!
The update-reload failure may be a blessing in disguise, because I think it’s better to download fresh updates. For one thing, patches themselves sometimes get patched and otherwise modified, so it’s good to know you have the latest versions.
Also, Microsoft already “rolls up” patches in its service packs. Retaining each separate patch and service pack means you may end up with multiple copies of the same patch, only one of which is current. This not only wastes space, it also invites version confusion as the OS ages.
So instead of trying to repair your local patch library, you’re truly better off downloading fresh patches as needed. You’ll end up with a cleaner setup and a less-cluttered hard drive.
When updating XP in particular, consider that the age of your OS is the root cause of your frustration. After almost a decade of being pounded on by hackers, XP has amassed some serious scar tissue — otherwise known as patches and updates. The OS is really starting to show its age.
Perhaps after all this time, it’s worth thinking about giving XP an honorable retirement and replacing it with a newer, fresher, less–patch-encrusted operating system.
Where did all her music files disappear to?
Marilyn is having trouble finding and using her PC’s stored audio:
- “Is there somewhere I can actually find my music files listed in the Windows Media Player library? I’d like to back up my music, but so far I’ve failed to find [the files]. Without a backup, the thought of having to re-rip or download several gigs of music makes me faint.”
Unless you overrode the default settings, Windows Media Player stores ripped/saved music in standard locations. In Win7 and Vista, the normal music locations are the following folders:
C:UsersusernameMusic
C:UsersPublicMusic
In XP, the WMP music files are stored by default in:
C:Documents and SettingsusernameMy DocumentsMy Music
C:Documents and SettingsAll UsersDocumentsMy Music
Note that the default folder names all have the word “music” in them. This makes them easy to search for, no matter where they might be located.
If you’ve changed WMP’s default locations and folder names, open the program, right-click any song/track in your collection, and select Open File Location. Windows Explorer opens to the folder containing the music you selected. Odds are, the rest of your music is nearby; if you poke around adjacent folders, you should be able to find the missing audio files.
If for some reason you’ve scattered your files all over the place, search for the most-common music file types: .wma and .mp3. Doing so should turn up your missing libraries in no time.
To widen your search to other, less-common audio types, refer to the FileInfo.com audio page, which lists just about every audio file type. The same site also lists common video, image, and other file types, too.
One way or another, these steps will let you find all your music files!
Have more info on this subject? Post your tip in the WS Columns forum. |
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.
Malware may lurk in your browser's cache
![]() |
By Robert Vamosi
A new JavaScript exploit can enter your system via an encrypted public Wi-Fi network and either attack immediately or wait to be remotely triggered. As described at the Black Hat DC 2010 conference, the exploit is able to convert an encrypted https session into an unencrypted http session; and that’s just for openers. |
New threat to users of public Wi-Fi networks
As though we needed more evidence that surfing the Web from a public wireless network is dangerous.
At the Black Hat DC 2010 conference, Mike Kershaw showed how a malicious JavaScript converts an encrypted https session to an unencrypted http session. The malware then rewrites the Domain Object Model (DOM), leaving the system vulnerable to any number of attacks.
Even worse, the malware may remain in the machine’s browser cache indefinitely and continue to infect any network the PC connects to long after the user has left the local Wi-Fi café.
Kershaw, who works for Aruba Networks, is the author of Kismet (more info), an 802.11 Layer 2 wireless network detector. Kismet helps security professionals conduct penetration tests on wireless networks and detect rogue access points on the networks.
Swapping out a page’s good JavaScript for bad
Kershaw points out that a typical Web page has a lot of JavaScript running in the background; CNN.com, for example, has at least 500KB of JavaScript code, according to Kershaw. Unbeknownst to the user, a bad guy can add a malware script to the page or replace one of its existing scripts with a malicious one.
In his Black Hat presentation, Kershaw cited RFC1918, a paper published in 2009 by Robert Hansen (AKA “rsnake”) that describes various methods for owning virtual private networks — including the use of JavaScript backdoors.
For example, a client PC could be fed a malicious JavaScript file with a cache expiration set for 10 years. That means the script will execute every time the user visits that Web site — whether or not the person is on the public Wi-Fi network that was the source of the original infection. If it’s a news or weather site, you can bet the person will return to it often.
“Once you leave the Starbucks, you’re still owned,” Kershaw said.
The malware is particularly insidious because it can be triggered long after the initial infection, according to Kershaw. “No good attacks in the browser this week? Wait for a browser 0-day, then flip the switch to include malware.”
What you can do to prevent being victimized
Mitigations include using one browser on trusted networks and a different one on public Wi-Fi networks — regardless of whether they’re encrypted. Kershaw also suggests manually clearing the browser cache each time you sign off a public network, plus using the Firefox security add-on NoScript (more info) to block scripts on a site-by-site basis.
Keep in mind, however, that even “trusted” sites can host the malicious JavaScript, and browsing with JavaScript disabled is impractical for most people.
Additionally, Kershaw recommends shutting down the operating system between domain sign-ins — i.e., between browsing via an airport waiting area’s Wi-Fi network and reconnecting to the office network.
Adobe kicks off its silent Reader updates
In my Jan. 14 In the Wild column, I described Adobe’s plan to update its products automatically in the background. (The Adobe updater, installed on most PCs using the company’s software via an October 2009 update, was left disabled.)
In January, a few thousand installations of the Adobe updater were enabled for testing purposes. One of my computers is part of that beta; I know, because whenever I attempt to open a PDF file, the machine’s firewall requests that I allow the updater to phone home to Adobe.
While the Adobe updater hasn’t caused the system any problems that I’m aware of, it’s unsettling to know that Adobe is attempting to tinker with my machine without my direct knowledge or consent. The fact is, many popular programs now update automatically — Google Chrome and the latest version of Firefox among them — but only time will tell whether this is a good thing.
Have more info on this subject? Post your tip in the WS Columns forum. |
WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers.
Malicious media files could deliver exploits
![]() |
By Susan Bradley
Microsoft predicts attacks within 30 days, targeting a hole plugged by this month’s most-important Windows update. The patch for this vulnerability is rated “Critical” for all client versions of Windows and for most server editions as well. |
MS10-013 (977935, 977914, 975560)
Opening AVI files may allow remote-code attack
Of the mountain of Windows patches released this week by Microsoft, the one you should apply immediately to all the PCs you manage addresses a hole in Microsoft DirectShow.
MS10-013 (patch 977935) targets a vulnerability that allows maliciously-designed AVI and WAV files to take over your PC via remote-code execution. If your system has the vulnerable AVI filter and DirectX components, it may also be offered 977914 and 975560.
The fix for Windows 2000, XP, and Server 2003 could be delivered in one or both of these updates. One of my test workstations was prompted to download 15 patches, including both 977914 and 975560. (See Figure 1.) I expect many XP systems will be offered both patches.
Figure 1. This month’s critical updates for Windows XP fix multiple vulnerabilities, including one allowing an attack via an AVI or WAV file.
Don’t open any media files — regardless of whether you were expecting them — until you apply this critical Windows patch.
MS10-007 (975713)
Windows Shell vulnerability can lead to attacks
MS10-007 (975713) fixes a problem in the Windows Shell that will likely be exploited via attacks launched from compromised Web pages. What, exactly, is the Windows Shell? Whenever you interact with folders and files on your system, you’re doing so through the Windows Shell. A Web page may take advantage of this vulnerability in order to initiate a remote-code execution attack against your PC. Thus, it’s important to install this update as soon as possible.
MS10-006 (978251)
Critical Server Message Block patch for Win7
The first of this month’s two Server Message Block (SMB) patches — MS10-006 (978251) — is rated “Critical” for Windows 7 machines but is listed only as “Important” for Vista workstations. That’s an interesting twist: Microsoft’s newest operating system is at greater risk than its predecessors.
The SMB protocol is used to share files on a network and between computers. This vulnerability allows an exploit to take control of a system, often through a browser and particularly when the attacker tricks you into connecting to a malicious file-sharing server.
Considering the popularity of online file-sharing services, these types of attacks have, unfortunately, become more successful lately. Make this update a high priority, especially for any Windows 7 machines you might assume are immune to such vulnerabilities.
MS10-008 (978262)
Update removes five vulnerable ActiveX controls
MS10-008 (978262) deactivates five vulnerable ActiveX controls from Internet Explorer. The patch is rated critical for Windows 2000 and XP and important for Vista and Windows 7.
One of the five killbits delivered in this update targets a Microsoft Data Analyzer control. I don’t know of any applications that currently use this control, but it has been used in the past. Still, anytime I see an ActiveX patch, I know that data applications may be vulnerable.
If, after installing this patch, you discover one of your line-of-business applications stops working, uninstall 978262 and determine whether the application is back online.
However, I urge you to reinstall the update to confirm that it is indeed the cause of the balky application. If it is, uninstall it again and alert me via the Windows Secrets contact page so I can investigate the situation.
The four other ActiveX controls removed by the update include one from Symantec for WinFax Pro 10.3. This program is no longer supported by the company, which recommends you either update to the new version of WinFax Pro or apply this patch to remove the vulnerable control.
Also addressed by this update are killbits (Windows Registry flags that disable targetd ActiveX controls) requested by Google for its Desktop Gadget Control v5.8 and by Facebook for its Photo Updater 5.5.8. Last but not least, Panda Security requested a killbit for the ActiveScan Installer 2.
MS10-012 (971468)
SMB vulnerability could allow Web attacks
The second of this month’s two SMB updates, MS10-012 (971468) patches a vulnerability that doesn’t present a great risk, because attackers would have to be authenticated on your network to launch an attack. Otherwise, the worse that can occur is a denial-of-service attack.
In today’s bad-guy economy, an attacker’s goal is usually to get hold of your user IDs, passwords, and other sensitive information rather than merely shutting down your system via a DoS attack. Though still a concern, this patch isn’t as critical as the SMB patch described previously in this column, “Critical Server Message Block patch for Win7,” which refers to MS10-006 (978251).
MS10-015 (977165)
Kernel patch could be offered again and again
In past months, many Windows Secrets readers have reported receiving the same kernel patches repeatedly. MS10-015 (977165) may be one of these infinite updates. If your system has certain binaries (or files) in an unsigned state, this patch will be offered over and over and over again.
To break the cycle, follow the instructions in KB article 822798. Specifically, Method 3 in that article will eliminate the repeated updates. Here are the steps in a nutshell:
- Step 1. Click Start, Run, type cmd, and press Enter.
- Step 2. At the command prompt, type the following commands, and then press Enter after each line:
net stop cryptsvc
ren %systemroot%System32Catroot2 oldcatroot2
net start cryptsvc
exit - Step 3. Remove all tmp*.cat files in this folder:
%systemroot% System32 catroot {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
Now install the update again — for the final time. The vulnerability patched by this update has been widely discussed on the Internet, including several proof-of-concept attacks.
A few early reports indicate that MS10-015 causes a Blue Screen of Death for some Windows XP users. The same files that are updated by MS10-015 (ntkrnlmp.exe, ntkrnlpa.exe, ntkrpamp.exe, and ntoskrnl.exe) were patched last year by MS09-058 (977615), and a few BSODs were seen then, too.
Considering the inconvenience of this kind of crash, you might wish to wait until my next Patch Watch column before installing MS10-015. I haven’t seen any issues in my limited tests of this update. But my rule of thumb is to patch just a few computers immediately, and update others when I have time to deal with the problems that may arise.
MS10-009 (974145), MS10-011 (978037), and MS10-014 (977290)
Patches for internal ‘threats’ are low priority
Three of February’s security patches — MS10-009 (974145), MS10-011 (978037), and MS10-014 (977290) — address some interesting, if highly unlikely, avenues of attack. In the case of patch 978037, there is only one way the vulnerablity in the Windows Client/Server Run-time Subsystem (CSRSS) can be used to attack you: if the attacker signs in to a console and you sign onto that same console, later. The update affects only Windows 2000, XP, and Server 2003.
Vista and Windows Server 2008 are susceptible to the security hole addressed by 974145. However, an attacker can take control of the system only by sending specially crafted packets to computers with Internet Protocol version 6 enabled. Most people use IPv4 addresses, not IPv6.
The glitch patched by 977290 prevents a DoS attack on networks via specially crafted requests from an authenticated user on a Linux or Mac computer.
Frankly, whenever I see that a DoS attack is the highest risk a patch is protecting me from, I consider the possibility of a “denial of use” attack on my computer, should the patch go awry. That’s why these three updates are of note to network administrators but aren’t high priorities for Windows end users.
MS10-010 (977894)
Virtualization platform gets its first patch
Like the three patches described in the previous item, the vulnerability addressed in MS10-010 (977894) is of little conseqence to most Windows users. However, for server administrators — whether they run massive data centers or merely one or two servers virtualized in the HyperV server platform — this update is noteworthy, even if the only threat is a DoS attack.
This is the first patch impacting Microsoft’s HyperV server-virtualization platform. Though VMware has had its share of security patches, Windows Hyper-V has been glitch-free — until now. Knowing the tenacity of security hackers — and the complexity of HyperV’s underlying code — I have every confidence this glitch will not be the last.
MS10-003 (977896 and 979674), MS10-004 (975416, 973143, and 976881), and MS10-005 (978706)
Updates for Office XP, 2003 and Microsoft Paint
This month, your patching isn’t complete until you update Office XP and 2003 and Microsoft’s venerable Paint image editor.
An Office 2003 Dynamic Link Library (DLL) file — mso.dll — is patched via MS10-003 (977896 and 979674). The problem doesn’t affect Office 2007 or Office 2003 SP3, but it does apply to Office XP SP3 and Office 2004 for Mac. Opening a malicious Office file could result in a remote-code execution attack.
MS10-004 (KB 973143 and 976881) fixes a problem affecting PowerPoint 2002 and 2003. After you apply 973143 for PowerPoint 2002, you may be prompted to accept the licensing terms of the Office XP program — again — the first time you launch PowerPoint.
If you are using PowerPoint Viewer 2003, Microsoft recommends you uninstall that version via Control Panel’s Add/Remove Programs applet because the old release is no longer updated and will leave your system vulnerable. Instead, download and install the free PowerPoint 2007 Viewer.
A malicious .jpg file could be used in an attack exploiting the Paint vulnerability fixed in MS10-005 (978706). Once again, the Golden Rule of opening only files received from trusted sources stays true.
977074
Windows 7 stability patches aren’t so stable
On the second Patch Tuesday of each month — actually, the fourth Tuesday of the month — Microsoft releases “stability updates.” Lately, these patches have targeted problems with Internet Explorer 8 and Windows 7, but some of the updates address holes in Vista and XP.
In late January, Microsoft posted KB article 977074 to patch stability glitches relating to Windows 7’s sleep function. A few days after applying the update on my home network, I noticed the two Windows 7 machines on the network no longer went into sleep mode. I uninstalled the update and sure enough, the systems went into sleep as expected.
I reinstalled the updates, and this time both computers went to sleep as they should. Sometimes, problems occurring when a patch is automatically installed go away when the update is uninstalled and manually reinstalled. The method used to install a patch shouldn’t matter, but in my unscientific experience, it sometimes does.
A Microsoft TechNet forum post indicates some users have experienced Blue Screens of Death after installing patch 977074. Other than the sleep-mode glitch that was resolved by uninstalling and reinstalling the update, I haven’t seen BSODs on my Win7 machines. Should you be one of the unfortunate few who do get BSODs resulting from this patch, please let me know via the Windows Secrets WS contact page.
Have more info on this subject? Post your tip in the WS Columns forum. |
The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.
Your email subscription:
- Subscription help: customersupport@askwoody.com
Copyright © 2025 AskWoody LLC, All rights reserved.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Windows AI Local Only no NPU required!
by
RetiredGeek
2 hours, 11 minutes ago -
Stop the OneDrive defaults
by
CWBillow
5 hours, 13 minutes ago -
Windows 11 Insider Preview build 27868 released to Canary
by
joep517
7 hours, 39 minutes ago -
X Suspends Encrypted DMs
by
Alex5723
9 hours, 51 minutes ago -
WSJ : My Robot and Me AI generated movie
by
Alex5723
10 hours, 9 minutes ago -
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by
Alex5723
10 hours, 46 minutes ago -
OpenAI model sabotages shutdown code
by
Cybertooth
11 hours, 23 minutes ago -
Backup and access old e-mails after company e-mail address is terminated
by
M W Leijendekker
6 hours, 41 minutes ago -
Enabling Secureboot
by
ITguy
6 hours, 33 minutes ago -
Windows hosting exposes additional bugs
by
Susan Bradley
19 hours, 17 minutes ago -
No more rounded corners??
by
CWBillow
15 hours, 6 minutes ago -
Android 15 and IPV6
by
Win7and10
4 hours, 51 minutes ago -
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by
Susan Bradley
1 day, 7 hours ago -
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by
Alex5723
1 day, 10 hours ago -
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by
joep517
1 day, 4 hours ago -
Windows Update orchestration platform to update all software
by
Alex5723
1 day, 17 hours ago -
May preview updates
by
Susan Bradley
1 day, 5 hours ago -
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by
Alex5723
20 hours, 38 minutes ago -
Just got this pop-up page while browsing
by
Alex5723
1 day, 9 hours ago -
KB5058379 / KB 5061768 Failures
by
crown
1 day, 6 hours ago -
Windows 10 23H2 Good to Update to ?
by
jkitc
9 hours, 6 minutes ago -
At last – installation of 24H2
by
Botswana12
2 days, 9 hours ago -
MS-DEFCON 4: As good as it gets
by
Susan Bradley
5 hours, 53 minutes ago -
RyTuneX optimize Windows 10/11 tool
by
Alex5723
2 days, 21 hours ago -
Can I just update from Win11 22H2 to 23H2?
by
Dave Easley
19 hours, 49 minutes ago -
Limited account permission error related to Windows Update
by
gtd12345
3 days, 10 hours ago -
Another test post
by
gtd12345
3 days, 11 hours ago -
Connect to someone else computer
by
wadeer
3 days, 5 hours ago -
Limit on User names?
by
CWBillow
3 days, 8 hours ago -
Choose the right apps for traveling
by
Peter Deegan
2 days, 22 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.