Microsoft fixes threats to video and ActiveX

Topic

New Reply

	PATCH WATCH[/size][/font] Microsoft fixes threats to video and ActiveX[/size]
	By Susan Bradley Microsoft released a slew of fixes for Internet Explorer, Excel, and ActiveX — mostly for threats that are more possibilities than real. Excel gets the most patches, but there are critical updates to Adobe and Apple products, too.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2010/06/10/06 (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

FYI — One of the XP machines in our office, set up for automatic updates, suddenly could not launch any browser on Friday morning. Neither Firefox nor IE would launch, but put up a crash message instead. I looked at the System Restore points and found mention of the Silverlight update the night before. I uninstalled Silverlight, deleted all registry mentions of it, and ran CCleaner, and finally I could get the browsers to launch again. I’m not an IT pro, so my diagnosis/repair methods may not be orthodox; but that’s what I did, and the problem went away.

thanks for your great columns,
Stuart

Reply | Quote

A few months back I started an experiment in reducing my pc maintenance costs – and so far it has worked well with little or no downside! What did I do? I just deleted the following from my systems –
Java,
Silverlight
Flash
Adobe Reader (I use Foxit)
Firefox (I mostly use Opera – IE 8 when I have to)
.NET (not easy to uninstall – in the end I just deleted the .NET folder in Windows)

Months later I am a happy camper, and even have time spare to write this note!

Reply | Quote

A few months back I started an experiment in reducing my pc maintenance costs – and so far it has worked well with little or no downside! What did I do? I just deleted the following from my systems –
Java,
Silverlight
Flash
Adobe Reader (I use Foxit)
Firefox (I mostly use Opera – IE 8 when I have to)
.NET (not easy to uninstall – in the end I just deleted the .NET folder in Windows)

Months later I am a happy camper, and even have time spare to write this note!

So now how do you use the Internet? Without these RIAs (Rich Internet Applications), virtually none of the Internet will be visible, and web pages will not work.

You say you use Opera. This is not possible without at least the plug in versions of most if not all of these RIAs. And I hope you have been updating Foxit Reader, because it has had almost as many updates lately as Adobe Reader. A real alternative is Nitro PDF Reader (now in beta, and they say it will remain free forever) which also allows PDF editing, creation, and form filling, and has fewer security issues than either of its better-known competitors. (This is partly because Nitro does not integrate into the browser.) But because Nitro does not integrate into any browsers, you still would be faced with compromises.

Or you could just unplug all of your computers from the Internet altogether. That will have the same effect on “pc maintenance costs”, without the need to go through the removal process.

But you will never be able to use e-mail, go to the Windows Secrets site, or read the news on line again.

Good work. Keep it up. We all will continue to use the Internet in your absence.

UPDATE: I just had a terrible experience with the Firefox Flash 10.1 update installation. So not using Flash Player would suit me just fine, if sites like Hulu.com, ABC-TV, FOX-TV, and other Streaming Video web sites did not demand Flash Player and refuse to play with VLC Player. But unfortunately, nearly any hard-coded web page or specialized player will be Flash-based these days, so I am stuck with Flash Player for now.

-- rc primak

Reply | Quote

I would like to express my gratitude to Susan for her info on keeping our systems updated. I have run into a problem installing the latest patches referenced in your recent article. I have been trying to isolate the update that’s causing my problem which is in Vista SP2. Whenever I run the updates, I can no longer Remote Desktop to our office network system running Windows XP SP3, complete a scan using Windows built-in scanner on our network connected Brother Scanner Printer, and cannot print to this printer too. All of the programs start normally, but as soon as it appears to make the actual connection to each of these devices, the programs hang. So, I rolled back the system using system restore to prior to the updates and voila everything works as expected. Although I have not tried installing all of these updates one at a time and test, I did the ActiveX Killbits (KB980195) and the system failed as above, performed a system restore and works. So I tried the IE 8 update (KB982381) and the system failed, and again system restored and works. So, I’m thinking maybe something else is in the update that Microsoft offered that is an update to the update process or something without explanation. To test this I ran the Malicious Software Tool Removal Tool – June 2010 and the system worked after this update. With 7 of these updates all fixing the same issue of a remote attacker, I’m wondering if they might each contain the code that breaks my system.

The other updates are the two .NET 3.5 SP1 (KB979910 and KB982536), and three Security Updates (KB979482, KB979559, KB980218).

Since I’m getting to ready to leave the office now and won’t be able to troubleshoot further until Monday, I was hoping that someone may also have the same problems and a possible solution.

Thanks to anyone who can shed some light on this.

Geoff

Reply | Quote

In answer to:
#5 Geoff Holcomb

I have had numerous networking and Remote Access issues with my Windows XP, SP3 laptop ever since the botched MS Update MS10-021 (KB 979683) tried to install itself back in April of this year. It was reoffered over and over again, and after a chat session and phone support, I was told to uncheck the update, and tell MS Updates never to show me the update again. My hardware proved to be incompatible with this Windows kernel-level security patch, and it somehow messed up Network Connections. The patch unfortunately can not be removed last I heard, so I am stuck with a laptop which does not do Remote Desktop anymore, and has some other networking issues.

So perhaps it is not the Vista machine which is causing the problem, but the Windows XP computer, especially if it has rather old hardware or out of date drivers. Even if there were no problems updating the Wondows XP machine, it may have been altered by the update I mentioned, or by the IE8 rollup, or the ActiveX Killbits patches. Otherwise, more investigation may be needed.

I also read at https://www.askwoody.com about at least one Vista patch which has had similar unwanted consequences. Check out the June Black Tuesday writeup over there and the Comments for more details.

-- rc primak

Reply | Quote

In answer to:
#5 Geoff Holcomb

I have had numerous networking and Remote Access issues with my Windows XP, SP3 laptop ever since the botched MS Update MS10-021 (KB 979683) tried to install itself back in April of this year. It was reoffered over and over again, and after a chat session and phone support, I was told to uncheck the update, and tell MS Updates never to show me the update again. My hardware proved to be incompatible with this Windows kernel-level security patch, and it somehow messed up Network Connections. The patch unfortunately can not be removed last I heard, so I am stuck with a laptop which does not do Remote Desktop anymore, and has some other networking issues.

So perhaps it is not the Vista machine which is causing the problem, but the Windows XP computer, especially if it has rather old hardware or out of date drivers. Even if there were no problems updating the Wondows XP machine, it may have been altered by the update I mentioned, or by the IE8 rollup, or the ActiveX Killbits patches. Otherwise, more investigation may be needed.

I also read at https://www.askwoody.com about at least one Vista patch which has had similar unwanted consequences. Check out the June Black Tuesday writeup over there and the Comments for more details.

Thanks for the response, much appreciated. Your right about the Win XP being a possible part of the problem since I still can Remote Desktop into our Windows Home Server 2008 machine when I can’t access the WinXP machine with Remote Desktop after the updates are run. However, the printer and scanner are on our intranet and are not being controlled by the WinXP machine and I cannot access those after the update(s) too. Also, since the WinXP machine works fine prior to the update on the Vista machine suggests that the problem is in the update(s). I can roll back using system restore after the updates and all works fine. I will try to determine which of the updates do break the system and do some additional research.

Thanks again,

Geoff

Reply | Quote