• Microsoft releases critical out-of-cycle patch

    Home » Forums » Newsletter and Homepage topics » Microsoft releases critical out-of-cycle patch

    Author
    Topic
    #470784


    PATCH WATCH[/size][/font]

    Microsoft releases critical out-of-cycle patch[/size]

    By Susan Bradley

    When Microsoft releases a patch outside its normal twice-monthly cycle, it’s usually not one to ignore.

    Hackers are already attacking PCs, using the vulnerability fixed by the out-of-cycle patch in Security Bulletin MS10-046.[/size]


    The full text of this column is posted at WindowsSecrets.com/2010/08/05/06 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

    [/tr][/tbl]

    Viewing 10 reply threads
    Author
    Replies
    • #1237607

      Susan, for users who cannot or will not upgrade Windows 2000 or Windows XP SP2 or earlier, there are two less-drastic fixes than the Microsoft Fixit. These solutions are found in the following item from InfoWorld News:

      http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841

      Two security companies have produced their own workarounds. G-Data has a warning which makes an infected icon flash red, but does not prevent infection if a user double-clicks on then icon in spite of the warning. Sophos has a program which redirects shortcuts from the insecure Windows icon handler to more secure modified icon handlers written by Sophos. Either workaround may break things, but neither does all the damages which the Microsoft Fixit does. Your icons and shortcuts will still be there and will (in most cases) still work. And for those who have a Group Policy Editor, it is also possible to write a local Security policy which forbids the execution of .exe’s from non-C-Drive locations. Again, this may break some applications, but it does effectively block the exploits.

      -- rc primak

    • #1237692

      Hi Susan,

      I’ve recently moved to a new laptop with Windows 7 (x64). Windows update tried to install this patch for me but my computer hung during the shutdown (after I agreed to restart). I have NO32 v4 and perhaps this was the problem. I had to force the computer to power down by holding down the on switch. It restarted ok, but the update is in a “pending” state when I view my update history. I’ve ensured that NOD32 has the latest virus definitions per their instructions and restarted multiple times since. The update is still pending.

      The pending update is not listed in the Add/Remove programs list so I can’t remove it and when I try to manually install the patch from MS’s download site it tells me the update is already installed.

      Can you suggest what I should do?

      Thanks,
      Steve.

    • #1237757

      I have a Lenovo desktop with XP SP3 and Norton. I received the update notice, did the install and rebooted. I leave the computer on 24/7. Now, every morning I get a Windows update notice to install the patch. I shut off the notification altogether but it still shows up every morning. One would almost think this is a trojan horse.

    • #1237813

      Is there a fix for my relatives who insist on sticking with (shudder) WinMe?

    • #1238042

      Dear Susan,
      IE 8 on my desktop is *prevented* from downloading this patch by a real nasty problem from Intuit. At *every* site I visit, the Information Bar blurts out: “This website wants to run the following add-on: ‘QuickBooks Library’ from Intuit, Inc. . . .” For over a year, I have kiboshed the add-on; but, now, doing that also kills the offer from Microsoft Updates to load its installer!
      In Intuit’s Community Forums, an Intuit employee, Sharon433, promised — back in February — to post a fix, but nada all this time.
      Now that it’s not just annoying, is there *anything* you’ve heard/learnt about killing the QuickBooks Library pop-up, that could allow me to download Microsoft’s patch asap?!
      Anxiously yours, taxcpany (Yes, I’m also a CPA; so this vulnerability has ‘material’ repercussions which I’m seriously worried about!)

    • #1238359

      Hi,

      I keep getting Windows Update Error code 80071a3f when I try to install the update. I have downloaded it separately and then tried to install, no go either. I’ve also turned off most start up programs including virus stuff. Of course there is no such error on Microsoft’s site. Any ideas?

      What exactly is the point of creating errors codes that have no definition anywhere (that’s a rhetorical question–but if you have a snide reply, by all means).

      Chris

    • #1238365

      Hi Chris, and welcome to the Lounge!

      Are you running Vista or Windows 7? Although the stated issue in this thread involves the inability to install Vista’s SP1, the Update Error code is the same one you received. If you run through the recommendations listed in this thread, it might help in your situation. The System Update Readiness Tool referred to in the first answer post is fully compatible with all versions of Vista and Windows 7. Follow the steps listed to see if they help resolve your install issue.

      Hope it works out for you.

    • #1238374

      Hi Gerald,

      Thanks for your reply. I’m using Vista with SP1 on the problem computer, and I have seen and tried steps in from that post, although I cut the readiness program short because I hadn’t read those pesky details which said that basically it might run forever. So, I’m trying it again, but don’t hold out much hope as also in those details it mentions the errors it deals with, and mine is not among them. However, hope springs…. I’ll let you know one way or the other.

      Chris

    • #1238427

      Hi,

      Well I got it to work, but not by any of the recommend methods. So for those who are desperate to get Windows Update to work this might be your last option.

      I tried all the standard stuff, turning off virus/malware programs, disabling Firewall, disabling most services and startups. Nothing. So then I tried the Readiness Tool referred to in a previous post. Even that wouldn’t install never mind scan to determine update readiness. By the way, some updates were still installing while others, important ones unfortunately were not.

      So I was starting to mull over reinstalling Vista (sp1), but wasn’t exactly keen on the idea. So my last ditch effort was to uninstall all programs that I had little use for, or considered a possible suspect. There were very few of those. I also ran ccleaner, just well, why not. I had run it recently but still… It didn’t find much, and nothing suspicious. I rebooted.

      And Voila the updates installed. So, what happened? I really don’t know. By the way, all services and antivirus etc had be restored. My two best guesses are a program called Winbubbles, a tweaker type, which is portable (can’t be uninstalled) which I’d set back to all defaults. I didn’t have it set to anything that I thought might cause problems, but… And the other was a program called Msxml 4.0 sp2, there were two of them, so I uninstalled the earlier one. I have no idea what this was, but it seemed weird that there were 2, same name, version etc. If something doesn’t run at some point, well…

      So that’s my story. Still don’t know why a program spits out error codes that have no error message for them anywhere. The code was 80071a3f, and the message that related to it was just a general fix for unknown errors, and a misguided one.

      Chris

      • #1238520

        Hi,

        Well I got it to work, but not by any of the recommend methods. So for those who are desperate to get Windows Update to work this might be your last option.

        (…etc…)

        And Voila the updates installed. So, what happened? I really don’t know. By the way, all services and antivirus etc had be restored. My two best guesses are a program called Winbubbles, a tweaker type, which is portable (can’t be uninstalled) which I’d set back to all defaults. I didn’t have it set to anything that I thought might cause problems, but… And the other was a program called Msxml 4.0 sp2, there were two of them, so I uninstalled the earlier one. I have no idea what this was, but it seemed weird that there were 2, same name, version etc. If something doesn’t run at some point, well…

        So that’s my story. Still don’t know why a program spits out error codes that have no error message for them anywhere. The code was 80071a3f, and the message that related to it was just a general fix for unknown errors, and a misguided one.

        Chris

        Chris, first let me say that what you got may not have been an Error Code. It may have been a Stop Code, which only identifies the location within the program where it stopped running. This is often accompanied by a Blue Screen with a lot of gibberish.

        Next, let’s be clear about programs which tweak Windows, like Winbubble. These sorts of programs (my favorite for Windows 7 is TweakNow 2010) can perform a lot of nifty tricks, but they also mess with the Windows Registry. This can have disastrous consequences if the wrong Registry entries are “tweaked”. So resetting these tweaks to their original values was a wise decision. And running the Registry fixer in CCleaner can sometimes help with a slightly misconfigured Windows Registry. So, using CCleaner was also a wise decision. Next time, if you haven’t tried the CCleaner Registry fixer, see if that finds further errors which can be corrected. I have found this Registry fixer to be safe on my two laptops, but back up your Registry before making any changes. CCleaner offers to do this when you use its Registry fixer.

        As for MSxml, that is a markup language used for documents and some log files, not unlike HTML or javascript. The updates and service packs should remove older versions, and having multiple copies or multiple versions can cause many problems. So removing the older copies was also a wise decision.

        I am glad your Windows Updates issues seem to be resolved for the time being. If anything goes wrong in the future, feel free to post again.

        -- rc primak

    • #1238432

      Glad you got it solved Chris. Hopefully the steps you took will help other Loungers that may face the same issue.

    • #1238707

      Bob,

      Your message is rather condescending; I wasn’t looking for an after the fact teacher. I’m aware of pretty much all you wrote, even though I wasn’t explicit in saying so in some cases (the xml program comes to mind, of course I knew it dealt with xml, I just didn’t know how they got there, and please don’t explain). As to your explanation about Error code, versus Stop Code. If that were true, it would even make my point more strongly–miss-naming a code, giving it an elaborate name very similar to other error codes, which sounds like it should be researchable…)

      I had to push myself to write my previous post. I did so because I felt it might help some hapless soul who got the same or similar error/stop code and had no place else to go besides Microsoft’s misguided suggestions. I say misguided because in other places they actually say, in so many, words that those suggestions will not work.

      So your didactic condescending and pretty much pointless reply doesn’t encourage me to come back, or post anything of use here.

      Chris

      • #1238886

        Bob,

        Your message is rather condescending; I wasn’t looking for an after the fact teacher. I’m aware of pretty much all you wrote, even though I wasn’t explicit in saying so in some cases (the xml program comes to mind, of course I knew it dealt with xml, I just didn’t know how they got there, and please don’t explain). As to your explanation about Error code, versus Stop Code. If that were true, it would even make my point more strongly–miss-naming a code, giving it an elaborate name very similar to other error codes, which sounds like it should be researchable…)

        I had to push myself to write my previous post. I did so because I felt it might help some hapless soul who got the same or similar error/stop code and had no place else to go besides Microsoft’s misguided suggestions. I say misguided because in other places they actually say, in so many, words that those suggestions will not work.

        So your didactic condescending and pretty much pointless reply doesn’t encourage me to come back, or post anything of use here.

        Chris

        You misinterpreted my tone.

        Sorry if I gave that impression.

        I do not respond to personal remarks, based on past experiences here and elsewhere.

        Whether you choose to remain a part of the Lounge Community or not is your choice. I encourage you to remain with us, and just ignore folks like me, whom you consider to be condescending and didactic.

        And although my reply named you, it was also aimed at folks who have a whole lot less knowledge than you or I have, and who might be following this thread and wondering what we were talking about. I see every thread not as a personal conversation, but as a public forum, and many Lounge readers and participants are a whole lot less tech-savvy than you or I.

        Thank you for your feedback. Next time (if there is a next time) I will parse my replies to your postings in a less personal way.

        -- rc primak

    Viewing 10 reply threads
    Reply To: Microsoft releases critical out-of-cycle patch

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: