MS-DEFCON 3: Get patched now

Topic

New Reply

With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s
[See the full post at: MS-DEFCON 3: Get patched now]

Reply | Quote

Replies

So is it OK to install Internet Explorer 8? If so, how should I configure IE8 for maximum protection? I am using Firefox, so I want to set up IE8 so I don’t have to worry about it.

Reply | Quote

Woody, you will let us know if any widespread problems result in such products as F-Secure Blacklight or AVG, won’t you?

Reply | Quote

Does this include the optional software, or just the high priority.
Thanks

Reply | Quote

I do not understand what it says in the link re killbit patch,so can’t I just install the other
things until you are clear in answering this question: should we install the killbit patch as offered, from the patch icon?KB973346

Meanwhile, I’ll install the rest.

Reply | Quote

Forget the old ActiveX Killbit KB960715 update.
What about the latest Killbit MS09-032/KB973346 update? Uh, you do know that KB973346 is cumulative and replaces KB969898, KB960715 and older killbit patches, right?

Reply | Quote

Woody —

I did as you advised and went (manually) to MS Updates to download and install all outstanding MS Updates. I unhid several updates which you had previously advised us not to install. But not all the MS Updates downloaded.

I was only able to get KB 971633 (DirectShow) by first undoing a MS Fixit which you have recommended, then going to the downloads from MS TechNet for a direct stand-alone installation of this patch. The same thing happened (without undoing any Fixits) with KB 961371 (OpenType Font Engine). But then things got weirder.

I have not even been offered the Out-of-Band ATL Patch (MS09-035/ KB 969706). I have not found any place from which to download this patch as a stand-alone.

All other MS Updates did download and install perfectly fine, including the other Active X Killbits Patches.

Is there any alternate site or page from which I can manually download and install the ATL Patch (MS09-035/ KB 969706)? What else may have gone wrong here? Should I undo one or all of the previous MS Fixits for the Active X issues (and which Fixits are these)?

Secunia Software Inspector (PSI Desktop Application) now shows no insecure programs or components. (Score 100 percent) Is this a reliable indicator that I am in fact fully patched regarding MS Updates?

For now, I intend simply to keep my security programs up to date and use Firefox as my browser, and watch for anything which looks like it shouldn’t be happening on my laptop. I run Windows XP Professional, SP3.

BTW, when updating to the latest version of Flash Player, the installer left behind an Active X Control in the Windows/System32/Macromedia/Flash folder, which I had to remove using a specialized File Shredder, as the Control seems to have been hidden from the Windows Explorer GUI/API. I strongly recommend completely removing the old version (with RevoUninstaller or something equally thorough) before installing the new Flash Player version, to avoid this problem. Secunia PSI is sensitive to the old Control.

Reply | Quote

Woody —

In case my just-entered comment does get posted, I have additional information. I have a C++ ATL Patch also dated July 28, 2009 (just like KB 969706) but with a different KB Number (KB 973923). It looks like this is the KB Number for those who still have Visual Studio/ C++ 2005, not the 2008 version, as their C++ Runtime Environment. I bet a lot of us XP users still have that version. The KB Number on the Out-of-Band Pa tch seems to be different for us. I could not upgrade to C++ 2008 last time I tried. So maybe I am fully patched after all?

Reply | Quote

Comment, Part Three:

The MS09-035 Update, when I search for it at Microsoft’s web site, does indeed correspond to either of the two KB Numbers (KB 979706 or KB 973923). Which one yu are offered does indeed seem to depend upon which version of Visual Studio/ C++ Runtimes you have on your computer, at least for Windows XP users. So cancel the Search Party — I am up to date acording to Microsoft. Windows XP users with older C++ Runtimes should take note of my findings.

Reply | Quote

I realize that it’s supposed to be cumulative, but I would only trust the Windows Update scan. There’s too much funny business with the killbits – some updates supercede the others. Susan Bradley has written about it.

Reply | Quote

You should go into Windows Update and install all offered patches.

Reply | Quote

Only high priority.

You should only update drivers if there’s a problem with your current driver.

Reply | Quote

Install it, update it, but don’t use it. Use Firefox.

Reply | Quote

Hey Woody-

I did as directed, and all is well. I did find one patch for my video card that was hidden, but the last time I downloaded a Radeon patch it totally jacked-up my system, so I didn’t install that one.

I wonder if I should though? I’m no good at these kinds of things.

Anyway, thanks for all the help.

Reply | Quote

Wood Dog,

Yesterday my £uc?+ng updates kept failing to install (error code 80246007) but when I tried today everything went okay. Best solution I’ve found is always turn commercial security suites OFF beforehand, and then download and install each individual update SEPARATELY. A major pain in the arse, but it seems to work this way every time. Yesterday I, erm, didn’t do it this way.

I’ve had an idea about how to improve the Micro$oft updates system considerably. Permanently attach one of those tazer dog training collars around Bill Gates’ neck, but modify it so that every time a Windows machine – anywhere in the world – displays an error message, ole Billy Boy gets zapped. He’d instantly buck his ideas up and get things sorted, I reckon. Gatesian Response?

Nice one Wood Dog.

Reply | Quote

Tim —

You should read the “MS DEFCON System” link at the top of this page and look look WAAAY down the page) at what Woody says about Microsoft Driver Updates (also known as “optional software” or “optional hardware” updates). Don’t do it — these usually will break your hardware Drivers. Instead, if you think you may need a driver update, go directly to the manufacturer’s web site and download their latest version. You will be glad you did it this way.

maghullyback —

Yes, security software, including firewalls, can wreak havoc with Microsoft Updates. Suspend or exit security programs once you are securely logged in to MS Updates (when you choose Custom or Express). It’s a bit risky to exit security software while on line, but this method minimizes the risk. When rebooting, remember to re-enable everything.

Woody —

My own updates went well, and I agree that the MS KB Number on MS09-035 was updated, but it is the same patch.

One of my favorite security programs — Super Antispyware — couldn’t handle the MS Updates, and the SAS Updater started crashing with a BSOD (Kernel Driver Memory Leak). Maybe it’s also a Comodo Firewall issue, but I have for the time being switched to Malwarebytes, which updates and scans faster anyway and has predictive heuristics in each scan. I may never switch back.

All else seems to be going well, except Secunia PSI still thinks Java Runtime (JRE) is insecure, with no existing patch or workaround. So it goes…

Reply | Quote

Is there an ‘AskWoody for Dummies’ site? Generally I find your advice very useful and good, but when I see a link like yours of “…and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web…” which takes me to an 87-page PDF of gobbledy-gook (I cannot see ANY reference to your point about their advice on how to “bypass Microsoft’s killbit patches”) I do dispare! How about just a couple paras from you on how to do this? Or a link to an understandable instruction? Cheers.

Reply | Quote

Al –

Sorry. I should’ve been more clear. The detailed instructions posted on the Web are cookbook instructions for cracking Windows – intended for the bad guys.

Right now, all you need to be concerned about is running through Windows Update and installing all the offered patches. It may take a while, but unfortunately it’s something you need to do…

Reply | Quote

Lat few days Internet Options wont open, so I can’t delete temp files and cookies. It seems since the install of KB973346 and KB961371 on 2 July 09. I dont want to restore as KB973346 looks important as I am on XP SP3 but do you think this is causing the IO not to open and how do I fix it. Thanks

Reply | Quote

Regarding anti virus software. I am currently using Mcafee. Can I also put the avg on my computer too?

Reply | Quote

Peter –

I have a long hate relationship with all of the big anti-everything packages. I strongly suggest that you get rid of McAfee, Norton, and any other package that claims to “do it all” in the protection racket.

AVG Free works fine, and it’s free for personal use. Avira works well, too. I’m currently running MS Security Essentials on many machines – it’s free, but it’s still in beta – and it works great.

The one thing you can’t do is run two antivirus products (or firewalls) at the same time. It’s begging for trouble.

Reply | Quote