Coping with Windows Live Hotmail Wave 4

Coping with Windows Live Hotmail Wave 4

By Woody Leonhard

Microsoft’s new version of Windows Live Hotmail brings several new features to the online-mail table.

Some of you have written me with tales of woe, cursing the new version and the Windows Live horse it rode in on and begging to get your old Hotmail back. Sorry, you can’t.

All is not doom and gloom. As you’ll see, the new Wave 4 Hotmail does have its redeeming social values. And if you’re still suffering through the changes, there are a few tricks that might make dealing with the newer, shinier version easier.

Hotmail has had a long and bumpy history. Fifteen years ago, Sabeer Bhatia and Jack Smith left Apple Computer and started a free e-mail service known as HoTMaiL. A year later, with more than a million customers in tow, Microsoft bought the company and renamed the product MSN Hotmail. Hotmail went through a dozen significant changes in the course of several years, with each incarnation promoted as making it “just like Outlook.” Of course, Hotmail isn’t anything like Outlook — not then, not now.

MSN Hotmail also suffered a couple of short-lived name changes, confusing everybody, but ultimately emerged as Windows Live Hotmail in 2009. Wave 4 might be a catchy moniker for Version 4, but it raises the embarrassing question of what happened to versions 1 through 3. I figure Hotmail’s up to version 100+. The various Windows Live components aren’t quite as long in the tooth, but some of them have been through dozens of changes, too. When I ask developers what they think Wave 4 means, the invariable response is, “Go ask marketing.”

Microsoft’s fighting for online eyeballs and a slick Hotmail helps. The numbers vary wildly, but a couple of months ago, one source put Hotmail’s share at around 20%. Yahoo’s Mail was north of 50% (counting visits to the Web site), Gmail came in at around 12%, and AOL Mail was at about 8%. However, a recent Wall Street Journal article (fee-based content) reports that Yahoo’s e-mail business just took a swan dive.

The stats don’t really matter. What’s important is that a huge number of Hotmail subscribers are facing potential problems as they are moved to Wave 4.

In my July 22 Top Story, “Windows Live shares your Messenger contacts,” I talked about privacy problems with beta versions of Hotmail and other recently updated Windows Live apps. Those problems still exist, but many of you will continue to use Hotmail anyway. I do — though I find myself using Gmail more, and better privacy is the reason why.

New features make attachments easier than ever

Wave 4 adds several useful new features to Hotmail. Many of them — such as the new built-in media viewers — don’t require any retraining on the part of Hotmail users. You can, for example, watch linked YouTube videos inside an e-mail message. Integrated Office Web apps support lets you work with Office documents within Hotmail — albeit in a limited Web-apps way.

SkyDrive integration works with little effort if you click on the correct button. (Michael Lasky’s June 24 Top Story steps you through the details on SkyDrive.) With SkyDrive, Hotmail lets you attach and send as many as an astounding 200 photos (each up to 50 MB) in a single message. You do so with these steps:

Create a new message, click Photos, and then click Create album on SkyDrive. Next, select the images you want to upload. Hotmail automatically uploads the files to SkyDrive (this can take some time, depending on the number and size of the photos) and creates thumbnails in your message. Status bars next to each thumbnail give its upload progress. (Note: you’ll have to install Microsoft’s Silverlight to upload the files to SkyDrive.)

The e-mail recipient has the options of admiring your thumbnails, clicking through to SkyDrive to view the originals as a slide show, or downloading the original files as a zip.

This new method has a couple of important advantages. It makes the size of e-mails containing photographs much smaller, and that saves time when the recipient opens the message. It also solves a Hotmail storage problem: in the old Hotmail, those monster image files lived forever in your Sent folder, soaking up storage space — unless you remembered to delete them. With Wave 4 Hotmail, image albums automatically disappear from SkyDrive after a month.

A warning: If you’ve ever e-mailed a bunch of pictures to yourself, expecting you could retrieve them some months later, you’re now out of luck. You can increase the expiration date on the album by clicking the link Edit album details, which appears in the upper-right corner of the Hotmail new message screen. SkyDrive lets you increase the expiration time to 90 days, or you can choose to store them permanently. There’s no way to change the default setting for all of your future albums — if you want your pictures to stick around for more than 30 days, you need to manually change the expiration date.

Take control of your inbox — carefully

If you’ve ever fussed with Outlook’s rules, you’ll immediately understand the appeal of Hotmail’s new Sweep function. You can automatically move all messages sent from a specific e-mail address into a special folder — one you created or the Junk folder. Here’s how:

• Step 1. Start in your Inbox. If you want to move all the messages into a folder that you set up, hover your mouse over the Folders link on the left, click on the small wheel icon, choose Add a new folder, and give your new folder a name.
• Step 2. Back in your Inbox, click on a message that comes from the e-mail address you wish to banish — er, sweep.
• Step 3. In the toolbar at the top of the Hotmail screen, click Sweep and then Move all from. Choose the folder you want to move the messages to and click Move all. If you want to set up a permanent Sweep rule, check the box marked Also move future messages.

If you’re a more trusting soul than I am, you can use Hotmail to manage your Gmail, Yahoo Mail Plus, or other POP3-based e-mail accounts — up to a maximum of four accounts. (Yahoo Mail Plus is a paid account service.) When you send a new message, you can choose which account appears in the From account box, although it will appear in a format like “From woodyxxxx@hotmail.com on behalf of woodyyyyy@gmail.com” — not exactly elegant.

(For information on managing multiple e-mail accounts in Outlook, see Lincoln Spector’s companion piece, “Managing multiple e-mail accounts in Outlook,” in the paid section of the newsletter.)

Hotmail now has a Conversation view — it groups messages by subject-line text instead of by chronological order. To flip into Conversation view, click on Inbox, Arrange by (upper-right corner of the Inbox), then Conversation.

Coping with the inevitable Hotmail gotchas

It would seem that Microsoft believes it has eliminated the major reported Hotmail Wave 4 problems. In a Hotmail forum, a moderator-locked Aug. 10 thread lists a few Hotmail issues and some workarounds.

If you look at the forum’s home page, a few hundred posters are still sounding out — some vehemently — about problems with Wave 4. Microsoft’s responses tend to follow a prescribed pattern. (I won’t say they have a bunch of canned responses, but many of them look, uh, amazingly similar.) If you’re experiencing a problem with the new Hotmail, check out the forum for any useful Microsoft advice and post a question if none of the answers fits your difficulties.

One final tip: After upgrading to Wave 4, some Hotmail users discover they can no longer get into their accounts (can’t log on, can’t read mail, or can’t send mail) by going to hotmail.com. A few can get into Hotmail by using Windows Live Mail, the heir to Outlook Express in Windows XP and Windows Mail in Vista. If you’re at your wits’ end and can’t get Hotmail to budge, follow the steps posted by Technogran (yes, that’s a contraction of “Techno” and “granny”) on her blog. It’s easy, and some people say it even works!

Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies — deliver the straight story in a way that won’t put you to sleep.

When is a script or batch file copyrighted?

By Keely Dolan

Freeware, shareware, and independently written scripts fall into a legal gray area that’s easily overlooked by most users.

It gets especially murky with scripts and batch files as they are modified, combined, and redistributed across the Net.

Most PC users find it easier to ignore the arcane and confusing intricacies of copyright law. But not Lounge member Dr Who. In his thread titled “What’s legal, and what’s not?,” fellow Loungers touch on the basics of copyright law and the ethics of sharing or taking ownership of software. More»

The following links are this week’s most-interesting Lounge threads, including several new questions that you may be able to provide responses to:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Keely Dolan is a Windows Secrets Lounge administrator.

Proper massage techniques for aging opossums

By Keely Dolan Has your older opossum lost some of its spring? Does he or she suffer from stiffness and reduced flexibility? In this informative video, we learn the basic techniques for proper opossum massage, including such advanced arts as shiatsu pressure points and chakra realignment. We must note that only properly trained opossum massage therapists should attempt this, so please do not try this on your local wildlife. Play the video

Security Essentials test drive — month 6

By Fred Langa After half a year of real-life testing, Microsoft’s Security Essentials anti-malware application is batting 1.000. All nine test computers — a mix of Windows 7, Vista and XP systems (including two portables with 20,000 miles of travel) — remain malware- and virus-free.

Looking for a better antivirus/security package

Conrad Ware asks a question that’s not only worthwhile on its own but also lets me give you a six-month update on my real-life test drive of Microsoft Security Essentials.

• “Over the past 20 years, I have used all the big-brand virus and Internet security software: McAfee, Norton, Kaspersky, etc. All of them did a great job doing what they were designed for — and all slowed my computers down to a crawl.

  “I am presently using Windows XP, but I plan to purchase a new laptop with Windows 7 Home Edition and want to use MS Security Essentials on it.

  “Tell me what you can about MS Security Essentials and if it’s OK to use as primary protection.”

Yes it is, Conrad.

Earlier this year, when Microsoft Security Essentials (MSE) was still new, I decided to put it to an extensive real-life test by making it the only full-time security solution on my daily-use and portable PCs. I then reported my initial results in the May 6 Top Story, “The 120-day Microsoft security suite test drive.” I also promised future updates.

So here it is: after six months of full-time use on nine different systems, MSE looks like a solid winner.

For my tests, I used Windows’ built-in firewall (on XP, Vista, and Win7) and a copy of Microsoft Security Essentials, which I allowed to run with its default settings. Over the past six months, my main PCs have been online 24/7 and my two portables have logged over 20,000 miles (32,000 kilometers) of use in hotels, coffee shops, cars, planes, ships, and other assorted public venues.

All the machines have remained clean. They’ve suffered no malware or virus infections whatsoever.

Figure 1. Microsoft Security Essentials kept nine PCs malware-free under wide-ranging real-world conditions.

Initially, I checked each PC’s health and security every few days, using a variety of on-demand AV scanners from vendors such as McAfee (Freescan), Trendmicro (HouseCall), and Symantec (Security Check). The scans never found anything.

Over time, as it became clear that MSE was doing exactly what it was supposed to, I reduced the frequency of these just in case backup scans to once or twice a month. (That’s good practice with any security tool. As the saying goes, “Trust, but verify.”)

I also scan my portables after trips. For example, I just got back from Canada, where I used my netbook for about a week in a wide-open, unsecured hotel hotspot. Once I got home, I scanned my netbook with the third-party scanners, and they found nothing. MSE kept the machine clean, even in potentially hostile public environments.

MSE is free and is available for every version of Windows (download/info). It’s small and fast and consumes very little by way of system resources. I can detect no MSE-induced slowdowns on any of my PCs — even the low-horsepower netbook.

Very simply, it works.

So I highly recommend MSE. Combine it with a firewall (such as the one built into Windows), and verify it with periodic just-in-case scans with free third-party software (as listed earlier), and you’ll have a free, efficient and self-maintaining security solution.

A dual-boot to no-boot problem fix using Bootrec

Tom Hughes is disgusted:

• “I have had it. I had a dual-boot system with Windows and Linux — first Ubuntu and later Linux Mint 7, 8, and then 9. Currently I have just Vista and LM9. Several times, Vista deleted the boot entry to Linux. Then on Saturday, it forced a chkdsk and somehow deleted the LM9 and the Vista boot managers. Now, I cannot boot into either. Only Vista shows up, and it goes in circles trying to boot. Even using the Vista Recovery CD, it says either that it fixed itself or that it cannot find an issue.

  “Running (not installing) Ubuntu Live from CD, I can access all of my data. I have copied my documents, my most recent Firefox bookmarks, etc., and program files to a working 500 GB extension drive.

  “Can you help me fix the Vista boot loader? I tried manually rebuilding the boot manager, but to no avail. I have tried several recovery CDs, and they do not show a Windows installation, even though I know that it is there.”

Sounds like you already tried the Vista and Windows 7 Startup Repair tool. But as you probably found out, it’s pretty basic. (All it can really do is replace missing or damaged system software components. See Microsoft’s official Startup Repair FAQ.)

Your problem isn’t missing system files, it’s mangled boot data. That’s a less common problem, and the tool that Windows provides for that repair is buried a bit deeper.

The tool is called Bootrec.exe, and it’s part of the Windows Recovery Environment in Vista and Win7. It can fix just about any boot problem. Bootrec.exe has four options, or switches:

• /ScanOS locates a valid Windows installation on your drive
• /FixBoot fixes (rewrites) the Boot Sector
• /FixMBR writes a fresh Master Boot Record
• /RebuildBcd creates a new Boot Configuration Data store

You can find complete how-to information for Vista and Win7’s Bootrec in MS Support article 927392.

(XP has its own version of Bootrec accessible through the XP Recovery Console. See MS Support article 307654 for complete information.)

With all the necessary boot data refreshed, you should be able to successfully start Windows.

Once Windows is running, you can then reinstall Linux. The Apcmag.com article, “How to dual-boot Vista with Linux (Vista installed first),” offers a step-by-step guide with screenshots.

And with that, you should be good to go!

Best updated-driver source for brand-name PCs

Gerald Greenberg wants to update his hardware drivers.

• “My computer is an HP Pavilion zd8000 that I purchased in 2005. I would like to update my drivers. Can you recommend a good program that will accomplish this task?”

HP, like most system vendors, offers free click-and-run update software for drivers. For instance, a general Web search with the term HP Pavilion zd8000 will quickly take you to an HP drivers-and-software page, where you can download the latest self-installing drivers available for your system. Piece o’ cake!

Because every major hardware vendor offers similar downloads, it’s normally quite easy to keep your systems up-to-date.

If you need or prefer an automated update method, search with the term automatic driver update — you’ll find plenty of options. But try the direct, free, update-from-the-vendor method first. You just may discover that it’s all you really need!

Resized XP recycle bin still way too large

Mike Lampton can’t get his Recycle Bin any smaller than 1.45GB.

• “In your August 12 Top Story, “Preparing Windows XP for the long haul,” you mentioned reducing the size of the Recycle Bin.

  “When I go into the XP Recycle Bin properties, it looks like the only option I have is to reduce it (using the slider) to 1% of the disk capacity — or 1.45GB. I did a search to see if I could find out how to reduce it to something a lot less than what it is but couldn’t find any solution. Is there a way I can manually specify the size?”

The Recycle Bin size-selection slider is the only direct way I know of to change the bin capacity in XP. (That rather annoying oversight is corrected in Vista and Win7, which let you either use a slider or manually type in the exact size you wish.)

But there’s an indirect way in XP, and that’s to control the size of your partitions.

With a single large partition (yours is 145GB), system maintenance — disk checks, defrags, virus scans, and such — will proceed much more slowly than on smaller partitions.

And as you found out, large partitions can also lead to wasted disk space when built-in system components use simple (and inflexible) percentages to set aside memory they might need.

You might do better by manually dividing your hard drive into several smaller partitions. This will speed disk maintenance, give you more storage flexibility, and also make your Recycle Bin less wasteful and more manageable.

There are many different tools available for the job. XP’s built-in Disk Management tool is basic but still can slice and dice an existing drive as needed. MS Support article 309000 shows you how.

A more feature-rich version of the Windows Disk Management tool is built into Vista and Win7. See the MS Help & How-to article, “Can I repartition my hard disk?” for more information.

You can also find a boatload of third-party partition tools with a quick spin of your favorite search engine. Some sites even specialize in freeware and free trials of partitioning tools. For example, check out TheFreeCountry.com and FreeDownloadsCenter.com.

Of course, altering your partitions isn’t a trivial thing. You should always refresh your backups before making any serious system change.

But with common care and sense, Windows’ built-in or third-party tools can make creating and resizing partitions a breeze!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Managing multiple e-mail accounts in Outlook

By Lincoln Spector Gmail, Hotmail, Yahoo Mail, Outlook — these days it’s common for PC users to have multiple e-mail accounts on multiple e-mail systems. With a bit of tuning, Microsoft Outlook can become Central Station for all those accounts.

Multiple e-mail accounts for multiple needs

There are many good reasons to keep an assortment of e-mail accounts. Separating personal and business communications tops the list. If you have extra businesses on the side, or you want to set up a disposable e-mail address for that Craigslist posting, you’re likely to have even more accounts. And you can’t get rid of that old AOL address because Grandpa still uses it — despite your having sent him your current Gmail address.

Checking, managing, and sending e-mails from those various accounts gets tedious and is time-consuming. However, if Microsoft Outlook is your e-mail client of choice, you can set it up to check all of them, control when they’re checked, and send messages from the right account.

POP and IMAP handle e-mail differently

Outlook supports the two most-popular protocols for bringing messages from your ISP’s or e-mail provider’s server to your computer: the Post Office Protocol (POP3) and the Internet Message Access Protocol (IMAP).

The two protocols behave differently in important ways. When an Internet mail server downloads new mail to an POP3 inbox, it does not keep track of what happens to those messages once you’ve looked at them. (Typically, once the messages are downloaded, they no longer exist on server unless you configure it differently.) IMAP keeps the mail on your PC and the mail on the e-mail service server synchronized. When you mark a message as read, delete it, or move it to another folder, the change happens in both places.

POP3 works fine, if you manage your mail on only one computer. But use IMAP to keep your e-mail synchronized on multiple PCs (or with a smartphone). Most mail services support it, but the ones that don’t include two big players: Yahoo and Hotmail.

Setting up multiple accounts within Outlook

You add new e-mail addresses to Outlook via the New Account wizard. How you launch the wizard depends on your version of Outlook:

• 2003: Click the Tools menu, select E-mail Accounts, then click Add a new e-mail account.
• 2007: Click the Tools menu and select Account Settings. Click New.
• 2010: Click the File ribbon, then the Info option in the right panel. Click the Add Account button.

For the most part, the wizard is self-explanatory. But it does have a few rough patches — the tips below will help you get through them:

• Within the wizard, check Manually configure server settings. There’s bound to be something the wizard gets wrong — probably several somethings.
• The wizard will automatically fill in the User Name field, using the first part of your e-mail address. But many ISPs these days use your complete e-mail address as the user name. In other words, the user name should be something like janesmith@domain.com — not just janesmith.
• You’ll probably need to check with your ISP or mail service for server addresses, ports, authorization, and encryption rules. Next, click the More Settings button (see Figure 1) and enter that information.

  
  Figure 1. Detailed settings for e-mail services are found behind the More Settings button.

• If you’re creating a second (or third or fourth) POP3 account in Outlook 2010, select Existing Outlook Data File; then select the .pst file named for your first POP3 account. Why? Because if each POP3 account has its own data file, Outlook 2010 will ignore your default account choice (more on setting your default account below). You cannot go back and change this setting later.

Control when you download each account

So you now have two, three, or five e-mail addresses running in Outlook. When you press F9 or hit the Send/Receive button, Outlook checks all designated servers for new mail.

But what if you don’t want it to check all accounts every time? For instance, what if you prefer to ignore your personal account until 5 p.m.?

You can do that by organizing your Outlook accounts into groups. A group can contain one account, all of them, or just a few. You can also define which groups send and receive when you press F9, which do it at regular intervals (say, every 30 minutes), and which do it only when you select that group from a menu.

It’s easy to manage all of this by using the Send/Receive Groups dialog box (press Ctrl+Alt+S). It’s where you create new groups and edit existing ones, define which accounts go into each, and set up rules about how Outlook handles each account.

Make sure the ‘From’ address is the correct one

When you have multiple accounts, you have to think about which ones will show up in your e-mail message headers. You might not, for example, want business contacts to see your personal address in messages you send them. With Outlook, you start by defining one of your e-mail addresses as the default: any new message will automatically carry that From address unless you specify otherwise.

To set your default account, go to the Account Settings dialog box using the following steps:

• 2003: Click Tools, E-mail Accounts, then View or change existing e-mail accounts.
• 2007: Click Tools and then select Account Settings.
• 2010: Click the File ribbon, then the Info option in the right panel. Click Account Settings, then Account Settings (it looks even more redundant than it sounds).

Once there, select the account of your choice and click Set as Default. (See Figure 2.)

In Office 2003 and 2007, this just works. Every time you start a new message, it’s from your default account. If you want to send it from another account, click the Account button below the Send button (in 2007) or the Accounts button on the toolbar (in 2003) for a pull-down list of all your e-mail addresses.

Figure 2. With multiple e-mail accounts, you need to tell Outlook which account is the default.

Unfortunately, Outlook 2010 might not honor your choice of a default account. It will, if you have only IMAP accounts or if you have only POP3 accounts and all of them store their data in the same file (discussed above). If you have a mix of IMAP and POP3 accounts, Outlook 2010 will always default to a POP3 account.

There are workarounds. You can insert a Visual Basic macro that can create messages with your chosen default account, or you can tweak the Windows Registry so that every new message requires you to manually pick a From address. In my experience, however, neither of these fixes works reliably in all cases. That’s why I’m not offering instructions here — though you can find them at a Slipstick Systems site.

Of course, you can always change the From address in Outlook 2010 by clicking the From button and selecting another account from the pull-down menu.

Merging on the server: the Gmail alternative

There’s another fix to that Outlook 2010 default account problem. This trick combines your accounts, not just in Outlook but anywhere else you access your mail. It also lets you access your POP3-only accounts via IMAP. But it requires a Gmail account.

(There’s one catch to this setup. If you are using Outlook 2003 or 2007, you won’t be able to send outgoing mail from your non-Gmail accounts. So I recommend this trick only if you’re using Outlook 2010.)

First, set up Gmail to access your other accounts. Click Settings, then Accounts and Import. Click Add POP3 e-mail account and follow the wizard. Click Send mail from another address and follow that wizard.

Back in Outlook, set up Gmail as your only account. (I recommend you go with IMAP.) Read Google’s instructions for specifics.

All of your mail will come through Gmail, which will also be your default From address. To send a message from another account in Outlook, click the From button and select Other E-mail Address. In the pop-up dialog box, enter your non-Gmail account’s e-mail address and make sure your Gmail address is selected for the Send Using option. From then on, when you click the From button, that address will be on the list.

Whether you go through Gmail or not, there’s no reason to limit your Outlook e-mail to only one account. Your life is bigger than that.

Lincoln Spector writes about computers, home theater, and film and maintains two blogs: Answer Line at PCWorld.com and Bayflicks.net.

New path for zero-day attacks: old printers

By Susan Bradley A recent disclosure that hackers can use print spoolers on some older printers to take control of PCs leaves us wondering what isn’t vulnerable. The simple lesson here is to keep your updates up-to-date — close the door on newly disclosed, potential threats before some hacker tries them out.

MS10-0061 (2347290)
A known worm finds new ways to crawl into PCs

This patch probably affects a small number of PC users, but Microsoft lists KB 2347290 as critical for anyone using current versions of Windows XP. That’s because XP enables Guest mode by default, which makes it easier for a hacker to take control of the system. The update is rated important for all other operating systems.

Most vulnerable is any current Windows XP user who has an older Lexmark Color Jetprinter (circa 1998–2002) or Compaq Inkjet Printer (circa 1997–2002) that is shared on a local network. Check out MS Support article 2347290 for the complete list.

This threat is an interesting twist on a well-publicized, zero-day vulnerability known as the Stuxnet worm. As Brian Krebs reports in his recent security blog, the Stuxnet worm was first thought to be spread by flash drives. But then researchers at Kaspersky Lab revealed that it could also exploit some Windows print spoolers.

► What to do: Windows XP users should install this update as soon as they receive it. Or go to TechNet security bulletin MS10-061 for links to the appropriate patch for your OS.

MS10-062 (975558)
Video files a more likely attack vector

Unlike KB 2347290, this vulnerability is a potential threat to any PC user who is not on Windows 7. By now, I hope I’ve drummed into everyone’s head that opening unknown video files on the Web is risky. Rated critical for Windows XP, Windows Server (2003 and 2008), and Vista, update KB 975558 patches a flaw in the MPEG-4 codec. For the exploit to work, PC users must be signed in to their systems with administrator rights and must run a video with the embedded malicious code.

Although there are no known exploits in the wild at this time, attacks using this vulnerability will probably show up soon.

► What to do: This could put a crimp in your YouTube or Facebook habit. Look for KB 975558 in your Microsoft Update, or see MS bulletin MS10-062 for details and links to the update files.

MS10-063 (2320113)
Malicious fonts can lead to future attacks

Firefox’s developers and members of the Red Hat security team get kudos for finding a security flaw in a Microsoft OpenType font engine. A hacker could create a document or Web page in which the font engine mistakenly interprets malicious code as a font; that in turn opens the door for a hacker to gain the same access rights to a PC as the user. So the fewer rights a user has, the less vulnerable the computer.

KB 981322 is critical for current versions of Windows XP, Windows Server (2003 and 2008), and Vista. There are currently no known exploits for this threat, but security experts anticipate attacks within 30–60 days.

In addition to the Windows update, you’ll see patches for Office XP, Office 2003, and Office 2007. Should any problems arise with Office after the update and you attempt to remove the patch, you may be required to run your original Office installation media. So if your media is not at hand, I recommend holding back on the Office update until the next patch watch — just to avoid any unexpected issues.

► What to do: Install KB 981322 as soon as possible to keep safe on the Internet. For more details on the update and patch downloads, consult MS TechNet bulletin MS10-063. And check that Office is working properly once it’s updated.

2284654
Give this Office update a pass for now

Recently I’ve seen a rash of Office update failures with error “646,” and one of the main culprits is the update in MS Support article 2284654. There’s an easy fix for the “646” error (using the Fix it button in MS Support article 2258121), but I recommend avoiding Office update KB 2284654 altogether — especially since most Office users don’t need it.

This update is needed only if you have Visual Studio 2008 installed on a 64-bit operating system and you plan to migrate from Office 2007 to 2010.

► What to do: Hide this update. If you plan to install Office 2010 later, remove Office 2007 first. To read about update KB 2284654, go to its MS Support article.

MS10-066 (982802)
Remote Procedure Call threat targets XP systems

The update in bulletin MS10-066 applies only to Windows XP and Windows Server 2003. Microsoft rates this patch as merely important, but I think it needs a higher priority. The attacker gains the same rights as the current PC operator — and many of those users are running with administrative rights.

This type of attack cannot succeed without the unwitting help of the PC user. But these days, it’s trivial to trick you into browsing or connecting to a malicious server (which invokes a Remote Procedure Call), and most home routers are not set up to block outbound file-sharing traffic. Currently, the greatest risk is from hackers who are on the same network as the victim.

► What to do: There’s no harm in being overly cautious. I recommend putting this update on the fast track. Check out bulletin MS10-066 for more info.

MS10-069 (2121546)
Far East language locale vulnerable to attacks

If you are running Windows XP with Chinese, Japanese, or Korean language locales installed, read on and patch. Even if you don’t have these language packs installed, you’ll be offered update KB 2121546 as a proactive patch. The update affects only current Windows XP and Windows Server 2003 systems and is rated important.

Security experts expect that hackers will try this vulnerability. But if you don’t have those language locales installed, there’s no threat.

► What to do: Go ahead and add KB 2121546 (included in support article MS10-069) whether or not you have Chinese, Japanese, or Korean language locales installed.

MS10-064 (2315011), MS10-067 (2359922)
Outlook and WordPad threats of lesser risk

The threats fixed by updates KB 2315011 and KB 2359922 are minor for home-computing environments.

For KB 2315011, a risk arises only when you’re running Outlook attached to an Exchange Server — and then only if you are not running it in cached mode (but rather running it directly online to the server). This vulnerability impacts Outlook versions XP, 2003, and 2007, but not Outlook 2010.

Microsoft lists this patch as critical only for Office XP SP3; users of Outlook XP may need to accept an end-user license agreement when launching the updated app for the first time.

KB 2359922’s vulnerability is a risk only when you open .doc files in WordPad. Most PC users habitually open .doc files in Word or Microsoft Works (or possibly OpenOffice and Word Perfect).

► What to do: Accept the patch, but don’t expect any actual attacks. KB 2315011 can also be found in TechNet article MS10-064; look for KB 2359922 in MS10-067.

Low-powered XP SP3 boxes clobbered by updates

I noticed a problem with my older Windows XP systems after the big patching month of August. They were unusually slow — especially when running Windows Update. (These are low-powered PCs with less than 512K of RAM.) I first attributed this to a temporary aftereffect of adding 14 updates at one time. But then I checked around the Internet and discovered I wasn’t alone.

Fortunately, I found that switching to Microsoft Update from Windows Update cured the problem. When Microsoft was asked to investigate this oddity, it came back with a fix at its end and discussed it in a Windows forum. (Some of you might still need to manually run Microsoft Update twice before you see improved performance.)

Intuit’s QuickBooks and MS’s .NET duke it out

Whenever there’s a .NET update we’re sure to see problems. Back in June, Microsoft released two non-security updates for .NET; it soon became obvious that QuickBooks was having issues. In response, Intuit released a support article warning users to remove .NET updates KB 977354 and KB 976576.

► What to do: Intuit recently released QuickBooks 2010 R8 to fix the problem. At this time, it requires a manual download. But you should soon see it offered as an automatic update through the QBBlog site.

MS10-065 (2267960) and MS10-068 (983539)
Threats to FastCGI and domain controllers

Home-patchers can ignore these final two updates. But those of you running servers — especially domain controllers — take note. Many admins use FastCGI to host PHP applications on Server 2008. Who can fault them — Microsoft recommends doing so in online documentation. But this configuration is risky: it could allow hackers to take complete control of a Web server.

Domain controller admins should pay close attention to KB 983539. It fixes a vulnerability where internal attackers (users that have credentials to the domain) can take control of the domain.

► What to do: If you’ve installed PHP on your Web servers, go immediately to MS10-065 and install KB 2267960. You’ll find KB 983539 in TechNet article MS10-068.

2141007
Recommended pass on Outlook Express update

If you installed KB 968389 on your PC last year, expect Microsoft to offer KB 2141007 this year. The update enhances the ability of Windows Mail and Outlook Express to support TLS — a newer encryption process for e-mail.

► What to do: If you’re an Outlook Express user, I recommend holding off on the update until I finish testing it. I want to make sure we won’t see any issues with Internet service providers. I will report back as soon as possible, in both the Lounge and in the next Patch Watch.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.