How to fix that gizmo you dropped in the loo

How to fix that gizmo you dropped in the loo

By Scott Dunn It happens to everyone: one moment, you’re talking on your cell or dialing up a tune on your MP3 player, and the next, you’re staring down at your gadget in a toilet, a puddle, or worse. If your portable electronic device gets dropped or submerged, is there anything you can do? Fortunately, the answer is yes.

What to do before you call the shop

Whether you left your iPod in your pocket when you did your laundry, discovered that your dog thinks your Zune is a chew toy, spilled coffee on your Treo in your car’s cupholder, or dropped your phone in the sink while shaving during your conference call, you’ve probably discovered the hard way that today’s electronics are not invulnerable.

When disaster like this strikes, what should you do? I spoke with Aaron Vronko, co-founder of Rapid Repair, based in Kalamazoo, Mich. Rapid Repair specializes in iPod and iPhone repairs, but also handles repairs of Zunes and other small appliances. Vronko told me what you can do to rescue your portable electronic device.

First, the obvious: water and electronics don’t mix

If you merely dropped your handheld device on a hard, dry surface, your problem may not be too serious. In cases of dry damage, dust off your device and turn it on. If you can’t make it work, you’ll need to find a repair service. But you probably won’t be out more than a nominal charge to see if it can be fixed.

A much bigger danger is secondary damage caused by exposure to water or other liquids.

“That’s when the most damage happens,” says Vronko. “People don’t realize how much liquid can get inside or the harm it can do.” What happens next can determine whether your device lives or dies.

If your handheld is exposed to liquids, try these steps.

Step 1: Act quickly. If your electronic device has been exposed to liquid, a wait-and-see approach may do more harm than good. The longer the electronics are exposed to moisture, the greater the chance of connections corroding, causing irreparable damage.

Step 2: Don’t turn it on. “If you turn on a device exposed to water, you’re attracting ions to the liquid and causing even more problems,” says Vronko.

Step 3: Clean with solvent. Not all electronic devices can be easily disassembled, but do what you can to open yours up if it’s a simple matter. Then carefully clean the parts with an electronics-safe solvent.

Good solvents to use for this purpose include contact cleaner from an electronics shop or a strong rubbing alcohol. Don’t use the kind of mild alcohol that’s sold in many drug stores; it contains too much water. Use a cleaner that’s 80% or more alcohol.

Step 4: Dry and try. Once you’ve cleaned it, let your device dry out completely. Then reassemble it and try it out.

Step 5: If necessary, seek repairs sooner rather than later. If you don’t succeed in reviving your handheld, try to get it to a repair service before internal water damage gets worse.

Vronko relates an unusual story in which his cell phone was on his lap during his drive home. When he got out of his car, the phone fell onto the driveway and that night was covered by 12 inches of snow. He didn’t find the handheld until spring, two months later.

When he found the phone, he didn’t have time to work on it, so he threw it into a freezer for another two months.

Once he found the time, Vronko cleaned out the phone with a solvent and made sure it was thoroughly dry. As a result, the phone worked just fine.

“Certain electronics don’t like freezing temperatures,” Vronko notes, so he doesn’t recommend this approach for everything. “But, in this case, the cold kept the delicate parts from oxidizing.”

When is a repair job worth the money?

If your own remedial steps don’t help, it’s time to seek professional help. Some shops, like Vronko’s Rapid Repair, charge little or nothing for estimates. Rapid Repair charges one cent for estimates (a quirk of the company’s online billing system), plus $10 U.S. for overnight shipping anywhere in the United States.

Vronko says a number of manufacturers will make repairs for free, especially if their product is the cause of the problem. “For example,” says Vronko, “it’s extremely common for car chargers to fry a product’s mainboard if there is a power spike in the car’s electrical system.”

In that case, a reputable manufacturer of such a charger may replace your product for little or no money.

“For all your electronics, be extremely wary of hooking it to a car charger if you can avoid it,” adds Vronko. “Or, if you do use a car charger, make sure the manufacturer stands by their accessory.”

For repairs that aren’t caused by user damage, 50% of the repairs Vronko sees require only a new LCD or battery. He adds that 85% of the repairs his company made last year cost the customer $90 or less.

In deciding whether to opt for repairs or a replacement unit, Vronko recommends the 60% rule: If the repair cost is more than 60% of the current replacement value (what the device would cost to buy today), don’t bother with a repair. For example, you may have spent $300 on a device originally, but if a new model now costs $200, don’t spend more than $120 getting the old one fixed.

Finally, if your product is beyond repair or not worth the cost, ask whether your repair service will recycle it for you. That way, at least reusable materials won’t end up in a landfill.

As electronics get smaller, they also become easy to drop and damage. Knowing what to do in a mishap may save you the pain and expense of replacing or repairing your personal device.

Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

OEM licenses for XP are nontransferable

By Scott Dunn

My Mar. 6 article on buying systems with XP preinstalled stated that your XP license lets you remove the operating system from one machine and install it on another.

But that’s only true if you bought a retail copy of Windows XP, not a version that came preinstalled on your PC.

Not all copies of XP are licensed equally

Regarding the transfer of Windows XP to a different machine, reader Elin H. Flashman made the same point as many readers:

• “I just wanted to correct the error in your article. Most people have preinstalled versions of XP (OEM), and those are legally tied to the motherboard. Only retail editions allow you to transfer from one PC to another. This is explained in a Microsoft document (a Word .doc file), which provides more details.”

Thanks for clarifying that distinction, Elin.

Note that if you have any difficulty activating a retail copy of XP on another machine, you can call Microsoft at the number on the screen and explain the situation. This is likely to get you the activation code you need, regardless of how you bought XP.

Include the world in your driver search

When looking for XP-compatible drivers for newer hardware, Randy Curtin has this suggestion:

• “Another tip you may give your readers is to check the manufacturer’s European sites (for example, English-speaking sites, such as the United Kingdom). They may be offering XP drivers for machines sold in that country. I found three drivers for my Acer notebook that weren’t available on their USA site because of Vista’s stranglehold here.

  “I actually bought a copy of XP Professional for this notebook (which came with Vista), because it was such a dog. The machine runs great with XP.”

Thanks, Randy. Many large companies have region-specific Web sites with different content for each. Some ask you to specify a country when you go to the main site. Others require you to select a country from a drop-down list or link. But with a little looking around, you can usually find your way to one of these regional versions.

Naturally, you should take care to ensure the drivers you download and install were intended for your specific hardware.

Another shopping alternative for XP systems

My Mar. 6 article pointed out some PC makers that still sell computer systems with Windows XP preinstalled or with XP downgrade discs. But reader David Yancey has another suggestion for last-minute shopping before the June 2008 deadline:

• “Your article ignored a major option for those who are trying to avoid the Vista morass as long as possible. With a bit of search work, it is still possible to find refurbished Windows XP desktop computers from reputable online sellers.

  “Those who are queasy about getting a ‘used’ machine or who think a new one has some advantage over a factory warrantied refurbished machine should seriously reconsider. We always get refurbished systems for all our business uses and have never been disappointed.

  “I recommend only buying a machine with a 90-day factory warranty and getting as much installed memory as you can.”

Readers Flashman, Curtin, and Yancey will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

Hey, buddy, can you cc me on that?

Ctrl+C won’t copy. Your Tab button won’t tab. Ctrl+A selects absolutely nothing. We’ve all been there, when the simplest of functions just won’t function. But what’s really going on when we repeatedly punch that Copy button? This 30-second animated cartoon from the New Yorker provides a humorous, if not simple, answer to that question. Talk about a serious case of Ctrl+C déjà vu! Play the video

Using Windows' hidden Disk Cleanup options

By Fred Langa You can get rid of more than just a few junk files by using some of Windows’ little-known deep-cleaning settings. Most users report recovering dozens to hundreds of megabytes of space, and some users report gaining as much as 13GB of formerly-wasted space!

More space and speed with just a few clicks

Every Windows user knows that junk files tend to accumulate in the less-trafficked portions of a hard drive. It’s insidious: sometimes, “temporary” files don’t get erased, files may be left over from sloppy software install or uninstall routines, software glitches can leave orphaned files scattered around a system, and so on. Over time, it adds up.

On a large drive, even just a few extra percent of junk files can eat gigabytes worth of disk space. Those junk files serve no purpose, but nonetheless have to be kept track of by the operating system. The useless files may bog down searches or disk-indexing operations. They may needlessly bloat your backups and slow your defragging. And if they can make file- and disk-recovery operations much more difficult and risky, should you suffer a major disk problem.

Windows usually isn’t very aggressive about removing such files; it tries to err on the side of extreme caution when deleting stuff. But Windows can be told to a much better job. In fact, that’s been a popular topic here in the past, as described by a subscriber named Eric who calls himself a “six-year reader” of mine:

• “With a lot of people getting new Vista systems, it would be great for Fred to update some of his classic series of articles. For example, there was a wonderful series done for XP, with updates over the years, with articles like ’10 ways to make XP run better.’ Any chance of seeing some articles like that for Vista in the near future?”

Yes, indeed, Eric. In fact, I alluded to this during my Housecall series starting on Sept. 27, 2007. When I discussed things like the free automated disk cleanup-tools that were published for earlier versions of Windows, I said I hoped to expand on this in include Vista versions soon. Today’s the day to get started!

Finding and using the ‘enhanced’ settings

Let’s begin by tweaking Windows’ standard Disk Cleanup tool, turning it into a more powerful version of itself. All versions of Windows have some form of this tool, and all versions of the tool have useful options and settings that are hidden by default.

The instructions that follow are specific for Vista, but the general ideas work on any version of Windows with only minor differences. If you need more info on how this applies to other versions of Windows, or if you’d like more background on the concepts and principles involved, please read the multi-part article called CleanAll Updated in the Windows Secrets/LangaList archives. Then scroll down to the section labeled “All articles posted on April 4, 2002” to read the other parts of the same article. While some parts of that years-old article are showing their age, the essential concepts remain unchanged.

If you’re not already familiar with Disk Cleanup’s basic operations in Vista, click Start, Help and Support, and then search the Help system library for the phrase Delete files using Disk Cleanup. The first article returned by that search will give you all the basics.

As always, make a backup before starting any serious system maintenance. And let’s take one additional step so you can easily see what an enhanced cleanup actually does: Open My Computer and right-click on your c: drive. Make note of the amount of free and used space, and save that information somewhere.

Turning the settings to your best advantage

The Windows Disk Cleanup tool’s formal filename is cleanmgr. Its enhanced options are managed via settings stored by something called the System Agent, abbreviated as sage. To access and set Disk Cleanup’s enhanced options, type

cleanmgr /sageset:99

in Vista’s Start, Search box. (This box is accessed via Start, Run in earlier versions of Windows.) Press Enter. (Note the space between cleanmgr and the forward slash. I’ll explain the :99 part in a moment.)

When you press Enter, the Disk Cleanup tool will run in a special setup mode that offers you more cleanup choices than are normally presented to you. Most importantly, the System Agent will remember whatever choices you set now (that’s the sageset part). You can reuse those same choices when you run the Disk Cleanup tool at a later time.

Figure 1. The Disk Cleanup tool’s enhanced mode offers additional options that are normally hidden.

For now, step through all the choices that the Disk Cleanup dialog box offers you. Note that some of the individual cleanup items have additional information and options that become visible when you click or check the item.

I generally select everything that’s offered — I’m looking for maximum cleaning, so I just check everything. But you can select any, all, or none of the offered choices and options; it’s up to you. And don’t worry. If you want to change your mind later, you can. Just rerun the command cleanmgr /sageset:99 and make a new set of choices.

Sad to say, Vista’s incarnation of the Disk Cleanup tool doesn’t offer the “compress old files” option that was available in earlier versions, such as XP’s. I don’t know why. I thought that was a useful option.

Unleash the rarely used power of Disk Cleanup

OK, now that the Disk Cleanup Tool is set up for more thorough cleaning, all you need do is run it.

To run the Disk Cleanup tool and invoke the choices you made above, you again use the System Agent (sage) just as you did before. But instead of using System Agent to set the options, you use it to run them. You replace sageset with sagerun, as follows:

In Vista, click Start, Search, then type:

cleanmgr /sagerun:99

in the box and press Enter. (Once again, note the space between cleanmgr and the forward slash). The Disk Cleanup Tool will then run in enhanced mode using the preferences stored by your previous /sageset:99 command. You can run the cleanmgr command this way any time you want.

When the Disk Cleanup tool is done, you can easily see its effects: open My Computer and right-click on your c: drive. Compare the free and used space values with the ones you previously noted.

Odds are, you’ll have weeded out many junk files that were previously cluttering up your system, and you’ll see some increase in free space. (We’re not done yet, though: there are plenty more junk files you can delete, as you’ll soon see.)

Now, about that :99 in our example.

The numbers in the sageset or sagerun commands let you differentiate among different cleaning strategies. You can create completely different cleanup profiles with completely different cleaning options. You’d simply number each profile differently: /sageset:1, /sageset:2, /sageset:3, and so forth. You’d invoke the different cleaning strategies with matching /sagerun:1, /sagerun:2, /sagerun:3 commands.

I used “99” only because it’s distinctive and unlikely to conflict with any other sageset or sagerun profiles. You can use any numeric designator you wish.

Once your enhanced cleanup routine is set up and working the way you want, you can automate it. You can tell Task Scheduler to run cleanmgr /sagerun:99 at whatever time you wish. Or you can create a one-line batch file containing just the command cleanmgr /sagerun:99 and use Task Scheduler to run it. (You might specify a time late at night, when the PC isn’t likely to be in use.) It works either way.

If you need help setting up a Scheduled Task, Microsoft Knowledgebase article 308569, “How To Schedule Tasks in Windows XP,” can help. This article was written specifically for XP, but all versions of Task Scheduler employ the same basic concepts and ideas. There are just a few minor differences in the user interfaces and naming conventions.

If you need detailed help with Vista’s version of Task Scheduler, click Start, Help and Support, then enter scheduled task in the help system’s search box.

And there you have it — a few minutes and a few mouse clicks and you’ve probably freed up dozens to hundreds of megabytes of formerly wasted disk space. In some cases, you may even find you’ve recovered gigabytes of space: With earlier versions of this same technique, readers have reported freeing as much as 13 GB!

But we’re just getting started. In this space on Mar. 27, I’ll show you how to take care of many of the junk files that even the enhanced Disk Cleanup Tool leaves behind. You may be surprised at just how much more junk you can automatically eliminate using the free tools built into Windows!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

StartKey makes your desktop portable

By Mark Edwards Let’s face it, laptops are a mainstay for portable computing — but what if you could have access to your desktop without lugging around a laptop? Microsoft is working on technology that will make that possible in the very near future, and this week I tell you what you can get out of it.

Microsoft StartKey comes over the horizon

I recently learned about a product called Startkey that is under development at Microsoft. StartKey is a desktop portability tool that will reportedly let you put applications — along with many of your custom Windows settings — onto a USB flash drive or Secure Digital (SD) card.

You could then plug your StartKey into any computer running a supported version of Windows and have access to your own personal desktop. To be clear, StartKey is a companion to Windows and not a portable version of the entire Windows operating system.

According to Mary Jo Foley at ZDNet StartKey “will allow users to bring everything from their desktop wallpaper, to their desktop icons, contact lists and data with them so that they can turn any PC or kiosk into their own, personalized workspaces.” Another story by Ina Fried at News.com offers more detail. Fried said that she pressed Microsoft for information and received the following statement:

• “Microsoft is introducing software (code-named Startkey) that will make it easy for users to securely replicate their current Windows PC environment, including applications, music, photos, videos, personal settings and passwords on a flash-based portable storage device. … This environment will then be accessible on Windows-based computers — effectively turning any PC into their own PC.”

Foley points out that StartKey sounds incredibly similar to a Microsoft Research project called KeyChain. Based on Microsoft’s published information about KeyChain, the technology would let you plug in a flash drive, resume your desktop (stored in the device) from standby mode, perform whatever tasks you chose, put your desktop session back into standby mode (again, stored in the device), and then unplug the device and take it with you.

If the high points of KeyChain will be included in StartKey, then it’ll be a very interesting technology. It would cause your desktop to run in a virtual environment that’s isolated from the host PC.

If you need more disk space than is available on your flash drive or SD card, remote storage could be used for overflow. For example, Microsoft could use its Live.com services to offer online storage for StartKey users. Live.com could also become an online data-backup system for StartKey users.

Likewise, it’d make sense for Microsoft to integrate support for StartKey into an upcoming version of Windows Server. The server could help manage data overflow, backups, and network access control.

StartKey might also support multiple users on one device. So, for example, it’s foreseeable that you could use one device for your entire household when you head off on vacation. And we might see new versions of Microsoft’s Xbox that support the use of StartKey, or, thinking a bit more diversely, new cell phones that support StartKey.

Of course, StartKey introduces technological problems regarding security. For example, if your applications are on portable media, you’ll need to be able to update those applications when new patches and new versions emerge.

StartKey also opens the possibility of entirely new types of vulnerabilities and exploits. Microsoft will need to take great care in looking ahead at preventing those possibilities.

Back in May 2007, SanDisk announced a new partnership with Microsoft. At that time, SanDisk said the partnership would “deliver a next-generation software and hardware solution to place application programs and personal customization on USB flash drives and flash memory cards, expanding on and replacing SanDisk’s existing U3 Smart Technology.” U3 technology lets people put files and software on a secure USB drive. As Fried pointed out, it appears that this partnership is the basis for StartKey.

According to SanDisk, the new technology developed under their partnership with Microsoft — which we can reasonably assume is now called StartKey — will become available in the second half of 2008.

If any of this sounds familiar to you, consider the fact that MojoPac, which I discussed in my Jan. 10 column, is already capable of making your desktop highly portable. However, MojoPac doesn’t have the advantage of being a Microsoft product. You can therefore be sure that StartKey will offer capabilities that the developers of MojoPac can only dream of.

Critical vulnerability in RealPlayer ActiveX

A very dangerous vulnerability exists in a RealPlayer ActiveX control, which is typically used by Internet Explorer to play multimedia content. According to a poster named “Elazar,” who reported the problem, a bad guy could use the control to run code on an affected system. This could let someone take control over your PC.

At the moment, there is no fix available from Real. However, you can protect yourself by disabling the ActiveX control.

To do that, set the kill bit for the control, as outlined in Microsoft’s KB article 240797, “How to stop an ActiveX Control from running in Internet Explorer.”

To set the kill bit, you’ll need the CLSIDs (Class IDs) of the ActiveX control. Elazar reports that these are as follows:

{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}

Malicious Access database files on the loose

PandaLabs reports a new exploit in circulation that uses Microsoft Access database files to spread. Access database files typically have an .mdb extension.

PandaLabs says the malicious .mdb files contain an embedded file that turns out to be a keylogger. Unfortunately, Microsoft isn’t going to fix the problem. According to PandaLabs, Microsoft issued a blanket statement when the vulnerability was reported:

• “You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files. For more information, please visit http://support.microsoft.com/kb/925330”

Microsoft has considered several file types as being dangerous for quite some time. As such, the company has issued various fixes and workaround information over the years.

In some cases, the fixes change the behavior of desktop applications that would be likely to open such files. In other cases, workaround information might include removing specific extensions from Windows’ list of file types that can be opened automatically.

In the past, clicking on an .mdb file might have caused Outlook or Internet Explorer to automatically open the file in Access. At that point, exploit code might run, doing untold amounts of damage to the system.

Microsoft has an online article, KB 925330, “An overview of unsafe file types in Microsoft products.” The article contains links to over a dozen other articles that provide workarounds and various fixes to help protect against dangerous files. Read the article, where you’ll find information about Internet Explorer, Outlook, Windows XP SP2, and Office.

Firefox 3 beta version 4 is released

As I mentioned in my Jan. 10 column, the Mozilla Foundation is very busily working on Firefox 3.0. Development is progressing at a steady pace. This week, the foundation released Firefox beta 4, which is available for Windows, Linux, and OS X.

According to the release notes, beta 4 still has 11 bugs that affect all platforms, and 2 bugs that specifically affect Windows platforms. As a result of the bugs, you might not be able to use Windows Live Mail, and you might have minor problems using Gmail.

Another issue is that no Windows Media Player plug-in is available for some versions of Windows, including Vista.

You can read more about the bugs in the beta 4 release notes.

Even with the known bugs, beta 4 is still usable for those of you who want to start becoming familiar with it now. As is the case with any beta software, expect problems, make sure you have a backup of your settings and bookmarks, and be prepared to uninstall the software if the bugs are more hassle than you’re prepared to endure.

You can download the latest beta of Firefox 3.0 at Mozilla’s site.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

March patches for Office are 'lambs,' except...

By Susan Bradley Microsoft released this week four different security bulletins for MS Office, but (with a few exceptions) they seem to shape us as pretty tame updates. The old saying about March weather coming in like a lion, but going out like a lamb, is just about the way this patching month has shaped up.

MS08-014 (949029, 946979, 946976, 943985, 946974, 943889, 947801, 949357, and 948057)
Got Excel? Now’s the time to get it patched

Back in January 2008, Microsoft security advisory 947563 was published, indicating a security issue with Excel files. We now, finally, have a patch for I’d call the “Got Excel, get a patch” flaw.

This is the most crucial security bulletin for you to install this week. MS08-014 patches Excel 2000, Excel 2002 (XP), Excel 2003, Excel 2007, Excel 2004 for Macintosh, and even the recently released Excel 2008 for the Macintosh.

If you don’t have Excel installed, but this patch is offered up to you anyway, it’s probably due to the fact that you have an Office file viewer installed. Look to see if this is the case in your Add/Remove Programs control panel (in Vista, check the Programs and Features control panel in the “classic view”).

In addition, you will still be offered this patch, even if you have Office 2003 SP3 or Office 2007 SP1 (which are not vulnerable), due to the fact that the security bulletin’s update files are newer than what may be installed.

The good news is that this update can be removed for almost all versions of Excel. (The exceptions are the 2000 version and the Macintosh version.) The 2002 (XP) and 2003 versions of Excel, however, may require you to provide the Office CD-ROM when uninstalling this patch. This is discussed in Knowledge Base article KB903771.

Attacks using this vulnerability have already been seen on the Web. Either patch as soon as you can, or don’t open Excel spreadsheets from anyone. You should never open an Office data file that you received via e-mail unless you were expecting one to be sent to you.

MS08-017 (933103, 931660, 932031, 933367, 933369, 939714, 941305, 948257)
Office Web Components affects a mixed bag of PCs

Our second Office-related security patch this week impacts an eclectic collection of applications and servers.

Various platforms of Microsoft applications and servers use technologies called “Office Web Components.” This shared code is updated by MS08-017. This security bulletin patches Office 2000 SP3, Office XP SP3, Visual Studio .NET in both 2002 and 2003 SP1 versions, Biz Talk Server 2000 and 2002, Commerce Server 2000, and finally Microsoft’s firewall software: ISA Server 2000 SP2.

Only the patches for Office 2000 and ISA Server 2000 cannot be uninstalled.

MS08-015 (949031, 946986, 946985, 945432, 946983)
Outlook gets a fix to prevent ‘mailto’ hacks

One security bulletin related to MS Office this week involves Redmond’s e-mail client, Outlook. The security bug that’s being closed in this case is due to Outlook not being able to correctly handle malicious “mailto” links in e-mails.

Just like the Excel patch mentioned above, MS08-015 cannot be removed from Outlook 2000, but it is possible to uninstall it from the 2002 (XP) and 2003 versions of Outlook. You may need to have access to the original CD-ROM, as discussed previously.

Outlook 2007 Service Pack 1 will still be offered the patch, although it is not vulnerable to this attack. The detection of the download is due to the fact that file-version numbers in the patches are higher than the version numbers in SP1.

Bottom line? Don’t panic if you think that you shouldn’t be offered this patch, but you are.

MS08-016 (949030, 947361, 947866, 947355, 949357)
Office documents could bring attacks with them

By now, you may have noticed a pattern in which versions of Office that are not vulnerable to an attack will still be offered up patches for that attack.

This time, it’s Office 2003 SP3 that will be offered a patch, even though this version of Office is not vulnerable. The flaw affects Office 2003 SP2 (not SP3), Office XP SP3, Office 2000 SP3, Excel Viewer SP3, and Office 2004 for Macintosh. Unlike some of the other patches released this week, you won’t see this one offered to Office 2007 users.

As is the case with some other patches, after this security bulletin is installed on Office 2000, it can’t be uninstalled. Office 2002 (XP) and Office 2003 will allow an uninstall, but you may need the original CD-ROM after you remove the patch.

The security bulletin in question is MS08-016.

948496
Windows 2003 SP2 gets a fix

Approximately one year ago, Service Pack 2 for Windows Server 2003 was released on Patch Tuesday in March 2007. Included in that service pack was a new feature called the Scalable Networking Pack.

This technology caused a number of issues on Small Business Server 2003 networks. As a result, the Small Business Server Best Practices Analyzer — a tool available from Microsoft KB article 940439 and documented by my SBSBPA site — recommended that the networking pack be disabled.

I wasn’t too surprised, therefore, when a revised version of a patch that normally gets installed to SBS servers was released this week. This patch is described in Knowledge Base article 948496.

What I was surprised about was that the revised patch is being offered to Windows servers that have Service Pack 2.

The revision not only disables RSS and TCP Offload, but also disables TCP Chimney. Reconfiguring these services in the Scalable Networking Pack causes the loss of such features as the ability to connect to the domain server, remote connectivity to the server, and many other basic networking functions.

I do find it ironic that the changed patch is coming out exactly one year after the original release of SP2. As Yogi Berra said, “It’s déjà vu all over again.”

Patch 948496 isn’t a critical security update, and thus it doesn’t require Microsoft’s usual prerelease notification. But I was surprised by the release, because I’d pretty much given up on Microsoft finally fixing, after all this time, the serious side-effects of its original service pack. The issues with Windows Server 2003 SP2 were spotted soon after its release a year ago.

946041
Windows Vista gets some added reliability

A few new reliability fixes have been released for Vista, in preparation for next month’s anticipated rollout of Vista Service Pack 1.

KB article 946041 not only patches some issues with hiberation, but also fixes an issue with deploying updates themselves. This problem caused systems to display error code 0x8007000b during the installation of patches.

Daylight time was easy, but Leap Day threw ’em

I thought I might see many issues involving the Mar. 9 switch to Daylight Saving Time in the United States. (Due to a law change two years ago, the U.S. now springs forward on the 2nd Sunday in March, while most other countries that use Summer Time change in late March or early April.)

All appeared to go well with the change, other than a few admins who had to confirm what time it was. Their computers were right, but their wristwatches were wrong!

The surprising thing was how many applications failed on Leap Day this year. The U.K.-based AccountingWeb site criticizes several Feb. 29 bugs that occurred in Microsoft Exchange 2007, the preview release of SQL Server 2008, SBS 2003, Home Server 2003, and Windows Mobile.

The accounting site says one Windows Mobile iPAQ device decided that Feb. 29 was actually Mar. 1, 2035. More seriously, SBS 2003 was unable to issue digital certificates to itself because each cert was stamped Feb. 29, 2013.

In a similar vein, Greg LaFollette provides a report on ProSystem FX, an audit software program that couldn’t add documents until the vendor provided a workaround later that day.

The number of Leap Day bugs is amazing, given that some of the affected products had versions that existed more than four years ago. Hmm, what do you think might have changed in the code since the last Leap Day…

It says 4 bulletins, but it’s really 13 patches

When you go to Microsoft Update this month to patch, don’t be alarmed if the four Office patches that I described above consist in reality of many more. On one Windows XP SP2 machine, which has older versions of Office installed alongside Office 2007, the list of patches I saw this week was pretty long.

On a Vista test machine, the patches offered up were much more reasonable. This was true even though I still was seeing Office patches for Excel and Outlook, although that machine is already running a version of Service Pack 1, which includes the fixes. (See Figure 1.)

Figure 1. You may see more patches in Microsoft Update than security bulletins that have recently been released, depending on your OS and what apps you’ve installed.

Bottom line: it’s OK for four security bulletins to equal three times that many patches.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.