Newsletter Archives

• MS-DEFCON 4: Apply all outstanding patches except 951847 and 960715, and watch out for other problems

  Posted on April 5, 2009 at 06:00 CDT by woody • Comment in the Forums

  It’s time to get patched up.

  Last month’s crop of Black Tuesday patches turned out pretty good. One of them, KB 959772, is a CYA patch that lets people play music they’ve already bought from Microsoft. None of the three seems to be causing undue heartache.

  I still recommend that you HOLD OFF on these patches:

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  That brings us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  To get patched up, click Start, All Programs. Near the top of the list you see either Windows Update or Microsoft Update. Click on that and tell Windows Update that you want to perform a “Custom” update. Be prepared to spend ten to fifteen minutes – longer, if you haven’t patched in a while. When you’re done, make sure you have Automatic Updates set to “Notify but don’t download or install” by clicking Start, Control Panel, Security Center.

  My general admonition about applying hardware driver patches still applies: Ain’t broke, don’t fix. That is, unless you have a very specific reason for installing a new driver, don’t do it.

  Windows Patches/Security .NET Framework, 936929, 950718, 951847, 958690, 959772, 960225, 960715, 967715, ActiveX, Conficker, IE8, MS-DEFCON 4, WinXP SP3

• Hold off on KB 958690, 960225, 959772

  Posted on April 1, 2009 at 21:27 CDT by woody • Comment in the Forums

  The other patch Tuesday has come and gone, and there’s a bunch of patches waiting for your approval.

  As usual, I advise you to hold off on all of the patches, except the Junk E-Mail Filter, any Windows Defender updates and the Malicious Software Removal Tool, KB 890830.

  Yes, that means you should apply Junk E-Mail Filter updates, Windows Defender updates, and you should run the latest Malicious Software Removal Tool (which may or may not remove the latest version of Conficker).

  Speaking of which… It’s April 1, Conficker has turned over a new leaf, and the earth is still spinning. Amazing.

  Windows Patches/Security 890830, 958690, 959772, 960225