Newsletter Archives

• Born, Brinkmann: Microsoft’s hotfix service is no longer available

  Posted on November 5, 2018 at 04:13 CST by woody • Comment in the Forums

  I’d have a hard time extrapolating to all hotfixes in all situations, but Martin Brinkmann has hit upon a very disturbing trend:

  System administrators and users who attempt to download hotfixes from Microsoft’s website are greeted with a “This hotfix is no longer available message”.

  Günter Born’s Borncity web site has a German language post that, in addition to hotfixes, also decries the imminent death of FixIts.

  I’m not sure what’s going on, but this certainly isn’t good news for Windows 7 users.

  More info as it becomes available.

  Windows News Fixit, Hotfix

• MS-DEFCON 3: Time to get patched AND apply a manual fix

  Posted on October 2, 2013 at 10:25 CDT by woody • Comment in the Forums

  I’ll be covering Susan Bradley’s detailed discussion of KB 2859537 tomorrow, after Windows Secrets Newsletter hits, but the bottom line is that MS appears to have nailed the problems with August’s last bad patch.

  The comical September bad patches – twelve pulled and re-issued patches – all seem to be working OK.

  But there’s a more important reason why I’m suggesting you install all of the outstanding Microsoft patches now. As of just a few hours ago, Lucian Constantin at PC World reported that a working exploit for an Internet Explorer vulnerability just showed up on Metasploit. Chances are very good that you’re going to see that exploit used shortly.

  Here’s what’s weird about that IE vulnerability: Microsoft hasn’t released an Automatic Update for it yet, but it does have a Fixit available that you can apply, manually, to shore up your system.

  I know that most of you don’t use IE, but this one’s bad enough (and now widespread enough) that it would be prudent to get your system patched. I haven’t heard of any problems with the Fixit, but that doesn’t necessarily imply a clean bill of health, eh?

  So I’m recommending that you not only apply all outstanding Microsoft patches, I’m also recommending that you run over to the Fixit site and apply that fix manually.

  I’m moving us to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems — and strongly recommending that you also go to the Fixit site and get that patch applied.

  Windows Patches/Security Fixit, September 2013 Black Tuesday

• A new Fixit for another Internet Explorer 0day

  Posted on March 16, 2010 at 04:34 CDT by woody • Comment in the Forums

  If you’re still using Internet Explorer 6 or 7, and haven’t upgraded to IE 8 or started using a better browser, you need to run over to Microsoft’s Security Advisory 981374 and apply the “Fixit” patch.

  According to SANS Internet Storm Center, Microsoft posted the Fixit a few hours ago.

  The Fixit disables something called the “peer factory” in IE6 and IE7. Apparently there’s working zero-day code running around that takes advantage of the security hole to run “backdoors” – programs that take over your computer, without your knowledge or consent.

  Windows Patches/Security 0day, Fixit, Internet Explorer, KB 981374, peer factory