Newsletter Archives

• MS-DEFCON 3: Get patched, but watch out

  Posted on July 6, 2014 at 08:01 CDT by woody • Comment in the Forums

  Last month we had a terrible patchwork quilt of patches from Microsoft – get this, don’t get that, stand on your head and rub your tummy. This month, things are a little bit easier: The bad patches are few, and the so-so patches (even the ones left over from last month) aren’t creating as many screams of pain.

  Right now it looks like the much-feared Windows 8.1 Update 2 is coming on August’s Patch Tuesday. And it’s starting to sound a whole lot more like a ho-hum fix to the plumbing, as opposed to the macabre circus dancing around Update 1.More about that tomorrow in InfoWorld.

  Based on that, and the fact that almost everybody has been able to get Update 1 installed (the exceptions have largely bitten numerous bullets and re-installed Windows ), and that Microsoft now has a patching mechanism (or will shortly have one, per Paul Thurrott) that whisks you from Windows 8 (or RT) to Windows 8.1 Update 1 (or RT 8.1 Update 1), I’m going to advise Windows 8 and Windows 8.1 customers to move to Windows 8.1 Update 1. Unless you’re struggling with corporate applications that only work with Windows 8 (there must be one somewhere), there’s no question that Update 1 is better than plain-vanilla Win8 or 8.1.

  It’s not clear if the new Win8-to-8.1 Update 1 migration path is available to everybody at this point, but if you’re using Windows 8 (look on the Metro Start screen next to your name; if there’s no magnifying glass, you’re using Windows 8), go through the usual Windows Update steps to get Windows 8.1 Update 1 installed. No, you don’t need to mickey around with the Windows Store anymore.

  For Windows 7 users, I’m relaxing my earlier stand on KB 2952664, and suggesting that you go ahead and install it, even if you never plan on (up?)grading your system to Windows 8. It seems relatively benign.

  I’m repeating last month’s admonition:

  Patching guru Susan Bradley notes that MS14-024 is causing problems. She advises that you wait on KB 2961033, 2810073, 2817330, and/or 2880502 (the KB number varies depending on which version of Office you’re using, or which version the installer thinks you’re using).

  That’s still good advice. (Note: YB corrected my earlier assertion that this is a .NET patch. In fact, it’s a patch to the control library used by Office. As best I can tell, the security hole is only active when using Internet Explorer — it’s the only browser I know that works with COM components.)

  I’m still unswayed by Microsoft’s advice to install IE 11. I say stick with IE 10 for now, and use Chrome, Firefox, or any of the other alternate browsers, instead of IE. (IE is getting a big dose of patches on Tuesday.)

  Thus, we arrive at MS-DEFCON 3, primarily because of the screwed up .NET patches: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  And I repeat the fine print every month: For those of you who are new to this game, keep in mind that…

  You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). I almost never install “Recommended” patches.

  If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind.

  I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

  And a new one: If you have a brand new install of Windows — new machine, or you’ve re-installed from scratch — I recommend that you install all available patches immediately, in spite of the MS-DEFCON level, or what I say here. Get caught up. On a Windows 7 machine, before you do anything else, install Microsoft Security Essentials and get rid of any crappy, expensive antivirus program that may have come pre-installed on your machine. On all new machines, go to Windows (or Microsoft) Update through the Control Panel (System and Security, Windows Update, Check for updates), and install all available “Important” updates. Don’t check any unchecked boxes. Forget the “Optional” updates. Reboot your system after the updates are installed, and check again for more updates. Lather, rinse, repeat ad infinitum.

  Windows Patches/Security June 2014 Black Tuesday

• Black Tuesday toll: Microsoft drops Windows 8.1 support; XP hack still works

  Posted on June 10, 2014 at 14:12 CDT by woody • Comment in the Forums

  Sorta.

  InfoWorld Tech Watch.

  Windows Patches/Security June 2014 Black Tuesday, Windows 8.1 end of support

• MS-DEFCON 2: Microsoft patches on the way, get locked down

  Posted on June 10, 2014 at 12:46 CDT by woody • Comment in the Forums

  If you haven’t already locked down your system – turning off Windows Automatic Update – now’s the time to do so.

  Huge Internet Explorer patch bunch coming.

  See the tab above for details on turning off Automatic Updates.

  We’re moved to MS-DEFCON 2:  Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Windows Patches/Security June 2014 Black Tuesday