Newsletter Archives

• MS-DEFCON 3: Get patched, but beware

  Posted on January 4, 2013 at 21:20 CST by woody • Comment in the Forums

  It’s time to get caught up on your Microsoft patches.

  But there’s a problem. One of the patches is still causing problems – and we have several people posting here with details.

  Usually I try to use a green-light/red-light approach: either I recommend that you avoid all of the current patches, or I recommend that you install all of them. Keeping track of individual patches is a headache for most of you – and I don’t blame you for not wanting to sift through Microsoft’s detritus.

  This month, though, I really don’t have much of an option. The other December 2012 Black Tuesday patches are working well enough, and I figure you really should get them installed. 

  So here’s what I recommend. Go ahead and install all of the outstanding Microsoft patches EXCEPT MS12-078, which is identified in your Update list as KB 2753842. I haven’t heard of any real-world exploits that take advantage of that security hole, but I sure have heard a lot of wailing from people who have been zapped by it.

  While you’re thinking of it, if you run Internet Explorer 6, 7 or 8 (Nota Bene: if you have Windows XP, you are running IE 6, 7 or 8), you need to apply a Microsoft Fixit to plug a gaping hole in IE that’s currently being exploited. 

  A far better solution is to upgrade to IE 9, but if you have Windows XP that isn’t an option.

  To apply the Fixit, go to the Microsoft Security Advisory page, KB 2794220, scroll down and click on the first Fixit link that you see. (The second Fixit on the page is very poorly marked, but it’s the Fixit that undoes the first Fixit.) That’ll run a very simple program that plugs the security hole in IE 6, 7 and 8.

  To recap: Install all outstanding Microsoft patches, except MS12-078 / KB 2753842. And if you’re using IE 6, 7 or 8, and can’t upgrade to IE 9, run the Fixit.

  I’m moving us down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  Oh. One other important note. Usually Susan Bradley’s Patch Watch column in Windows Secrets Newsletter only appears in the paid version. (In a unique twist, you get to decide how much you want to pay for a subscription.) This week, though, Patch Watch appears in the free and online versions of the newsletter. If you’ve never read Susan’s columns, you should take a look. They’re by far the best source of understandable, detailed, unbiased advice about Microsoft patches you’ll find anywhere.

   

  Windows Patches/Security IE 0day, KB 2753842, KB 2794220, MS12-078, Susan Bradley

• Microsoft re-issues botched Black Tuesday patch

  Posted on December 22, 2012 at 00:20 CST by woody • Comment in the Forums

  It only took them nine days to fix MS12-078/KB 2753842 – but why didn’t they catch the problem in testing?

  InfoWorld Tech Watch.

  Windows Patches/Security December 2012 Black Tuesday, KB 2753842, MS12-079

• Buggy Microsoft patch causing fonts to disappear

  Posted on December 14, 2012 at 20:39 CST by woody • Comment in the Forums

  In CorelDRAW, Quark Xpress and Flexi.

  A more detailed explanation of the MS12-078/KB 2753842 debacle in InfoWorld Tech Watch.

  Windows Patches/Security disappearing fonts, KB 2753842, MS12-078

• Problem with KB 2753842

  Posted on December 14, 2012 at 19:03 CST by woody • Comment in the Forums

  If you didn’t follow my advice, and you installed KB 2753842 – one of this month’s Black Tuesday patches, MS12-078 – and you use CorelDRAW on a 64-bit Win7 system, you probably lost some fonts.

  Gary G, posting on the CorelDRAW forum, nailed it.

  It’s another buggy patch that’s only fixed by backing out to a restore point.

  Folks, no matter what you read online, Microsoft distributes buggy patches through Automatic Update, like clockwork – sometimes minor bugs like this one, sometimes big bugs. I figure they’re running one stinker every-other month, on average, if you don’t count the .NET patches – which are always cesspools.

  If you wait two or three weeks to install new patches, you’ll be able to draw on the experiences of millions of testers. 

  Or, you can take the advice of the so-called experts, let Microsoft install its patches whenever it rolls them down the Automatic Update chute, and lose your CorelDRAW fonts. This month. Heaven knows what’ll happen next month.

  Windows Patches/Security KB 2753842