Newsletter Archives

• MS-DEFCON 3: Get patched now

  Posted on July 30, 2009 at 11:01 CDT by woody • Comment in the Forums

  With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s time to get everything patched.

  Rub your lucky rabbit’s foot, bend over and kiss your keester, and install all of Microsoft’s outstanding patches. Yes, that includes the killbit patches I’ve been moaning about, and the patches Microsoft released two days ago. Susan Bradley’s Top Story in Windows Secrets Newsletter, released about an hour ago, convinced me that the bad guys are hovering, and a rash of infectious junk is about to hit the fan.

  Specifically, you should install Windows Vista Service Pack 2/KB 948645 , the .NET Framework patch, KB 951847 , Office 2007 Service Pack 2 / KB 953195 , Windows XP Service Pack 3, KB 936929 , the old killbit patch KB 960715 , and the two new ones, MS09-034 / KB 972260, and MS09-035 / KB 969706.

  If you get repeated notifications to install the killbit patches, check out this workaround.

  Microsoft has screwed up the killbit patches so much that you may well break some of your old applications, but the fact that the security holes go all the way into the libraries means there are thousands of newly discovered infectious vectors. The only way you’re going to guard against them is by applying Microsoft’s horrendous updates. You can thank Microsoft’s use of ActiveX for that.

  Do me a favor and boycott Internet Explorer, OK? Use Firefox. We’ll both sleep better at night.

  We’re at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  Get all caught up, and stay tuned for more fixes, as a result of disclosures at the conference.

  Windows Patches/Security KB 936, KB 948645, KB 951847, KB 953195, KB 960715, KB 969706, KB 972260, killbit, Killbit patch, MS09-034, MS09-035, NET Framework patch, Office 2007 Service Pack 2, Windows Vista Service Pack 2, Windows XP Service Pack 3

• MS-DEFCON 4: Get patched, but avoid these stinkers

  Posted on June 5, 2009 at 06:09 CDT by woody • Comment in the Forums

  With ten patches on the way next Tuesday, and many of the problems with older patches fixed, it’s time to get patched up. Unfortunately, there’s a long list of  problematic patches that you should studiously avoid.

  Here are the ones I suggest you pass by:

  Windows Vista Service Pack 2/KB 948645 is causing problems. Dennis O’Reilly talks about some of them in the latest Windows Secrets Newsletter. There’s no pressing need to install Vista SP2, and the PC you toast may be your own. Hold off for now. If you really want to install SP2 and it isn’t offered by Automatic Update, check out KB 948343 for a list of potential problems. Worth noting: that KB article is up to version 14.0. And you trust this stuff?

  Office 2007 Service Pack 2 / KB 953195 has a few problems – just look at the “Known Issues” list at the end of the KB article. Again, there isn’t enough new stuff to justify putting your computer at risk. Patience.

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. The Knowledge Base article is up to version 5.0. This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  Sorry to leave you with such a patchwork quilt of good and problematic patches, but I think you’d be well advised to apply all outstanding patches except the ones listed above.

  Office Patches/Security, Windows Patches/Security ActiveX killbit, Conficker, IE 8, Internet Explorer 8, KB 936929, KB 948343, KB 948645, KB 950718, KB 951847, KB 953195, KB 960715, KB 967715, NET Framework patch, Office 2007 SP2, Vista SP2, Windows XP SP3

• Where are we with the patches?

  Posted on April 30, 2009 at 14:36 CDT by woody • Comment in the Forums

  Reader BH writes:

  Before the current MS update release on Tuesday you were at Defcon 4
  and stated to install the patches. Did that statement include:

  Microsoft.NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)

  KB952004

  KB956572

  KB959426

  KB960803

  Update Rollup for Actice X Killbit for Windows Vista (KB960715)

  I have been sitting on these for awhile and wish to know what to do with them.

  Your post regarding loading the patches did not specify the above and all along you have been stating not to load the Net Framework and Active X Killbit updates for some time now.

  I follow your MS-DEFCON and only load when you say so and I would guess many others follow the same procedure. Wish you would incorporate a chart with each to the updates listed and what to do with them. It would only involve the lastest listing plus those from past months  that you do not wish us to update.

  Wish I had time to do that! But it would be a monstrous task.

  Here’s what I recommend:

  I’m still ambivalent about KB951847. It breaks a lot of stuff. The ActiveX Killbit rollup also breaks a lot of stuff. I talk about both here.

  KB952004 and KB956572 are MS09-012. You should’ve installed that already, but if you haven’t, wait.

  KB959426 is MS09-015. Same comment.

  KB960803 is MS09-013, part of the massive Internet Explorer patch. Same comment, especially if you use Firefox.

  In general, if you follow the MS-DEFCON level, you’ll apply patches when they’re safe, and avoid applying patches when they aren’t. There are always a few stinkers – the ActiveX Killbit and .NET Framework patches fall into that category – but by and large you can apply the patches, when they’re fully baked, en masse.

  For now, hold off.

  Windows Patches/Security KB 951847, KB 952004, KB 956572, KB 959426, KB 960715, KB 960803

• MS-DEFCON 4: Watch out, but go ahead and install April patches

  Posted on April 24, 2009 at 08:52 CDT by woody • Comment in the Forums

  The crop of April Black Tuesday patches looks reasonably stable. The SANS Internet Storm Center reports that Symantec has raised an alert about possible MS09-013 / KB 960803 based infections – “but it could also be old vulnerabilities from 2002 (both Apache and IIS).” MS09-013 and MS09-014 are the (now expectable) monthly humongous Internet Explorer patches.

  There are known problems with all of the following:

  MS09-010 / KB 960477 Wordpad and Office converter patches may refuse to install, and they change the way Wordpad handles Word 6 and Write files. When you install this patch, go ahead and install the new Office Compatibility Pack immediately after. I haven’t seen any advice as to whether the new Compatibility Pack eliminates the need to install MS09-010 or not, so to be safe, install the patch, then the new converters.

  MS09-014 / KB 963027, the massive Internet Explorer patch, may trigger a bogus “Connection Denied” message which requires a Registry change to eliminate. Of course, you’re using Firefox, so you aren’t overly concerned. Go ahead and patch.

  MS09-015 / KB 959426 has an interesting problem: if you install the patch on a Windows 2000 computer, you have to dig into the Registry to make the patch work. Kinda makes me feel warm and fuzzy about the testing that goes into these patches…

  At any rate, I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  I still recommend that you HOLD OFF on these patches:

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  Uncategorized, Windows Patches/Security April Black Tuesday, Internet Explorer 8, KB 936929, KB 950718, KB 951847, KB 959426, KB 960477, KB 960715, KB 960803, KB 963027, KB 967715

• MS-DEFCON 2: Where we stand

  Posted on April 2, 2009 at 06:55 CDT by woody • Comment in the Forums

  Sanda posted this:

  What about KB960715 which was on hold awhile back. It is still being “offered” to me. Do we “do it” or let it still stay on hold? (I may have missed a post about it.)

  I still say hold off. KB 960715 – the killbit patch – breaks many programs. It isn’t worth installing. Microsoft’s next gigantic IE patch should eliminate the need for setting the killbits.

  Bottom line: If you’ve been following along here, and you applied the February patches, hold off on everything available, except the Windows Defender update, the Junk Mail Filter update(s), and the Malicious Software Removal Tool.

  Reader JS writes:

  Woody, I have been slow to move on SP3. Now with this new virus, I wondering whether I should go ahead with the update? I’ve also held off certain updates in the past based on your “stop-light system” and your update listings. I’m not a major computer user….just email, web searches, word processing…the basic stuff. What you think? Love your tech books !!!

  If you haven’t been following along here, and you haven’t applied patches (such as Windows XP Service Pack 3) for a long time, get patched up. Apply every patch out there. And do it now. It’s better to get completely patched than to have one of the “low hanging fruit” security holes present on your system.

  I’m still ambivalent about Windows XP Service Pack 3, in particular: if you’ve been keeping your system patched, it has very little to offer. But if you haven’t patched in many months, you should apply SP3 and everything else you can get your hands on. (Except for hardware driver patches, which are a different can of worms entirely.)

  Once you’ve gotten your system patched, keep an eye out here for the latest updates. It could save you a lot of headache.

  Windows Patches/Security KB 960715, Windows XP SP3

• Apply most patches – but avoid two

  Posted on March 5, 2009 at 22:20 CST by woody • Comment in the Forums

  To recap my recent recommendations…

  I recommend that you install all currently available Windows and Office security patches, except these two:

  The KB 960715 killbit patch, which seems to zap some programs, and
  The Autorun patch, KB article 953252 for Vista and KB article 967715 for WinXP, 2000, and Server 2003.

  Other than that, patch away.

  Windows Patches/Security February 2009 Black Tuesday, KB 953252, KB 960715, KB 967715

• MS-DEFCON 3: Apply all outstanding patches except the 960715 killbit patch

  Posted on February 25, 2009 at 13:41 CST by woody • Comment in the Forums

  The February Security Bulletin patches seem to be holding up pretty well. I haven’t heard any loud screams of pain. There are also exploits starting to circulate in the wild that take advantage of the patches security holes.

  So I recommend that you install all outstanding Windows and Office patches, except for the KB 960715 Killbit patch. (What’s a killbit? Yuhong Bao has a great synopsis posted in response to my earlier blog.)

  I’m tremulously upgrading us to MS-DEFCON 3, with the warning that you should avoid KB 960715: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  Windows Patches/Security February 2009 Black Tuesday, KB 960715, killbit, MS-DEFCON 3