Newsletter Archives

• MS-DEFCON 4: Get patched, but avoid these stinkers

  Posted on June 5, 2009 at 06:09 CDT by woody • Comment in the Forums

  With ten patches on the way next Tuesday, and many of the problems with older patches fixed, it’s time to get patched up. Unfortunately, there’s a long list of  problematic patches that you should studiously avoid.

  Here are the ones I suggest you pass by:

  Windows Vista Service Pack 2/KB 948645 is causing problems. Dennis O’Reilly talks about some of them in the latest Windows Secrets Newsletter. There’s no pressing need to install Vista SP2, and the PC you toast may be your own. Hold off for now. If you really want to install SP2 and it isn’t offered by Automatic Update, check out KB 948343 for a list of potential problems. Worth noting: that KB article is up to version 14.0. And you trust this stuff?

  Office 2007 Service Pack 2 / KB 953195 has a few problems – just look at the “Known Issues” list at the end of the KB article. Again, there isn’t enough new stuff to justify putting your computer at risk. Patience.

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. The Knowledge Base article is up to version 5.0. This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  Sorry to leave you with such a patchwork quilt of good and problematic patches, but I think you’d be well advised to apply all outstanding patches except the ones listed above.

  Office Patches/Security, Windows Patches/Security ActiveX killbit, Conficker, IE 8, Internet Explorer 8, KB 936929, KB 948343, KB 948645, KB 950718, KB 951847, KB 953195, KB 960715, KB 967715, NET Framework patch, Office 2007 SP2, Vista SP2, Windows XP SP3

• MS-DEFCON 4: Watch out, but go ahead and install April patches

  Posted on April 24, 2009 at 08:52 CDT by woody • Comment in the Forums

  The crop of April Black Tuesday patches looks reasonably stable. The SANS Internet Storm Center reports that Symantec has raised an alert about possible MS09-013 / KB 960803 based infections – “but it could also be old vulnerabilities from 2002 (both Apache and IIS).” MS09-013 and MS09-014 are the (now expectable) monthly humongous Internet Explorer patches.

  There are known problems with all of the following:

  MS09-010 / KB 960477 Wordpad and Office converter patches may refuse to install, and they change the way Wordpad handles Word 6 and Write files. When you install this patch, go ahead and install the new Office Compatibility Pack immediately after. I haven’t seen any advice as to whether the new Compatibility Pack eliminates the need to install MS09-010 or not, so to be safe, install the patch, then the new converters.

  MS09-014 / KB 963027, the massive Internet Explorer patch, may trigger a bogus “Connection Denied” message which requires a Registry change to eliminate. Of course, you’re using Firefox, so you aren’t overly concerned. Go ahead and patch.

  MS09-015 / KB 959426 has an interesting problem: if you install the patch on a Windows 2000 computer, you have to dig into the Registry to make the patch work. Kinda makes me feel warm and fuzzy about the testing that goes into these patches…

  At any rate, I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  I still recommend that you HOLD OFF on these patches:

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  Uncategorized, Windows Patches/Security April Black Tuesday, Internet Explorer 8, KB 936929, KB 950718, KB 951847, KB 959426, KB 960477, KB 960715, KB 960803, KB 963027, KB 967715

• What to do about KB 967715?

  Posted on March 17, 2009 at 06:45 CDT by woody • Comment in the Forums

  Reader TJ writes:

  Currently I’m a bit fuzzy on your recent post on KB967715 as whether to install now or wait. I do use the “shift” key, but am not clear as to install now or not. Could you please be a bit more specific on this in one of your next blogs? ( have to remember, I an xp dummy—-lol).

  Good question.

  Right now, I recommend most users remember to push the Shift key when inserting any kind of memory into an XP computer – USB drive, the SD card from your camera, even a CD or DVD.

  People in a corporate environment aren’t so lucky. Companies can’t expect eveybody to hold down the Shift key – and they’re paying for it.

  The definitive articles on the topic, in my opnion, are the two Susan Bradley wrote for Windows Secrets Newsletter. Her March 5 Top Story AutoRun patch a long time coming for XP users describes the patch and its shortcomings. Her March 12 follow-on article Microsoft flubs a way to disable AutoRun in XP tells you where Microsoft went wrong – and how to fix it.

  The bottom line is that it’s a LOT of work to get XP to disable AutoRun. Ain’t worth the effort for people who are smart enough to hold down Shift. But you HAVE to remember to hold down the Shift key every time you insert memory.

  Uncategorized, Windows Patches/Security autorun, KB 967715, Shift key, Windows XP

• The AutoRun patch, KB 967715, is a mess

  Posted on March 10, 2009 at 15:46 CDT by woody • Comment in the Forums

  Last week, I warned you about installing the KB 967715 patch – the one that’s supposed to fix the AutoRun/AutoPlay stupidities that have allowed the Conficker worm to multiply. (Remember, this is the worm that has drawn a $250,000 bounty from Microsoft – and the folks at MS can’t even plug one of its simplest infection vectors.)

  This week, Susan Bradley has analyzed the patch, and it’s a complete mess. She has posted instructions for fixing the AutoRun/AutoPlay debacle – manual instructions which you should follow after installing the KB 967715 patch, if you should be motivated to install the patch.

  For now, I continue to recommend that you avoid the KB 967715 patch like the plague it is. Remember to hold down the Shift key when you stick a USB drive (or SD card) in your computer, and you’ll be safe. That isn’t a good permanent solution, but as a temporary stopgap, it works.

  Windows Patches/Security Botched patch, KB 967715

• Apply most patches – but avoid two

  Posted on March 5, 2009 at 22:20 CST by woody • Comment in the Forums

  To recap my recent recommendations…

  I recommend that you install all currently available Windows and Office security patches, except these two:

  The KB 960715 killbit patch, which seems to zap some programs, and
  The Autorun patch, KB article 953252 for Vista and KB article 967715 for WinXP, 2000, and Server 2003.

  Other than that, patch away.

  Windows Patches/Security February 2009 Black Tuesday, KB 953252, KB 960715, KB 967715