Newsletter Archives

  • MS-DEFCON 3: Get patched now

    Posted on July 30, 2009 at 11:01 CDT by Comment in the Forums

    With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s time to get everything patched.

    Rub your lucky rabbit’s foot, bend over and kiss your keester, and install all of Microsoft’s outstanding patches. Yes, that includes the killbit patches I’ve been moaning about, and the patches Microsoft released two days ago. Susan Bradley’s Top Story in Windows Secrets Newsletter, released about an hour ago, convinced me that the bad guys are hovering, and a rash of infectious junk is about to hit the fan.

    Specifically, you should install Windows Vista Service Pack 2/KB 948645 , the .NET Framework patch, KB 951847 , Office 2007 Service Pack 2 / KB 953195 , Windows XP Service Pack 3, KB 936929 , the old killbit patch KB 960715 , and the two new ones, MS09-034 / KB 972260, and MS09-035 / KB 969706.

    If you get repeated notifications to install the killbit patches, check out this workaround.

    Microsoft has screwed up the killbit patches so much that you may well break some of your old applications, but the fact that the security holes go all the way into the libraries means there are thousands of newly discovered infectious vectors. The only way you’re going to guard against them is by applying Microsoft’s horrendous updates. You can thank Microsoft’s use of ActiveX for that.

    Do me a favor and boycott Internet Explorer, OK? Use Firefox. We’ll both sleep better at night.

    We’re at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Get all caught up, and stay tuned for more fixes, as a result of disclosures at the conference.

    Windows Patches/Security , , , , , , , , , , , , , ,

  • MS-DEFCON 3: Apply all outstanding patches except the 960715 killbit patch

    Posted on February 25, 2009 at 13:41 CST by Comment in the Forums

    The February Security Bulletin patches seem to be holding up pretty well. I haven’t heard any loud screams of pain. There are also exploits starting to circulate in the wild that take advantage of the patches security holes.

    So I recommend that you install all outstanding Windows and Office patches, except for the KB 960715 Killbit patch. (What’s a killbit? Yuhong Bao has a great synopsis posted in response to my earlier blog.)

    I’m tremulously upgrading us to MS-DEFCON 3, with the warning that you should avoid KB 960715: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Windows Patches/Security , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.