Newsletter Archives

• MS-DEFCON 4: Get patched now

  Posted on November 6, 2009 at 04:10 CST by woody • Comment in the Forums

  True to form, October’s Black Tuesday patches had one major stinker: the Internet Explorer update MS09-054 was so bad that Microsoft had to release a patch to the patch. Matter of fact, they rolled two patches to the patch into one patched patch.

  Got that?

  Knowledge Base article 976749 describes the carnage. If you’ve already applied MS09-054/KB  974455 (but you haven’t, right?), then you need to apply KB 976749. But if you mistakenly apply the patch to the patch (KB 974455) before you apply the patch itself (MS09-054/KB 976749), you break Internet Explorer.

  Fun ‘n games. There have also been major changes to MS09-050 (which was changed just yesterday), MS09-056 (the associated KB article is up to version 7.1), and MS09-062.

  Anyway, the bottom line is that it now appears safe to apply all the outstanding Windows and Office patches. That includes those of you running Windows 7.

  Get your machines brought up to speed because there’s six more Security Bulletins coming next Tuesday.

  I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  Windows Patches/Security KB 976749, MS09-050, MS09-054, MS09-056, MS09-062, October 2009 Black Tuesday

• We’re still at MS-DEFCON 2

  Posted on October 23, 2009 at 08:18 CDT by woody • Comment in the Forums

  I still strongly recommend that you do NOT apply the October Black Tuesday patches.

  Susan Bradley’s Patch Watch column in this week’s Windows Secrets Newsletter describes known problems with MS09-054, MS09-056, MS09-058, MS09-061, and MS09-062.

  Oy.

  MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Uncategorized MS09-054, MS09-056, MS09-058, MS09-061, MS09-062

• MS09-054 patch zaps Firefox

  Posted on October 17, 2009 at 07:14 CDT by woody • Comment in the Forums

  Now it looks like this round of patches includes one, MS09-054, that messes up Firefox.

  If you have .NET Framework 3.5 SP1 installed, and you use Firefox, you’re opening up your system to all sorts of mayhem. The mayhem was supposed to be plugged by MS09-054, but it only made the situation worse. The problem? A Firefox plug-in that Microsoft installs called the Windows Presentation Foundation.

  Just in from the SANS Internet Storm Center:

  if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled “How to remove the .NET Framework Assistant for Firefox“

  UPDATE: Ryan Naraine at ZDNet has the details. Yes, Microsoft installed a “patch” with a security hole that affects Firefox. If you have automatic updates turned on, or you got fooled into installing MS09-054, you have to go into Firefox and manually turn off the bleeding add-on that Microsoft surreptitiously put on your computer.

  REALLY COOL UPDATE:

  I just re-started Firefox and it caught the two suckers. “Firefox has determined that the following add-ons are known to cause stability or security problems.” The culprits: .NET Framework Assistant and Windows Presentation Foundation. Both are blocked by default. Restart Firefox and you’ll be rid of the pests.

  Take THAT Microsoft…

  ANOTHER UPDATE: One reader left a comment about this patch, and I wanted to clarify. Yes, indeed, this patch was supposed to fix the earlier security hole created when Microsoft took it upon itself to install the .NET Framework Assistant in Firefox. (I cried about that patch in a blog entry four months ago.) While MS09-054 was supposed to fix the hole in Firefox introduced by Microsoft, it’s much smarter to simply disable Microsoft’s .NET Framework Assistant for Firefox. That’s exactly what Firefox has done. (Indeed, it’s what Microsoft recommended!) It isn’t clear, at this point, if MS09-054 makes the problem worse or not – thus the markthrough edits to the beginning of this post.

  Windows Patches/Security .NET Framework, Firefox, MS09-054, Windows Presentation Foundation