Newsletter Archives

• Black Tuesday update

  Posted on June 14, 2012 at 10:49 CDT by woody • Comment in the Forums

  There’s been a lot of hubub about last Tuesday’s Microsoft patches.

  The best piece of advice: DON’T use Internet Explorer – it’s been compromised once again, and apparently the exploit is widely distributed.

  Tellingly, the only Black Tuesday patch to win ISC Storm Center‘s “Patch Now” status is the IE patch.

  I see some advice from antivirus companies to install the other patches, but I don’t buy it. The .NET exploit might be a problem, but I haven’t heard of any active attacks on .NET – and patching .NET is always so much fun.

  Keep your powder dry. I’m leaving us at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Windows Patches/Security Internet Explorer, June 2012 Black Tuesday, NET

• It’s time to run .NET out of town

  Posted on May 24, 2012 at 18:19 CDT by woody • Comment in the Forums

  Microsoft can’t get their act together. Patching .NET is always a hassle. It’s time for developers to throw in the towel and choose an alternative that works.

  InfoWorld Tech Watch.

  Windows Patches/Security botched patches, NET

• MS-DEFCON 4: Pass on a couple of patches

  Posted on July 10, 2011 at 06:57 CDT by woody • Comment in the Forums

  I’m moving to MS-DEFCON 4. If you’re willing to trudge through the details, you should apply most outstanding Microsoft patches. If you don’t want the headache, you can safely pass on the June Black Tuesday patches – for now.

  Susan Bradley has an excellent roundup of the problems with the .NET patches in her Windows Secrets article. There are two .NET patches in this group, MS11-039 and MS11-044. They’ve spawned an evil mess of KB articles and, unfortunately, you have to wade through the KB numbers to get the right patches. These are the ones to avoid:

  XP: KB 2478656, KB 2478658, KB 2478663, KB 2518864, KB 2530095, and KB 2518870;

  Vista: KB 2478657, KB 2478659, and KB 2478663, KB 2518863, KB 2518865, and KB 2518870;

  Win7: KB 2478662, KB 2478663, KB 2518867, KB 2518870, and KB 2518869

  Like I said, it’s a mess. If you don’t want to fool around with individual patches, I say avoid the current round altogether: pick them up next month.

  At this point, I would also avoid Office 2010 Service Pack 1. There’s no benefit in it, if you’ve kept up on patching Office 2010.

  The other Microsoft patches look like they’re good to go.

  By all means, make sure you download and run the Malicious Software Removal program, and apply Microsoft Security Essentials updates.

  We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  Windows Patches/Security June 2011 Black Tuesday, NET
• Newer Entries »