Newsletter Archives

  • MS-DEFCON 3: Get patched now

    Posted on July 30, 2009 at 11:01 CDT by Comment in the Forums

    With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s time to get everything patched.

    Rub your lucky rabbit’s foot, bend over and kiss your keester, and install all of Microsoft’s outstanding patches. Yes, that includes the killbit patches I’ve been moaning about, and the patches Microsoft released two days ago. Susan Bradley’s Top Story in Windows Secrets Newsletter, released about an hour ago, convinced me that the bad guys are hovering, and a rash of infectious junk is about to hit the fan.

    Specifically, you should install Windows Vista Service Pack 2/KB 948645 , the .NET Framework patch, KB 951847 , Office 2007 Service Pack 2 / KB 953195 , Windows XP Service Pack 3, KB 936929 , the old killbit patch KB 960715 , and the two new ones, MS09-034 / KB 972260, and MS09-035 / KB 969706.

    If you get repeated notifications to install the killbit patches, check out this workaround.

    Microsoft has screwed up the killbit patches so much that you may well break some of your old applications, but the fact that the security holes go all the way into the libraries means there are thousands of newly discovered infectious vectors. The only way you’re going to guard against them is by applying Microsoft’s horrendous updates. You can thank Microsoft’s use of ActiveX for that.

    Do me a favor and boycott Internet Explorer, OK? Use Firefox. We’ll both sleep better at night.

    We’re at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Get all caught up, and stay tuned for more fixes, as a result of disclosures at the conference.

    Windows Patches/Security , , , , , , , , , , , , , ,

  • MS-DEFCON 2: Office 2007 Pack 2 is up – avoid all patches for now

    Posted on April 30, 2009 at 09:22 CDT by Comment in the Forums

    I’m raising us to MS-DEFCON 2:

    Hot on the heels of Office 2007 Service Pack 2 / KB 953195, Microsoft has just released Windows Vista Service Pack 2 [* to manufacturing – expect to see it widely available at some indeterminate point in the not-too-distant future].

    About a week ago, Microsoft started “pushing” Internet Explorer 8 via Automatic Update.

    I strongly recommend that you HOLD OFF on all three. IE 8 has been through the wringer, and I remain ambivalent about installing it, but the other two patches haven’t been out in the wild long enough to see what problems crop up.

    Because of the two new patches and the third that’s long in the tooth but still unproven, we’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    UPDATE: *Man, am I embarrassed. I’ve been knee-deep in Windows 7 stuff, and erroneously reported that Vista SP2 is out in the wild. It isn’t. Microsoft announced that Vista SP2 is complete – it’s been “released to manufacturing” (precisely what is being “manufactured” isn’t at all clear, but I digress). “We expect Windows Vista and Windows Server 2008 SP2 to be publicly available in Q2 2009.”

    … as I go slinking back to my Windows 7 hovel, tail firmly between legs…

    I feel that the pushing of Office 2007 Service Pack 2 and Internet Explorer 8, though, warrant staying at MS-DEFCON 2.

    Windows Patches/Security , , , , , ,

  • Office 2007 Service Pack 2 is up – avoid it for now

    Posted on April 29, 2009 at 04:48 CDT by Comment in the Forums

    If you’re feeling lucky, Microsoft just posted Office 2007 Service Pack 2 / KB 953195. It’s a massive update, with hundreds of fixes and a handful of improvements.

    For most of us, the main things we’ll notice are save as PDF support (which has always been available via a separate download; now it’s native) and many tweaks to Outlook and Excel. The one I look forward to the most is the promise that Outlook 2007 SP 2 “greatly reduces the number of scenarios in which you receive the following error message when you start Outlook: The data file ‘file name’ was not closed properly. This file is being checked for problems.” I see that message far too often.

    There’s nothing earth shattering in SP2. No need to install it now. Let the pioneers get the arrows in their backs first.

    UPDATE: There’s a thorough discussion of Office 2007 SP2 on the Office Sustained Engingeering blog. Thanks to MR for the heads-up.

    Office Patches/Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.