Newsletter Archives

• MS-DEFCON 4: Get patched, but avoid these stinkers

  Posted on June 5, 2009 at 06:09 CDT by woody • Comment in the Forums

  With ten patches on the way next Tuesday, and many of the problems with older patches fixed, it’s time to get patched up. Unfortunately, there’s a long list of  problematic patches that you should studiously avoid.

  Here are the ones I suggest you pass by:

  Windows Vista Service Pack 2/KB 948645 is causing problems. Dennis O’Reilly talks about some of them in the latest Windows Secrets Newsletter. There’s no pressing need to install Vista SP2, and the PC you toast may be your own. Hold off for now. If you really want to install SP2 and it isn’t offered by Automatic Update, check out KB 948343 for a list of potential problems. Worth noting: that KB article is up to version 14.0. And you trust this stuff?

  Office 2007 Service Pack 2 / KB 953195 has a few problems – just look at the “Known Issues” list at the end of the KB article. Again, there isn’t enough new stuff to justify putting your computer at risk. Patience.

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. The Knowledge Base article is up to version 5.0. This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  Sorry to leave you with such a patchwork quilt of good and problematic patches, but I think you’d be well advised to apply all outstanding patches except the ones listed above.

  Office Patches/Security, Windows Patches/Security ActiveX killbit, Conficker, IE 8, Internet Explorer 8, KB 936929, KB 948343, KB 948645, KB 950718, KB 951847, KB 953195, KB 960715, KB 967715, NET Framework patch, Office 2007 SP2, Vista SP2, Windows XP SP3

• Problem with Vista SP2 and Kaspersky Internet Security

  Posted on May 31, 2009 at 07:31 CDT by woody • Comment in the Forums

  Reader P wrote with a warning about installing Vista Service Pack 2:

  I just got bit by Microsoft Vista SP2 update. I took a backup before I installed Vista SP2 just to be safe and guess what after 15 minutes of using the new SP2 software I got a blue screen with the error code of 7B. Tried Vista repair using my Vista SP1 CD and was informed that no fix existed.

  Then later…

  Hi Woody, turns out that Kaspersky Internet Security 2009 was the cause of the problem. After deleting KIS 2009 I managed to install Vista SP2 successfully.

  There’s a detailed discussion on the Kaspersky Lab site.

  At the risk of repeating myself, I do NOT recommend that you install Vista Service Pack 2 just yet. There are bound to be lots of niggling problems.

  We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Windows Patches/Security BSOD 7B, error 7B, Kaspersky, Vista SP2

• MS-DEFCON 2: Office 2007 Pack 2 is up – avoid all patches for now

  Posted on April 30, 2009 at 09:22 CDT by woody • Comment in the Forums

  I’m raising us to MS-DEFCON 2:

  Hot on the heels of Office 2007 Service Pack 2 / KB 953195, Microsoft has just released Windows Vista Service Pack 2 [* to manufacturing – expect to see it widely available at some indeterminate point in the not-too-distant future].

  About a week ago, Microsoft started “pushing” Internet Explorer 8 via Automatic Update.

  I strongly recommend that you HOLD OFF on all three. IE 8 has been through the wringer, and I remain ambivalent about installing it, but the other two patches haven’t been out in the wild long enough to see what problems crop up.

  Because of the two new patches and the third that’s long in the tooth but still unproven, we’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  UPDATE: *Man, am I embarrassed. I’ve been knee-deep in Windows 7 stuff, and erroneously reported that Vista SP2 is out in the wild. It isn’t. Microsoft announced that Vista SP2 is complete – it’s been “released to manufacturing” (precisely what is being “manufactured” isn’t at all clear, but I digress). “We expect Windows Vista and Windows Server 2008 SP2 to be publicly available in Q2 2009.”

  … as I go slinking back to my Windows 7 hovel, tail firmly between legs…

  I feel that the pushing of Office 2007 Service Pack 2 and Internet Explorer 8, though, warrant staying at MS-DEFCON 2.

  Windows Patches/Security Internet Explorer 8, KB 953195, KB 955430, Office 2007 Service Pack 2, Office 2007 SP2, Vista SP2, Windows Vista Service Pack 2