Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • MS-DEFCON 3: Get patched now

    Posted on July 30th, 2009 at 11:01 woody 20 comments

    With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s time to get everything patched.

    Rub your lucky rabbit’s foot, bend over and kiss your keester, and install all of Microsoft’s outstanding patches. Yes, that includes the killbit patches I’ve been moaning about, and the patches Microsoft released two days ago. Susan Bradley’s Top Story in Windows Secrets Newsletter, released about an hour ago, convinced me that the bad guys are hovering, and a rash of infectious junk is about to hit the fan.

    Specifically, you should install Windows Vista Service Pack 2/KB 948645 , the .NET Framework patch, KB 951847 , Office 2007 Service Pack 2 / KB 953195 , Windows XP Service Pack 3, KB 936929 , the old killbit patch KB 960715 , and the two new ones, MS09-034 / KB 972260, and MS09-035 / KB 969706.

    If you get repeated notifications to install the killbit patches, check out this workaround.

    Microsoft has screwed up the killbit patches so much that you may well break some of your old applications, but the fact that the security holes go all the way into the libraries means there are thousands of newly discovered infectious vectors. The only way you’re going to guard against them is by applying Microsoft’s horrendous updates. You can thank Microsoft’s use of ActiveX for that.

    Do me a favor and boycott Internet Explorer, OK? Use Firefox. We’ll both sleep better at night.

    We’re at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Get all caught up, and stay tuned for more fixes, as a result of disclosures at the conference.

    Windows Patches/Security , , , , , , , , , , , , , ,
     

    20 responses to “MS-DEFCON 3: Get patched now”

    1. J July 30th, 2009 at 18:08

      So is it OK to install Internet Explorer 8? If so, how should I configure IE8 for maximum protection? I am using Firefox, so I want to set up IE8 so I don’t have to worry about it.

    2. rc primak July 31st, 2009 at 04:20

      Woody, you will let us know if any widespread problems result in such products as F-Secure Blacklight or AVG, won’t you?

    3. slacker July 31st, 2009 at 07:09

      Does this include the optional software, or just the high priority.
      Thanks

    4. sanda July 31st, 2009 at 07:25

      I do not understand what it says in the link re killbit patch,so can’t I just install the other
      things until you are clear in answering this question: should we install the killbit patch as offered, from the patch icon?KB973346

      Meanwhile, I’ll install the rest.

    5. EP July 31st, 2009 at 22:19

      Forget the old ActiveX Killbit KB960715 update.
      What about the latest Killbit MS09-032/KB973346 update? Uh, you do know that KB973346 is cumulative and replaces KB969898, KB960715 and older killbit patches, right?

    6. rc primak August 1st, 2009 at 00:30

      Woody –

      I did as you advised and went (manually) to MS Updates to download and install all outstanding MS Updates. I unhid several updates which you had previously advised us not to install. But not all the MS Updates downloaded.

      I was only able to get KB 971633 (DirectShow) by first undoing a MS Fixit which you have recommended, then going to the downloads from MS TechNet for a direct stand-alone installation of this patch. The same thing happened (without undoing any Fixits) with KB 961371 (OpenType Font Engine). But then things got weirder.

      I have not even been offered the Out-of-Band ATL Patch (MS09-035/ KB 969706). I have not found any place from which to download this patch as a stand-alone.

      All other MS Updates did download and install perfectly fine, including the other Active X Killbits Patches.

      Is there any alternate site or page from which I can manually download and install the ATL Patch (MS09-035/ KB 969706)? What else may have gone wrong here? Should I undo one or all of the previous MS Fixits for the Active X issues (and which Fixits are these)?

      Secunia Software Inspector (PSI Desktop Application) now shows no insecure programs or components. (Score 100 percent) Is this a reliable indicator that I am in fact fully patched regarding MS Updates?

      For now, I intend simply to keep my security programs up to date and use Firefox as my browser, and watch for anything which looks like it shouldn’t be happening on my laptop. I run Windows XP Professional, SP3.

      BTW, when updating to the latest version of Flash Player, the installer left behind an Active X Control in the Windows/System32/Macromedia/Flash folder, which I had to remove using a specialized File Shredder, as the Control seems to have been hidden from the Windows Explorer GUI/API. I strongly recommend completely removing the old version (with RevoUninstaller or something equally thorough) before installing the new Flash Player version, to avoid this problem. Secunia PSI is sensitive to the old Control.

    7. rc primak August 1st, 2009 at 00:52

      Woody —

      In case my just-entered comment does get posted, I have additional information. I have a C++ ATL Patch also dated July 28, 2009 (just like KB 969706) but with a different KB Number (KB 973923). It looks like this is the KB Number for those who still have Visual Studio/ C++ 2005, not the 2008 version, as their C++ Runtime Environment. I bet a lot of us XP users still have that version. The KB Number on the Out-of-Band Pa tch seems to be different for us. I could not upgrade to C++ 2008 last time I tried. So maybe I am fully patched after all?

    8. rc primak August 1st, 2009 at 01:00

      Comment, Part Three:

      The MS09-035 Update, when I search for it at Microsoft’s web site, does indeed correspond to either of the two KB Numbers (KB 979706 or KB 973923). Which one yu are offered does indeed seem to depend upon which version of Visual Studio/ C++ Runtimes you have on your computer, at least for Windows XP users. So cancel the Search Party — I am up to date acording to Microsoft. Windows XP users with older C++ Runtimes should take note of my findings.

    9. woody August 1st, 2009 at 06:36

      I realize that it’s supposed to be cumulative, but I would only trust the Windows Update scan. There’s too much funny business with the killbits – some updates supercede the others. Susan Bradley has written about it.

    10. woody August 1st, 2009 at 06:41

      You should go into Windows Update and install all offered patches.

    11. woody August 1st, 2009 at 06:42

      Only high priority.

      You should only update drivers if there’s a problem with your current driver.

    12. woody August 1st, 2009 at 06:43

      Install it, update it, but don’t use it. Use Firefox.

    13. Tim August 1st, 2009 at 07:38

      Hey Woody-

      I did as directed, and all is well. I did find one patch for my video card that was hidden, but the last time I downloaded a Radeon patch it totally jacked-up my system, so I didn’t install that one.

      I wonder if I should though? I’m no good at these kinds of things.

      Anyway, thanks for all the help.

    14. maghullyback August 1st, 2009 at 21:11

      Wood Dog,

      Yesterday my £uc?+ng updates kept failing to install (error code 80246007) but when I tried today everything went okay. Best solution I’ve found is always turn commercial security suites OFF beforehand, and then download and install each individual update SEPARATELY. A major pain in the arse, but it seems to work this way every time. Yesterday I, erm, didn’t do it this way.

      I’ve had an idea about how to improve the Micro$oft updates system considerably. Permanently attach one of those tazer dog training collars around Bill Gates’ neck, but modify it so that every time a Windows machine – anywhere in the world – displays an error message, ole Billy Boy gets zapped. He’d instantly buck his ideas up and get things sorted, I reckon. Gatesian Response?

      Nice one Wood Dog.

    15. rc primak August 4th, 2009 at 03:52

      Tim –

      You should read the “MS DEFCON System” link at the top of this page and look look WAAAY down the page) at what Woody says about Microsoft Driver Updates (also known as “optional software” or “optional hardware” updates). Don’t do it — these usually will break your hardware Drivers. Instead, if you think you may need a driver update, go directly to the manufacturer’s web site and download their latest version. You will be glad you did it this way.

      maghullyback —

      Yes, security software, including firewalls, can wreak havoc with Microsoft Updates. Suspend or exit security programs once you are securely logged in to MS Updates (when you choose Custom or Express). It’s a bit risky to exit security software while on line, but this method minimizes the risk. When rebooting, remember to re-enable everything.

      Woody –

      My own updates went well, and I agree that the MS KB Number on MS09-035 was updated, but it is the same patch.

      One of my favorite security programs — Super Antispyware — couldn’t handle the MS Updates, and the SAS Updater started crashing with a BSOD (Kernel Driver Memory Leak). Maybe it’s also a Comodo Firewall issue, but I have for the time being switched to Malwarebytes, which updates and scans faster anyway and has predictive heuristics in each scan. I may never switch back.

      All else seems to be going well, except Secunia PSI still thinks Java Runtime (JRE) is insecure, with no existing patch or workaround. So it goes…

    16. Al August 5th, 2009 at 15:52

      Is there an ‘AskWoody for Dummies’ site? Generally I find your advice very useful and good, but when I see a link like yours of “…and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web…” which takes me to an 87-page PDF of gobbledy-gook (I cannot see ANY reference to your point about their advice on how to “bypass Microsoft’s killbit patches”) I do dispare! How about just a couple paras from you on how to do this? Or a link to an understandable instruction? Cheers.

    17. woody August 6th, 2009 at 06:14

      Al -

      Sorry. I should’ve been more clear. The detailed instructions posted on the Web are cookbook instructions for cracking Windows – intended for the bad guys.

      Right now, all you need to be concerned about is running through Windows Update and installing all the offered patches. It may take a while, but unfortunately it’s something you need to do…

    18. Barbara L August 11th, 2009 at 22:07

      Lat few days Internet Options wont open, so I can’t delete temp files and cookies. It seems since the install of KB973346 and KB961371 on 2 July 09. I dont want to restore as KB973346 looks important as I am on XP SP3 but do you think this is causing the IO not to open and how do I fix it. Thanks

    19. Peter Emsley August 15th, 2009 at 01:51

      Regarding anti virus software. I am currently using Mcafee. Can I also put the avg on my computer too?

    20. woody August 15th, 2009 at 05:48

      Peter -

      I have a long hate relationship with all of the big anti-everything packages. I strongly suggest that you get rid of McAfee, Norton, and any other package that claims to “do it all” in the protection racket.

      AVG Free works fine, and it’s free for personal use. Avira works well, too. I’m currently running MS Security Essentials on many machines – it’s free, but it’s still in beta – and it works great.

      The one thing you can’t do is run two antivirus products (or firewalls) at the same time. It’s begging for trouble.

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

July 2010
M T W T F S S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft