We address different audiences. Susan is more oriented toward businesses, I’m more concerned about home and home office users.

At some point you’ll need to update Internet Explorer. But for now, as long as you’re using Firefox, I don’t see much exposure at all. SANS Internet Storm Center reports that exploit code is publicly available, but I haven’t heard of any working exploits if you’re using Firefox. MS09-014 says, “The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol.”

The other patch, KB 959246, is for a hole that’s been around a long time – the Safari carpet bomb attack. CVE says, “Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X”

While business users may still be running Internet Explorer – and some brave souls run older versions of Safari – I would be very surprised if any of the readers here fell into either group.

I presume that you disagree.

Thanks

No problem at all. It’s a jungle out there.

Most people don’t realize that typing KB followed by the number will take you straight to the Knowledge Base article.

‘Course, you may have a bit of trouble understanding the article. I frequently do…

The KB articles you see are secondary articles for the patches.

KB 923561 is for MS09-010

KB 952004 is for MS09-012

KB 956572 is another Knowledge Base article for MS09-012.

I could try to list all of the KB articles for all of the patches, but you’d see hundreds of numbers. Instead, I’ve listed the KB articles that most people see.

If you’re ever curious about a Knowledge Base article, start Firefox and in the address bar type KB followed by the number, then press Enter. You don’t need to type in an URL. Simply typing, say,

KB 956572

will list the KB article as the first result.

As a side-note… there are already LOTS of identified problems with this month’s patches.

I realize I may not need some/any of those in this last group due to what MS programs I have on my PC (Dell using WinXP SP3), I may need your comments on those I have that you did not mention. (I also have two others that you have mentioned in previous items, so I discount those.)

The first two are alternate KB numbers for MS09-012. I suggest you hold off on them.

The last one is an update for Windows Mail. (!) I have no idea why it was offered to you, unless you suddenly started using Windows Mail. If you did, you should switch over to Windows Live Mail, http://download.live.com/wlmail , which is supported. Windows Mail has been orphaned, pretty much.