Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • MS-DEFCON 4: Get patched, but avoid these stinkers

    Posted on June 5th, 2009 at 06:09 woody 16 comments

    With ten patches on the way next Tuesday, and many of the problems with older patches fixed, it’s time to get patched up. Unfortunately, there’s a long list of  problematic patches that you should studiously avoid.

    Here are the ones I suggest you pass by:

    Windows Vista Service Pack 2/KB 948645 is causing problems. Dennis O’Reilly talks about some of them in the latest Windows Secrets Newsletter. There’s no pressing need to install Vista SP2, and the PC you toast may be your own. Hold off for now. If you really want to install SP2 and it isn’t offered by Automatic Update, check out KB 948343 for a list of potential problems. Worth noting: that KB article is up to version 14.0. And you trust this stuff?

    Office 2007 Service Pack 2 / KB 953195 has a few problems – just look at the “Known Issues” list at the end of the KB article. Again, there isn’t enough new stuff to justify putting your computer at risk. Patience.

    KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. The Knowledge Base article is up to version 5.0. This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

    KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

    KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

    I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

    I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

    Sorry to leave you with such a patchwork quilt of good and problematic patches, but I think you’d be well advised to apply all outstanding patches except the ones listed above.

    Office Patches/Security, Windows Patches/Security , , , , , , , , , , , , , , ,
     

    16 responses to “MS-DEFCON 4: Get patched, but avoid these stinkers”

    1. Al June 5th, 2009 at 10:57

      Hi Woody

      I try and read your blog everyday but don’t recall seeing anything about this paradox that only microsoft could come up with.

      I dutifully went to Windows Update on my XP and chose the “custom” route so I could de-select the patches you recommend avoiding.

      I get the message “Software Upgrade for Some Windows Components Required.” So in order to install the patches, I now have to update my updater. Do I do it?

      Al

    2. Tim June 5th, 2009 at 12:00

      Ok Woody, I’m NOT install ANY of the patches you mentioned in this latest article.

      Cool? Or did I not read you right?

    3. woody June 5th, 2009 at 18:53

      Yes, I recommend that you install all outstanding patches, except the ones listed in this article.

    4. woody June 5th, 2009 at 18:54

      Yes.

      The worst that will happen: you’ll get the new version of Windows Genuine Advantage. Er, Windows Activation Technologies. If you’re running a pirate copy of Windows XP, it will start bellyaching occasionally and turn your wallpaper black, but there won’t be any change in the way WinXP works.

    5. Yuhong Bao June 6th, 2009 at 00:11

      “This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox.”
      MS issued a fix a month ago for exactly this:
      http://support.microsoft.com/?kbid=963707
      “you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in”
      Vista has an old version, but yes 7 will likely have the latest version.

    6. CyGuy June 6th, 2009 at 02:30

      Thanks for listing them ALL Woody. There’s no question where you stand this month. Please continue listing all that are questionable.

    7. john June 6th, 2009 at 05:52

      hi woody i uninstalled sp2 will install it again later i just want to hold off on it for now and i have a update and it looks like thisnVidia – Other hardware – NVIDIA nForce System Management Controller

      Download size: 187 KB

      You may need to restart your computer for this update to take effect.

      Update type: Optional

      nVidia Other hardware software update released in April, 2009

      More information:
      http://winqual.microsoft.com/support/?driverid=20266611

      Help and Support:
      http://support.microsoft.com/select/?target=hub
      i would like to know if it is ok to install or should i hold off for a bit?

    8. woody June 6th, 2009 at 07:37

      My general advice about hardware driver updates applies – ain’t broke, don’t fix. If you don’t have any problems with your current video, don’t update the driver.

    9. woody June 6th, 2009 at 07:41

      Well, yes and no. The KB article gives details on how to unblock the drive-by add-on: follow the instructions, and Firefox will allow you to disable the add-on. AFAIK, KB 951847 still installs the add-on, and “grays out” the ability to remove it.

      There have been many other problems reported with this patch. I give it two thumbs down.

    10. rc primak June 8th, 2009 at 22:04

      Woody —

      I did install the .NET Framework 3.5 Update (KB951847) some time ago, by accident. Not wishing to remove it, I have applied the KB 963707 “fix” for the Firefox Add-on. But to apply this “fix”, I was sent to three other .NET Framework “fixes” — one each for .NET 1.1, .NET 2.0, and .NET 3.0 — all “prerequisites” for the .NET 3.5 “update” to allow removal of the Firefox Add-on. And the Firefox Plug-in for “Windows Presentation Foundation (WPF)” remains beyond the reach of any attempt to remove it. And WPF is probably at least as great a security risk as the .NET Assistant Plug-in. I’d like to get rid of the whole mess, but Registry-hacking is not an option at my skill level.

      Just wanted you to know that Microsoft has certainly not fixed this mess with their so-called “fix”. Keep us posted if there is any improvement in this situation.

      I would like to repeat that I only installed the original .NET Framework update because you were late in warning about it (after issuing an MS-DEFCON-4 go-ahead for that month’s outstanding patches). Still, I can only blame myself for not reading the update description and deciding this one was not for me.

      I still consider removal of .NET 3.5 to be potentially more hassle than it is worth. But I may yet change my mind and try to remove it anyway.

    11. Dave June 8th, 2009 at 22:32

      Apparently, IE 8 is being forced on some computers. My Nephew who works in systems, and has his updates set to let him know what is available but not install, informed me that he did not select it on his Vista machine, but that out of the blue when he was not doing anything, his computer rebooted and then asked him to set up IE 8. He also had problems with the install and wound up uninstalling it and going back to IE 7.

      He believes that IE8 will be a force update on all machines over time.

    12. sanda June 8th, 2009 at 23:35

      I think I put my question in the wrong place, sigh. I am having trouble getting the patches to list and install. I deleted the two Woody suggested to not take (960715 – I went to the link in a post by Woody and I didn’t have the problem, hence nothing to remove; and I deleted IE8. But it didn’t install. Could be my error in stopping to check installation.)

      Now it’s prompting me to take several patches, including the two I don’t want and it’s not listing. I only found out after cancelling, that the two listed above were back in installation list.

      I don’t know how to find the list and delete.
      When I hit icon, it doesn’t give me list. What to do?

    13. woody June 9th, 2009 at 05:05

      Dave -

      I don’t think it happened that way. See http://blogs.msdn.com/ie/archive/2009/05/01/ie8-installation-the-user-is-in-control.aspx .

    14. woody June 9th, 2009 at 05:09

      Yuhong -

      The MS fix doesn’t remove the add-on. See last week’s Windows Secrets newsletter for details.

      .NET Framework 4 Beta 1 was just released. I’m hopeful that Microsoft will clean up its act with the new version.

    15. woody June 9th, 2009 at 05:11

      Sanda -

      I’m having a hard time following what you’re saying. Can you shoot me mail and tell me which patches are involved, and explain what you mean by “When I hit icon, it doesn’t give me list.”?

    16. Bob Muller June 9th, 2009 at 08:22

      OK to install KB955430 ??

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft