24 responses to “MS-DEFCON 4: Get patched now”

1. 

   Ann November 6th, 2009 at 05:59

   Woody: The only Cumulative Security Update for IE8 for WinXP I have waiting to be installed is KB974455. You indicated that if this is installed — it breaks IE. KB976749 is not even offered. What do I do now?
   I’m going to install everything else that’s being offered and omit KB974455 awaiting your direction.
   Gosh, I hate this stuff. Too much deep thinking for me. I’m so glad we have you.
   Got a typo in the following sentence, I believe: “But if you mistakenly apply the patch to the patch (KB 97455) before you apply the patch itself (MS09-054/KB 976749), you break Internet Explorer.”
   Believe the reference should be KB974455 — not 97455???

2. 

   woody November 6th, 2009 at 06:21

   Ann -

   Go ahead and install 974455. You must’ve gotten the earlier patch already, so you need to fix it. Bah.

   Thanks for the correction!

3. 

   Liz November 6th, 2009 at 08:45

   Woody,
   I have my Windows update set to notify but don’t download and got my set of patches last Black Tuesday as usual. On the 29th of October, I woke to find that Windows Update had updated itself (Windows Update agent 7.4.7600.226) without my knowledge or permission. After that, 12 ‘important’ updates are offered instead of 9 and only 10 are ticked. Two are there but unchecked.
   One that is unticked is KB974455 (the IE 8 patch) and the other is a Windows Platform update KB971644.
   I’m confused. If the IE 8 patch is unticked, should I leave it as it’s offered and download the rest?
   Thank you!

4. 

   Harry F pea November 6th, 2009 at 15:49

   Woody

   Your piece on the dreaded KB4455 especially para:

   Knowledge Base article 976749 describes the carnage. If you’ve already applied MS09-054/KB 974455 (but you haven’t, right?), then you need to apply KB 976749. But if you mistakenly apply the patch to the patch (KB 974455) before you apply the patch itself (MS09-054/KB 976749), you break Internet Explorer.

   Sorry but my fuddled brain is having problems with what you post. I have just downloaded 4455. What do I do now – leave it alone or do I now add KB 976749. Your last sentence is far from clear.

   ?

5. 

   Ann November 6th, 2009 at 20:31

   Woody: Checked Add & Remove Programs in Control Panel and under Windows Internet Explorer 8 – Software Updates the KB976749 is not listed. (I’m guessing that’s how to check for the patches installed on a PC.) Does that mean I do NOT have that patch? If so, should I still go ahead with KB974455 as you directed?

6. 

   flavet November 7th, 2009 at 03:08

   Woody– Help, I just installed 13 patches, including KB974455. Now I cannot get Windows Update to operate past a message that they posted on that site when I tried to go back to pick up any custom patches. It has something to do with a Microsoft add-on related to something with the word Publisher in the title. I opted for the option “do not install” this item (since I have no idea what this product is or what it does). Now, IE8 just starts up and goes no further than the first screen, with most of the options greyed out, and a pop up saying to click here to install the add on, which does not do anything even if clicked on.
   Question: should I remove the KB974455 patch?
   I use Win XP w/SP 2 & 3, and IE8.

7. 

   Marty November 7th, 2009 at 04:43

   I believe that two KB numbers were juxtaposed in Woody’s original posting. Woody wrote: “But if you mistakenly apply the patch to the patch (KB974455) before you apply the patch itself (MS09-054/KB976749), you break Internet Explorer.” The statement should have said that “if you mistakenly apply the patch to the patch (KB976749) before you apply the patch itself (MS09-054/KB974455), you break Internet Explorer”.

   Life with Microsoft is hard enough without even more confusion caused by typos! Moreover, I don’t think that Windows Update will offer KB976749 until it sees that MS09-054/KB974455 has already been installed.

8. 

   woody November 7th, 2009 at 07:03

   Marty -

   Correct on all counts…

9. 

   woody November 7th, 2009 at 07:03

   Sure, give it a try.

   A quick Google scan didn’t turn up similar problems, so keep me posted…

10. 

    woody November 7th, 2009 at 07:04

    Ann -

    Correct. If the update isn’t listed, you don’t need it.

    That goes for KB 974455 as well – if it isn’t listed, don’t go looking for trouble!

11. 

    woody November 7th, 2009 at 07:06

    Harry -

    Sorry. I was trying to show how %$#@! confusing it all is.

    Right now, you should only apply updates that are specifically offered to you. It isn’t clear to me what logic MS has built into Windows Update to handle the KB 974455 patch-of-a-patch mess, but no doubt they’ve thought it through.

12. 

    woody November 7th, 2009 at 07:08

    Liz -

    Windows Update now updates itself without permission. That change happened more than a year ago. Many people hollered about it, but when you think about it, I guess it makes sense.

    My advice is to only take the patches that are offered. If they aren’t checked, don’t check them.

13. 

    flavet November 7th, 2009 at 08:31

    I am the impatient type, so when I did not get an answer to my earlier poser, I went ahead and did a System Restore. Not real sure what it REALLY does, I figured I could undo it if necessary. Afterward, I wasn’t sure what the status of having applied the 13 patches was due to the restore, I figured if I attempted to reinstall a single patch, Windows Update would either say, hey, that patch is already in place, or, it may just go ahead and reinstall it anyway.
    Also, I looked up the KB974455 at MS and it included some text dated 11-2, so I figured that that patch has been patched and anyone applying it after that date would not be bothered by the KB976749 patch. NOT SO.
    To try to shorten this, after the system restore, I went ahead and did a screen for patches which may be outstanding, and 12 of the original 13 came back up, so a went ahead and reinstalled the 12. Afterward, I did another screening, and lo and behold KB976749 showed up in my patches for the first time. So it seems it shows up only after you install KB974455. I also thought it best that I download the 13th patch which did not show up after the restore, and install it. All in all I installed 27 patches today (13×2, +1).
    Lastly, Woody, please have pity on we unwashed heathens, be more clear in your answers. We can use all the (clear) help we can get.

    the name is FLAVET

    Thanks

14. 

    Ann November 7th, 2009 at 10:17

    Woody: Hate to keep pestering you about this but I’m still confused if I should install KB974455. Following is our “I said”, “You said” scenario.

    (1) I said: The only Cumulative Security Update for IE8 for WinXP I have waiting to be installed is KB974455. You indicated that if this is installed — it breaks IE. KB976749 is not even offered. What do I do now?
    I’m going to install everything else that’s being offered and omit KB974455 awaiting your direction.
    (2) You said: Go ahead and install 974455. You must’ve gotten the earlier patch already, so you need to fix it. Bah.
    (3) I said: Checked Add & Remove Programs in Control Panel and under Windows Internet Explorer 8 – Software Updates the KB976749 is not listed. (I’m guessing that’s how to check for the patches installed on a PC.) Does that mean I do NOT have that patch? If so, should I still go ahead with KB974455 as you directed?
    (4) You said: Correct. If the update isn’t listed, you don’t need it. That goes for KB 974455 as well – if it isn’t listed, don’t go looking for trouble!

15. 

    woody November 8th, 2009 at 02:59

    Flavet -

    OUCH. Yes, combining System Restore with Automatic Update can produce all sorts of combinations, some of which aren’t very helpful for your PC>

    I try hard to be clear in my answers – but if you don’t follow what I’m saying, hit me with a comment. Sometimes (like right now) I respond to comments at 3:00 in the morning, and my brain isn’t fully in gear.

16. 

    rc primak November 8th, 2009 at 04:59

    There’s a sure-fire way to know exactly which MS Updates you have installed. It is called your Updates History. I go to MS Updates manually through IE8, so I have the option to review my Updates History at any time after the initial log-in and system scan. The manual method also gives me the latest Updater revisions, no questions asked. But this method does require MS WGA (or is that WAT now?) — also known as Windows Genuine Spyware. So you choose your method to suit yourselves, but checking for the Updates History is much easier if you go to MS Updates manually through IE.

17. 

    Liz November 8th, 2009 at 17:12

    Hi Woody,
    I hid that nasty update.. installed all the rest without a problem.
    One question though. I’m nosy and after the installation was done, I was looking through my events log in administrative tools in control panel, and under ‘information’ I found that somewhere in the depths of my computer, something found that six of the 10 updates I successfully installed (according to the windows update history) were deemed not appropriate for my system. What gives?

18. 

    woody November 9th, 2009 at 07:40

    Liz -

    No idea. What program told you that they were not appropriate?

19. 

    Liz November 9th, 2009 at 17:25

    Hi Woody,
    In Vista,
    Control Panel>Administrative Tools>Event Viewer>Custom Views>Administrative events..
    

20. 

    comment November 10th, 2009 at 04:33

    WHENEVER you write about Windows updates, PLEASE, PLEASE, ALWAYS mention the KB article number – instead of ONLY the MS##-### (security bulletin) number.

    The reason is when the reader is looking at the Automatic Updates window, the latter ONLY shows the KB numbers.

    …

    The reader would have to read the MS##-### security bulletin (often quite technical!), find the corresponding KB number(s), take notes, and go back to your blog to cross-reference everything…

    Since you already read the MS##-### security bulletins (and understand them better!), you’re partway there already …

    Thanks again.

21. 

    comment November 10th, 2009 at 04:45

    Woody,

    I was mainly using this reply / comment system to leave you a private message, though my previous comments are fine as public comments.

    However, is it wise for your system to GO AHEAD and publish comments, though “Your comment is awaiting moderation”? Most other systems are setup to wait for review first.

    Maybe I’m too cautious in this legalistic age, but might this not open you to possible abuse …

22. 

    woody November 10th, 2009 at 06:30

    Yo, comment!

    As you noted in a later post, the comments are not updated automatically. I have to approve each one. It’s unfortunate, but I get a lot of spam.

    If you have a technical question, this is a good place to ask it. But if you want to write to me directly, my email address is in the Intro to all of my books. It’s pretty easy to remember – Woody at this address.

23. 

    Simon Holden November 25th, 2009 at 19:50

    KB 974455. I uninstalled after encountering many problems and now everything runs smoothly again. How much of a security risk am open to not having this patch ??

24. 

    woody November 26th, 2009 at 06:00

    Simon -

    Microsoft really botched that patch. The KB article 974455 is up to revision 5.1, which is indicative. For now, I would say if you got your computer working again with the patch uninstalled, hold off. MS is bound to release a patch to the patch to the patch one of these days. And use Firefox, of course…