Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • Out of Band IE patch coming

    Posted on March 30th, 2010 at 13:22 woody 13 comments

    Microsoft just announced that it’s moving up its traditional Black Tuesday Internet Explorer patch. Today, March 30, you can expect another giant patch from MS, this one plugging the IE “peer factory” hole I talked about earlier this month.

    If you use Windows 7 and IE 8, you’re safe. Everybody else is vulnerable*.

    As usual, I advise that you avoid installing the patch and wait for the wails of pain to subside. Besides, you aren’t using Internet Explorer anyway, are you?

    The Black Tuesday patches for March – one for Windows Movie Maker and one for Excel – don’t appear to be too problematic, but I haven’t seen any reports of systems cracked via the March holes. Thus, we remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    [UPDATE: *Permit me to elucidate. If you're using IE 8, you're safe from the "peer factory" hole. That's the big hole that prompted MS to release this IE patch early. MS10-018, like most IE security patches is a massive piece of, uh, work. It includes the "peer factory" fix, but it also includes many other, less urgent patches. Some day you will want to apply MS10-018/KB 980182, even if you have IE 8. But that day isn't today, in my opinion. Use any browser other than Internet Explorer, and wait for the wailing to subside.]

    Windows Patches/Security ,
     

    13 responses to “Out of Band IE patch coming”

    1. EP March 31st, 2010 at 02:08

      um, woody, Win7 + IE8 users ARE vulnerable too (doh!). check newly released Microsoft security bulletin MS10-018. Win7 IE patches are available on there.

      but, of course, I’m using Firefox 3.6.2 with its speed tweaks implemented.

    2. Mel S March 31st, 2010 at 04:58

      Any update on the patches of this month? I’ve still got update turned off from loading last months stuff. Yes we use Firefox, but some things come in over the IE anyway, so…

    3. woody March 31st, 2010 at 07:07

      Mel -

      With the big IE patch hitting, I’m reluctant to give the go-ahead. The two Security Bulletins on March’s Black Tuesday – for Movie Maker and Excel – seem to be patching problems that are rarely, if ever, encountered in the wild by everyday users. So I’m going to hold off on giving the go-ahead until the IE patch has a chance to clobber things. These IE patches are huge, and reach into every corner of Windows – they’re infamous for having unintended side-effects. Best for most people to wait and see what happens.

    4. RC Primak March 31st, 2010 at 22:53

      Thanks for the clarification. I was about to post about IE8 not being vulnerable to that Peer Factory exploit. But I use Firefox with NoScript (when Yahoo doesn’t block me from using NoScript) so I guess I should be safe(r).

    5. Flashorn April 1st, 2010 at 03:02

      Hey Woody !!
      I patched (as an experiment,in my nature) and so far, no problems encountered. I’m still using Vista (tweaked). Also patched my XP PC and no ill effect from that patch. It is a biggy though but the install went smoothly. I also installed the latest from nVidea (197.16). All is working well.
      So, on both my PCs, no secondary or residual effects from this patch. Just thought you might want to know.

    6. putting out fires April 1st, 2010 at 23:39

      We have a few Windows 2000 Pro boxes that I’m stuck with supporting due to compatibility issues between XP and an add-on to our accounting package. This patch knocked out browsing (IE AND Firefox!) and Outlook/Express e-mail on two of them that I know of.

      It doesn’t happen every login, either…oh, the joy. I haven’t seen the error dialog pop up under a limited account, either, though as admin one did. Something about wow64, though the text was gibberish to me so I didn’t write it down. The affected box can still ping and nslookup just fine, but not browse or get e-mail through the typical programs. Uninstalling the patch has (so far) restored the systems.

      Thing is, I know the users aren’t self-disciplined enough to use IE6 ONLY for the internal tools and Firefox for everything else, so this leaves these boxes vulnerable. I’m stuck.

    7. EP April 1st, 2010 at 23:57

      “But I use Firefox with NoScript (when Yahoo doesn’t block me from using NoScript) so I guess I should be safe(r).”

      relatively safe, but NOT completely, rc primak. you must also patch Firefox whenever a new release of it becomes available, and of course, update NoScript when a new version of it comes out.

      woody and I still disagree on whether or not IE8/Win7 users are “safe”. maybe from the “peer factory” security hole BUT there are a few other security holes mentioned in MS10-018 that have a severity rating of CRITICAL for IE8/Win7.

      @Flashorn: I’ve also “patched” my Vista SP2 and XP SP3 computers with the recent IE security updates and so far, no serious side effects. maybe in a week or two other Windows users should install the new IE KB980182 patches unless I see online reports of KB980182 causing problems.

    8. KB980182 April 2nd, 2010 at 17:21

      I just had a system fail after installing this patch on it

      first it got really slow
      then I ran every scan I could think of
      all of which came back clean
      the system was clean before the patch

      then after exiting the last scanning app.
      ESet online scanner
      the system froze

      the system would not even boot again
      I had to do a complete restore from a system image backup.

      8 hours later I’m not allowing this to install again.

      make certain a full image backup of your system is available before allowing this update.

    9. woody April 2nd, 2010 at 19:18

      Better yet, DON’T APPLY THE PATCH YET.

    10. EP April 3rd, 2010 at 04:07

      Even Ed Bott says for IE8 users to apply the newest IE patch. Read his recent blog here:
      http://blogs.zdnet.com/Bott/?p=1921
      See, IE8 users aren’t safe after all without the recent patch. Thanks to Ed Bott for clearing up the confusion as ALL Internet Explorer versions are vulnerable to several critical security holes and not just one “known” hole.

      @KB980182: what version of Windows and IE are you using?

      Though I would take it slowly to decide whether or not to apply the latest IE update. No need to rush out and get it.

    11. rc primak April 3rd, 2010 at 14:51

      @EP —

      Yeah, I know about patching and updating Firefox and its extensions. In fact, I am doing this tonight, due to the most recent Firefox update. NoScript gets checked weekly.

      And while IE8 users are safe from the “peer factory” exploit,there are other exploits that this big IE patch covers. So everyone will (eventually) need this patch, as Woody posted originally and in his edited update. He says he just wants us to wait awhile to see who screams, before taking the plunge into installing the update.

      @KB980182–

      Don’t be too quick to blame the IE Patch.

      Browser-based on line virus scanners are notorious for messing up Windows. (Been there, done that several times.) I avoid them like the plague. They also usually use Active-X Controls, which makes some of the scanners more of a security threat than the malware itself.

      The system-killers in these scanners are often drivers, which are downloaded for each run, and then these drivers conflict with other security software or with Windows itself. (Most of these drivers are unsigned, which does not help.) The result is a Windows computer which will not boot, not even into Safe Mode. Then it’s HELLO, REINSTALL!

    12. EP April 10th, 2010 at 06:16

      So far, KB980182 hasn’t ruined any of my XP/Vista machines. I even installed the IE6 SP1 edition of KB980182 on my relative’s Win2000 SP4 computer and nothing bad has happened. oh wow! I must be luckier than that Mr. KB980182 guy.

      I totally agree with rc primak on steering clear on browser-based virus scanners. they’re nothing but trouble. stick to using MS Security Essentials, AVG, Avast, ESET NOD32 and other antispyware/antivirus programs that dont put a huge drain on system resources.

    13. rc primak April 13th, 2010 at 00:00

      One on line scanner is notable for its effectiveness and safety — Trend Micro House Call.

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft