Microsoft re-issues one Black Tuesday patch; time to get updated @ AskWoody.com

Microsoft re-issues one Black Tuesday patch; time to get updated

Posted on April 26th, 2010 at 22:41 woody 12 comments

It looks like Microsoft has ironed the big-time problems out of its April Black Tuesday patches. Looks like it’s time to get all patched up.

Here are a few things to watch out for:

The documentation for the out-of-band Internet Explorer roll-up, MS10-018, KB 980182, is up to version 4.0. As far as I can tell, nobody’s getting clobbered by installing it. Of course, you use Firefox or Chrome, or anything other than Internet Explorer, so you weren’t on the bleeding edge anyway, but it looks like now’s a good time to apply the patch.

MS10-019 can produce a weird error if you try to sign a CAB file. If you don’t know why you would want to sign a CAB file, don’t worry about it. But if there’s a chance you might want to sign a CAB file, read the problem description and solution in KB 979309.

MS10-024 has a weird bug in the installer that may lead you to believe that you don’t need the patch, when in fact you do – and Windows Update will install it, just the way it should, in spite of what the installer says. There’s a very brief description in KB 976323. Susan Bradley has a much more thorough explanation in her Windows Secrets Newsletter Patch Watch column this week. If you suddenly can’t use your faxing software after installing this patch, take a look at GFI FAXmaker’s blog.

MS10-025 has been pulled, then re-issued, just today. There was a bug in the patch that kept it from working on some Windows 2000 Servers. Details on the MS Security Response Center blog.

Looks like we’re good to go. I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

Yes, that means I feel that now’s a good time to apply ALL outstanding Microsoft patches, on ALL Windows PCs.

Windows Patches/Security April 2010 Black Tuesday
12 responses to “Microsoft re-issues one Black Tuesday patch; time to get updated”
1. rc primak April 27th, 2010 at 01:43
  
  Here’s Susan Bradley’s link to the GFI FaxMaker page:
  http://kbase.gfi.com/showarticle.asp?id=KBID003836
2. rc primak April 27th, 2010 at 04:36
  
  Woody,
  
  MS 10-021 (KB 979683) keeps being offered over and over again. I’ve done everything I can find on line, including reimporting the Certificate, re-registering the .dll’s, and all of Microsoft’s suggestions in their KB article for fixing what appears to be a problem with some Windows XP PC’s not showing the Certificate as Signed. I finally ran Secunia PSI, found myself completely 100% secure, and hid the MS patch permanently at the MS Updates site. I believe the patch is installed, but the Certificate cannot be fixed. Other Windows XP users have posted the same issue in The Lounge.
  
  Any further ideas?
3. Todd April 27th, 2010 at 08:23
  
  i have a few update im not sure if i should install the first one is the Cumulative Security Updates for ActiveX kb950760 an kb978262 and the microsoft.net framework patches 2.0 and 3.5and if i have internet ex. 8 installed do i have to do the updates for internet ex. 7 (kb947864&953838) i just reset my pc so im not sure about theses thanks for your help
4. woody April 27th, 2010 at 14:46
  
  Todd -
  
  Use Windows Update, and have it decide which order to install them in.
5. woody April 27th, 2010 at 14:48
  
  Thanks, Bob. I fixed the link.
6. Andrew April 27th, 2010 at 15:07
  
  Woody,
  
  MS 10-019 references multiple KB articles. In my case, on a given server, two patches appear that need to be installed: KB 979309 and KB 978601. I assume both should be installed. But, am I installing the same code twice? Or am I installing two different parts of the same patch? If I installed one and not the other, would the other continue to appear in Windows Update?
7. woody April 27th, 2010 at 17:47
  
  Andrew -
  
  Not sure. Use Windows Update, and allow it to install whichever one it likes. Reboot, and run Windows Update again. Did it pick up the second patch? If so, install it.
  
  I always defer to Windows Update for choosing and installing the correct patches, in the right order. That’s a bit naive on my part, but Microsoft’s written instructions are so incredibly opaque at times that it’s the only viable alternative.
8. Mike April 29th, 2010 at 01:13
  
  MS10-020 still has a bug. If you’re using roaming profiles you won’t be able to get them after installing this. Removing it solves the problem. There also seems to be a problem with saving Word 2007 and Excel 2007 files to network shares under various server operating systems. Just do a search for KB980232. Microsoft reports no known issues with this — I just checked.
9. AR April 29th, 2010 at 02:29
  
  Andrew,
  Why would you be installing the same code twice? They are clearly defined as two patches. From the MS10-019 FAQ:
  “Are both updates required for my system?
  Yes, the update for each component, Authenticode Signature Verification and Cabinet File Viewer Shell Extension, are required for each operating system. You must install both updates as applies to the operating system that you have.”
10. rc primak May 1st, 2010 at 00:07
  
  MS 10-021 (KB 979683) update: The patch actually installed the first time. MS Tech Support says my BIOS failed to “synchronize” with the Windows system kernel changes. Whatever that means?? My computer has never had a BIOS update available, and probably never will.
  
  Anyway, it is safe to hide this one if it says it was initially successfully installed. Even if your computer is not required to reboot to complete the installation. No tricks required.
  
  What a waste of time!
11. rc primak May 4th, 2010 at 11:02
  
  To clarify, the MS technician says, and I agree, that the BIOS in my laptop, and/or the motherboard chipset, has a microcode flaw which makes it incompatible with some component of the MS patch. Possibly the patch tries to enable hardware DEP. My Mobo and BIOS do support DEP, but the codes are wonky. Hence the MS Udate reoffer and the Belarc Adviser Fail rating. Sheesh!
12. markC May 6th, 2010 at 09:42
  
  woody
  KB978601 and KB979309 (in XP) are different codes and different downloads.
  KB978601 would NOT install; but after I downloaded new version (not listed in MS info except they acknowledge it as not installing in the KB article) it installed no problem
  
  First was 528kb, new was 563kb.
  
  So just download “new” version and install.
Leave a reply

Name (required)

Mail (will not be published) (required)

Website