Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • MS-DEFCON 4: Apply all patches except the .NET updates

    Posted on July 4th, 2010 at 22:35 woody 34 comments

    It’s time to get patched up, but watch out for one giant collection of problems, disguised as updates.

    Susan Bradley, in her June 24 article in Windows Secrets Newsletter, talks about the pain of trying to keep up-to-date with .NET patches. I’ve always disliked .NET and detested .NET patching – the people who put together the patches have created an unholy mess. Susan gives a few of the details.

    So I’m going to suggest you apply all of the currently outstanding Windows and Office patches, EXCEPT the .NET patches. Susan lists them as:

    KB 982670 ,KB 982524 for Windows XP and Windows Server 2003, KB 982525 for Vista and Server 2008, and KB 982526 for Win7 and Windows Server 2008 R2. She also mentions KB  956250. I hate to do this to you, but when you go into Microsoft Update or Windows Update, jot down all of those numbers and DON’T apply those updates.

    There isn’t a single .NET update that’s of any significance. (One could argue that there haven’t been any real improvements in .NET patches in many moons – only added headaches.)

    So get patched up now. And if you use Windows XP, see the next blog item to run a little fixit that’ll protect you from a 0day that (in my opinion) is way overblown.

    I’m rolling us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

    Windows Patches/Security , , , ,
     

    34 responses to “MS-DEFCON 4: Apply all patches except the .NET updates”

    1. Marty July 5th, 2010 at 00:28

      Thanks for the heads-up on the .NET updates. I am running XP/SP3, and Windows Update recommends three other .NET patches that aren’t mentioned in your posting: KB982168 (.NET Service Pack 3.5 Update), KB979906 (.NET Service Pack 1.1 Update, MS10-041), and KB979909 (.NET Framework Update, also MS10-041).

    2. Ron July 5th, 2010 at 05:44

      Woody Happy 4th too ya. on Downloading those patches (KB982670),(KB982524). I did download them. I Know I Maid That mistake. Now i’d like to ask can U remove them and I Mean the Ones I Downloaded. And Can U remove All the old .Net Patcthes or Programs As Well Without Having Any Problems Or Issues on the Computer. With Software That Works or Runs with .Net Programs. Thanks Again Woody and Have a Happy 4th

    3. Charles July 5th, 2010 at 06:18

      I’ve got 3 other patches that are being offered to me that are patches for .NET and not listed in this article: KB979906 (”.NET Framework 1.1 SP1 Update”); KB979909 (”.NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update”); and KB982168 (”.NET Framework 3.5 SP1 Update”). Do those apply under the heading of “.NET patches that I shouldn’t apply”?

    4. SFdude July 5th, 2010 at 08:50

      Thanks Woody!
      I was waiting for your “all clear”
      to apply the June MS patches to my XP pc.

      Considering the patches were released
      by MS back on June 8, waiting 30 days to apply
      the updates is getting to be ridiculous.

      Wish Google would come out with a reliable OS.

      MS-Windows is simply becoming a “non-viable” OS, with all its problems and time needed to keep up with it…

      SFdude

    5. guest July 5th, 2010 at 11:46

      I am confused. I do not see my .NET patches listed:

      KB979906 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP

      KB7979909 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86

      KB982186 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86

      Are these okay to patch?

      I do have one patch that you warn about:

      KB982524 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86

    6. FTWMike July 5th, 2010 at 12:20

      Woody – in addition to the 2 for XP that are noted, I’ve also got 3 others that are being pushed at me:
      KB 979909
      KB 979906
      KB 982168
      I’m not finding any of these mentioned here or by Susan. Any special thoughts about these 3?

      All 3 are tagged as “High-priority updates” and the first 2 are described as “…Security Update…”.

      Mike

    7. sanda July 5th, 2010 at 18:18

      My quirky antique doesn’t always install all the ones I chose on the first “go around”, after I reject one of those on your list.

      Today’s patches for my machine offered the NET KB979906 but it does not appear on the list you posted from Susan. I didn’t take it.

      (P.S. In the heat wave pollution, I couldn’t again find your tease in the intro to Windows 7 All-in-One for Dummies – but hello from the UP Side…your stores would do great here.)

    8. sanda July 5th, 2010 at 18:19

      Correction: UW Side. Pollution typo.

    9. bob July 6th, 2010 at 01:59

      Woody,
      I have 2 .net patches for Vista. One is KB982525 and the other is KB979910. 979910 is listed as a security update. Do I ignore both or just KB982525…Thanks

    10. J July 6th, 2010 at 03:47

      Woody, I also have some additional .Net patches that showed up this month for my XP machines: 979909, 979906, 982168, and 979904.

      Do I skip all of these also?

    11. woody July 6th, 2010 at 06:33

      @J -

      Yes, skip them all. I’m not sure when MS will get its .NET patching act together. At some point they’ll probably get things more-or-less working, and I’ll basically throw up my hands and say, “go ahead and do it.” But for now, it’s smarter to wait.

    12. woody July 6th, 2010 at 06:33

      @Bob -

      Ignore them both. See my response to J above.

    13. woody July 6th, 2010 at 06:35

      @Sanda -

      Greetings from Patong! (When you say “UW Side” do you mean University of Washington?)

    14. woody July 6th, 2010 at 06:37

      @FTWMike -

      If they’re .NET updates, leave ‘em alone for now.

    15. woody July 6th, 2010 at 06:38

      @guest -

      Yep, that’s part of the problem. There are so many .NET updates running around that nobody has the whole story. I say ignore them for now.

    16. woody July 6th, 2010 at 06:39

      @Charles -

      See above. There are lots of .NET patches running around. Ignore them for now.

    17. woody July 6th, 2010 at 06:40

      @Ron -

      If you’ve already got ‘em, keep ‘em. You’re more likely to shoot yourself in the foot if you try to remove any of them.

    18. woody July 6th, 2010 at 06:40

      @Marty -

      As above, hold off on all of the .NET patches. Heaven only knows which ones are going to come out of the woodwork!

    19. bob primak July 6th, 2010 at 21:20

      Woody –

      I run Paint.NET, Screenpresso (screen capture) and a few other programs which use .NET Framework. On my Windows XP Pro SP3 laptop, I have never had a problem with .NET Framework or any of its recent patches. On my brand-new Toshiba Satellite Windows 7 64-bit laptop, I got all the current MS Updates for that OS, as well as .NET Framework patches and .NET Framework 4.0. No problems whatsoever so far. And Paint.NET in the 64-bit environment works much faster and is smooth as glass.

      So I can understand that businesses, which have been reporting server applications which have been adversely affected, might not want the .NET Framework updates (hence, Susan Bradley’s advice, based on her business environment experiences). But for most Home Users who have .NET applications, I think the “don’t patch” advice is misguided. At least that is my current experience, both 32-bit and 64-bit.

      If anything goes south in either of my laptops, I will be sure to give a holler and retract this post. Until then, I will continue to run image backups before applying any MS Updates, but I will keep my own .NET Frameworks up to date as long as I am running .NET applications.

      Of course, we all hope a new paradigm will supplant .NET. But for now, it’s what Microsoft and some third parties are using, so I will just roll with the punches.

    20. Marty July 6th, 2010 at 23:01

      The Secunia online scanner (http://secunia.com/vulnerability_scanning/online/) is an excellent cross-check. It doesn’t identify any of the .NET patches as critical, and it has the advantage of detecting other software that needs patching.

    21. Bill July 6th, 2010 at 23:38

      Hi Woody,

      I have Windows XP SP2, IE 6 (used only for MS Updates), Firefox 3.6.6 (for all internet browsing), and Outlook Express 6. (Yeah, I know it’s old stuff…)

      I actually didn’t have any .NET patches come up for me (though I haven’t checked back to see if any of those new three popped up) — but I will avoid them like the plague if they do! :)

      These are the updates that come up for me, followed by a couple questions:

      1. Cumulative Security Update for Internet Explorer 6 for Windows XP (KB982381)
      Typical download size: 2.2 MB

      2. Security Update for Windows XP (KB980218)
      Typical download size: 294 KB

      3. Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
      Download size: 488 KB

      4. Security Update for Windows XP (KB979559)
      Typical download size: 683 KB

      5a. Security Update for Windows XP (KB979482)
      Typical download size: 247 KB

      5b. Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP2 (KB978695)
      Download size: 4.6 MB

      5c. Security Update for Windows XP (KB975562)
      Typical download size: 507 KB

      (Note: I believe 5a, 5b, 5c are all part of KB979902, which that KB # didn’t show for me.)

      Question 1: Okay for me to install all these updates?

      Question 2: What order should I install 5a, 5b, and 5c? Or all at the same time? (I’ve noticed in the past in these instances with multiple related patches, that if you install one, they all end up getting installed…)

      Thanks, Woody!

    22. bob primak July 7th, 2010 at 02:30

      Well, I did all the patches, and .NET patches look just fine on my Windows XP Pro SP3 laptop. Paint.NET and Screenpresso are working just fine. All it cost me was about an hour to download and install the huge, lumbering beasts.

      I got reoffered KB 979683 yet again. This patch had not properly installed on my laptop in April-May, and it gave me fits to try to stop the reoffers. Anyway, this time, it installed just fine. Perhaps Microsoft has revised this update? I guess I’ll see next time whether the patch is again reoffered.

      When I finished my updates, I went back to MS Updates to check mu Update History. The entire History had gone missing, except for today’s updates. Weird! But hardly the end of the world.

    23. Sandy July 8th, 2010 at 20:59

      I have a definition update for Windows Defender — KB915597. Should I install it? Words like “defender” make me thinks I should always install these….

    24. sanda July 9th, 2010 at 01:04

      Woody,
      Upper West Side.

    25. Mordechai (Morty) Schiller July 9th, 2010 at 11:21

      Thanks, Woody!

      After following your instructions, MS keeps nagging me, insisting “updates ready for your computer.” The offerings are four NET Framework updates. I keep ignoring and they keep pestering.

      Should I just remove them all and forget about it? Or just keep virtually saying Thanks, but no, thanks… and leave them in case I should ever want to install them?

    26. woody July 9th, 2010 at 17:41

      @Morty -

      Ignore ‘em. You can turn the notifications off, but it’s easier to just look the other way…

    27. woody July 9th, 2010 at 17:43

      @Sandy -

      Yes, always install updates for Windows Defender. Better, upgrade to Microsoft Security Essentials.

      You should also always install updates for the Junk Mail Filter. Microsoft doesn’t screw those up very often.

    28. Bill July 9th, 2010 at 22:33

      Hi again, Woody — can you let me know about my post above when you get a chance? I’d like to install the updates this weekend. Thanks for all your great help! :)

      http://www.askwoody.com/2010/ms-defcon-4-apply-all-patches-except-the-net-updates/#comment-3358

    29. Kris July 10th, 2010 at 15:18

      WIN 7 Home 64 bit.
      It seems that since I uploaded the patches…not any not recommended… I cannot use most of my usb devices. The camera had to have the software installed from the disk. previously It just “found” it. Neither my Imation or Nano USB storage sticks are recognized. its just not “seeing” them at all.There may be other devices I haven’t tried yet also.
      Is this likely something else?? or do I need to go online and find drivers for them all now??

    30. woody July 11th, 2010 at 07:37

      Kris -

      Good question. I haven’t seen similar reports, so I tend to think that it’s something else – but you might try rolling back the updates to see if that fixes the problem.

    31. woody July 11th, 2010 at 07:39

      @Bill -

      Yes, install all updates except .NET patches. Don’t bother about the sequence – use Windows Update and let the updater decide…

    32. woody July 11th, 2010 at 07:40

      @Bill -

      By the way, if you still have IE 6 installed, make sure you upgrade to IE 8. Even if you never use IE, you should upgrade it to the latest version.

    33. EP July 11th, 2010 at 22:24

      @woody: also tell Bill to upgrade his Windows XP machine to SP3 level as Microsoft will end all support for WinXP SP2 on Tuesday July 13, 2010. NO EXCUSES for him to keep on using WinXP SP2 from that point on.

    34. woody July 12th, 2010 at 07:43

      @EP -

      Good point. SP2 is long in the tooth. I’ve heard of very few problems moving to SP3.

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft