MS-DEFCON 4: Get patched @ AskWoody.com

MS-DEFCON 4: Get patched

Posted on February 3rd, 2010 at 06:35 woody 9 comments

Microsoft had two Security Bulletins in MarchJanuary, with a plethora of patches.

MS10-011 / KB 972270 is relatively innocuous – a real yawner if you’re using anything other than Windows 2000 SP 4.

MS10-002 / KB 978207, on the other hand, consists of a massive rollup of Internet Explorer patches. As you may recall, it was issued “out of band,” after the usual Black Tuesday patch day. The patch got released early because of highly targeted “spearphishing” attacks, many of which targeted Chinese dissidents. I didn’t get too excited about it because normal people like you and me weren’t getting clobbered by the original spearphishing expedition – and I haven’t heard of any attempts at a mass attack based on the vulnerability.

As with any massive IE rollup, there’s a big potential for problems. Although the Knowledge Base article is up to version 4.0 (which means MS has had to modify it significantly on many occasions over the past couple of weeks), it now appears to be stable. So I’m ready to give the “all clear” to install it.

Of course, you’re using Firefox or Chrome or anything other than IE, right? Remember the mantra: keep Internet Explorer updated and patched (you should be on version 7.0 or 8.0), just because holes in IE can be exploited even if you don’t use IE; and use anything but IE.

I’m taking us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

Windows Patches/Security
9 responses to “MS-DEFCON 4: Get patched”
1. Martin Sapsed February 3rd, 2010 at 17:32
  
  “Microsoft had two Security Bulletins in March”? Are you living in the future now Woody?
2. woody February 3rd, 2010 at 19:35
  
  GACK!
3. Liz February 3rd, 2010 at 23:05
  
  Woody,
  I knew you were in a different time zone but….
4. Mel S February 4th, 2010 at 00:11
  
  My update lists only KB972270.
  I do not have KB978207- listed, why not?
  My system is (32 bit) Vista.
  Do I need to patch both, they appear to be for XP, but one of them at least lists Vista too.
  So?
5. David Pidcock February 4th, 2010 at 05:10
  
  How about KB971961?
  
  Thanks,
  
  David Pidcock
6. woody February 4th, 2010 at 07:34
  
  Mel -
  
  Install what’s offered. If it isn’t offered, don’t worry about it.
7. woody February 4th, 2010 at 07:35
  
  David -
  
  That’s an oldie. If you haven’t installed it yet, go ahead.
8. KD February 5th, 2010 at 22:59
  
  Dear Woody; I have yet not installed KB973904 because of the previous problems everyone was having. To this date, is it alright to download with KB 978207? Thank You.
9. woody February 7th, 2010 at 21:04
  
  KD -
  
  As long as you don’t use IE, 978207 should be OK.
  
  I’ve talked about KB 973904 before, but the most common problem has a “Fix It” posted on the KB 973904 site.
  
  I’m aware of some problems with KB 977074, the third-Tuesday “stability” patch, but difficulties seem quite rare, at least from what I’ve seen.
  
  So go ahead and patch away. Just make sure you turn Automatic Update off before Tuesday.
Leave a reply

Name (required)

Mail (will not be published) (required)

Website