Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • MS-DEFCON 4: Get Patched

    Posted on March 5th, 2010 at 07:15 woody 22 comments

    Microsoft just fixed the really bad February patch. MS10-015 / KB 977165, which I wrote about two weeks ago, had a nasty habit of clobbering Windows XP machines. According to a Microsoft Security Response Center blog, MS10-015 is now offered “with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist.”

    In other words, if your WinXP PC is infected with the Alureon rootkit, MS10-015 won’t install itself, and you won’t be faced with an endless cycle of Blue Screens of Death.

    With that big problem out of the way, it’s now time to apply the February Black Tuesday patches. Get yourself all patched up, then make sure Automatic Updates is turned off. The two March patches will be out next week, and you don’t want Microsoft to zap you. Again.

    I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

    Windows Patches/Security , ,
     

    22 responses to “MS-DEFCON 4: Get Patched”

    1. Liz March 5th, 2010 at 12:38

      Hi Woody,
      I just installed the February Black Tuesday patches and I have a couple of questions.
      First of all, the patches installed without a problem, except that on initial reboot, my network connection icon didn’t appear in my system tray along with my sound icon. That was solved with reboot.
      My first question:
      I had 12 updates listed, but only 10 ticked. KB 977165 was not ticked, as was the update abou the EULA. I left them that way and didn’t download or install them. Am I right in assuming if Windows wants them unticked, I leave them unticked?
      Second question: The updates installed according to my update history, and installed updates under programs and features, yet in my event viewer, it lists them ALL as ‘not applicable to this system’. This happens with almost all windows updates.
      What gives? I mean, ain’t broke don’t fix, the system works fine- but I am curious…

    2. jesus March 6th, 2010 at 05:09

      I have a total of 13 updates for feb. One is automatically not highlighted.(kb977165)Is it ok to install all 13 including kb977165? I have Vista. Thanks Woody.

    3. woody March 6th, 2010 at 07:17

      J -

      If KB 977165 is not highlighted, do NOT install it. That means the installer detected something weird. It’d be a good idea to run a scan of your computer. Are you using Microsoft Security Essentials?

    4. woody March 6th, 2010 at 07:18

      Liz -

      Correct, if the installer doesn’t tick the patch, don’t install it. Not sure why the updates are shown as Not Applicable to your system, but the installer is good about detecting what it should and shouldn’t do. Wish I could say the same for the updates themselves!

    5. Ann March 6th, 2010 at 23:39

      Woody: Downloaded all updates on 3-5-10 (they were all ticked)and those KillBits (sp) were included again. Believe there were about 12.
      Anyway, when I returned later in the evening to install, the Update Icon was missing from the system tray. I never did the installation, only the download.
      Checked the Control Panel that displays the updates and there is nothing there for 3-5-10.
      Restarted PC and still nothing in the tray to allow me to install.
      What happened to everything?
      B-t-w, I was downloading the same updates on the wireless Laptop at the same time as the PC. Would that have caused this event? Thanks

    6. jesus March 7th, 2010 at 14:16

      I have Norton and it didn’t detect anything when I ran a scan.So I should hide kb977165 and install the other 12?

    7. Jim March 7th, 2010 at 20:11

      I have the same issue as Liz & Jesus (KB977165 not ticked) on 4 different Vista computers(not networked).

      McAfee doesn’t find any thing wrong with any of them.

      But it makes me nervous.

      Any insight at all?

      (By the way, I love this site)

    8. woody March 7th, 2010 at 20:49

      Jim/Jesus -

      No idea why Vista might be balking at installing KB 977165, but it’s best to follow Microsoft’s lead on this. They may well know something we don’t know – and the patch isn’t that big a deal anyway…

    9. woody March 7th, 2010 at 20:51

      Ann -

      Nope, downloading on two different machines at the same time wouldn’t cause the problem. Chances are good you downloaded the update and the installer determined that you didn’t need it. Don’t worry about it.

    10. RHTopics March 7th, 2010 at 21:44

      I am also using Vista and the update for KB977165 was unchecked in Windows Update.

      I have kept Microsoft Security Essential up-to-date, use the latest Firefox with NoScript in a standard user account when going on the Internet. In other words, I try to be safe as possible when using Vista.

      Microsoft has a KB for determining whether your computer is compatible with security update 977165.

      It is KB980966 and the url is http://support.microsoft.com/kb/980966/

      It provides a “Fix it” tool for determining if your computer can apply KB977165 and a command line tool for system administrators that does the same thing.

      I am comfortable with using the command line, so I downloaded the KernelSystemStateCheck.exe package and extracted its contents to a temporary directory. Then in a terminal window I ran the command “mpsyschk.exe”. It printed out the word “PASS” meaning the computer does not have the rootkit problem.

      After that I went ahead and installed KB977165. No problems occurred after I rebooted the computer.

      This computer is using Windows Vista Home Premium with Service Pack 2 installed.

    11. Jerry March 8th, 2010 at 20:23

      What is KB979099?

    12. woody March 8th, 2010 at 22:21

      RHTopics -

      Sounds like a good approach to me…

    13. John Schmechel March 9th, 2010 at 03:50

      Two weeks ago my Win7Pro(32x) computer indicated I should allow KB’s 977863, 971033, 976264, 976662, 979306 to be installed. One of the writers on Windows Secrets cautioned against allowing 971033 to be installed. Now you aver that it is OK to allow, but using your search engine on the other four KB’s yields nothing. What do you recommend on 977863, 976264, 976662 and 979306?

    14. woody March 9th, 2010 at 05:49

      John -

      MS10-015/KB 971033 has been updated. That’s why I switched to MS-DEFCON 4. The problem Susan described only occurs on WinXP systems anyway. Bottom line: install them all, but do it quickly, before Black Tuesday hits.

      I don’t list all individual KB articles – some Black Tuesdays involve many dozens of articles, occasionally a hundred or more. If you don’t find a specific KB article in a search, that means it hasn’t produced enough problems to warrant worrying about.

    15. rc primak March 9th, 2010 at 12:45

      I noticed that during my pre-MS Updates Avast Deep Scan, the program now does a specific scan of the atapi.sys file, looking for the Alureon Rootkit. Once this scan turned up negative, I went to MS Updates and applied all twelve of the February patches, including KB 977165, with no ill effects. It seems that some of the AV companies have gotten wise to this problem, and are addressing it through their rootkit scanning definitions databases. So, it is not necessary to rely solely on the Kaspersky detection and removal tool anymore.

      I also updated .NET Framework, and all seems well with those patches, too.

    16. KD March 10th, 2010 at 01:08

      Woody-To those out there be careful because I downloaded all the security patches that were checked and during the installation I found two KB977914 and KB975713 that were not on the downloaded list at all installed in. Sneaky.

    17. jesus March 10th, 2010 at 09:07

      Everything went well. Thanks again Woody.

    18. flavet March 11th, 2010 at 23:19

      KD -
      I have WinXP SP3 and on 2-5-10, I noted the KB #’s available to me that day, but not d/l’d nor installed.
      Both 975713 and 977914 appeared on my PC ready for application on that date.
      However, when Woody said go on 3-5-10, I accessed the update site and found all those listed on 2-5, plus two that did not appear at that time: 976662 and 979306. If for some reason the first two did not appear on your PC before 3-5 it may be because of a difference in operating systems in use.

    19. woody March 12th, 2010 at 20:55

      Flavet -

      There are many possible reasons for changing KB numbers being offered, not the least of which is MS’s changes to the patches. Best bet is to stick with the automatic detection built into Windows Update – and to only apply the updates when MS has fixed them.

    20. EP March 15th, 2010 at 23:00

      @Jerry: The KB979099 update fixes a problem with systems using Active Directory Rights Management Services (AD RMS). Since AD RMS is built in Vista & Win7, I recommend installing the KB979099 update. For those using Win2000 or WinXP, KB979099 is not needed unless a previous version of AD RMS was installed.

    21. chiara March 17th, 2010 at 03:44

      Woody-
      I installed KB977165 after it was supposed to be fixed, and had to uninstall it because of blue screen/black screen freeze on startup (we have XPpro sp3) any guesses why the trouble?

    22. woody March 17th, 2010 at 06:39

      Chiara -

      I don’t know what’s causing the problem. Send me email – woody (at ) ask woody (dot ) com – and I’ll try to get you hooked up with a Microsoft support person. They’ll be very interested.

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft