12 responses to “MS-DEFCON 5: Time to get patched”

1. 

   EP September 9th, 2010 at 01:40

   WOW! I think this is the 2nd time in Askwoody.com history that we’ve reached MS-DEFCON 5 status.

2. 

   jesus r. September 9th, 2010 at 07:43

   All the updates went fine but i have a silverlight kb2164913 update that wasn’t checked so i didn’t install it. I have vista 64 bit.Should I install it or hide it permanently?

3. 

   rc primak September 9th, 2010 at 10:04

   Woody —

   What do you think of Microsoft;s DLL Hijacking Mitigation Tools?

   http://news.techworld.com/security/3237700/microsoft-silent-on-windows-apps-vulnerable-to-dll-hijacking-attacks/

   (This is a link to Greg Keizer’s Tech/World article in which he outlines what Microsoft is doing so far.)

4. 

   woody September 9th, 2010 at 15:55

   @Bob -

   I think the tools stink. They break more than they fix – and Microsoft knows it. The problem is that they can’t fixit without breaking all sorts of things.

   I’ll stick with my recommendations in my InfoWorld Tech Watch article.

5. 

   woody September 9th, 2010 at 15:56

   @Jesus -

   If Windows Update didn’t check the patch, don’t install it.

6. 

   woody September 9th, 2010 at 15:57

   @EP -

   Ha! You noticed! Right now the big threats aren’t patched – so you might as well get everything caught up and pray the DLL Hijacking mess doesn’t get worse.

7. 

   guest September 10th, 2010 at 02:03

   When you say, “Even the .NET patch looks well-behaved,” does that include the Microsoft .NET Framework 4 Client Profile for Windows Vista x64-based Systems (KB982670) dated 8/24/10 too?

   I’ve done all the .NET 3.5 stuff, but I’ve been holding off on that .NET 4 one.

8. 

   woody September 10th, 2010 at 07:30

   @guest -

   It looks like there’s some problem with an earlier corrupted (?) version. PA Bear has a good response at http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/034404d0-4acc-4f92-80a4-d34c09e3fc17 I’m guessing that the problem has been solved, and the corrupt download has been replaced. That’s why it’s appearing on your Update list now.

   Would I, personally, install it? Naw. Wait for the next big load of .NET updates.

9. 

   Brian Williams September 10th, 2010 at 23:06

   Hi Woody,

   I’m always a bit confused when you lower the defcon about whether to install patches that you explicitly note by number and tell us not to install, albeit at an earlier date.

   Specifically, I’m wondering about the .NET 3.5 SP1 patch (KB982526) and the associated security update (KB979916). Does the latter patch make the former ok with Firefox? I still have those 2 hidden (along with the crazy EEA browser selection patch) so I’m not sure what to do.

   Thanks!

   Brian

10. 

    Ron September 11th, 2010 at 06:34

    Hey Woody Defcon 5 Time to Say Woo EEE An Cool Beans And Get those Patches. But Around the Corner Here Comes Some More Wonder if there going to be as big as the ones in Aug. Since I Talked to U last Time When it Was a 112. We’ve Had some Cooler Weather An Some Rain. It Helped a little How’s the Weather there in Patong.

11. 

    woody September 14th, 2010 at 21:45

    @Ron -

    It’s balmy most of the time, but raining a little bit almost every day.

12. 

    woody September 14th, 2010 at 21:48

    @Brian -

    When I drop the MS-DEFCON rating like that, I’m saying go ahead and install all of the outstanding patches.

    The .NET patches are always problematic, but they don’t seem to get much better. You need ‘em sooner or later, may as well get them after they’ve had a chance to stabilize a bit.