MS-DEFCON 2: Get locked downPosted on October 5th, 2012 at 11:30 23 comments
I’m on vacation until the middle of the month, but I’ll drop by this site and let you know if anything dire happens.
We’ve had a good, long stretch of “patch now” status, so now is a good time to check and make sure that you have Automatic Updates turned off.
Until we know more about the October Black Tuesday patches, I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
Catch ya on the flip side…
23 responses to “MS-DEFCON 2: Get locked down”
‘Fraid you forgot to change the header to Defcon 2 – it’s still 4!
I know we are on MS-DEFCON 2. I also know you are on vacation. In between having fun and relaxing, you might want to change your banner at the top of your site to also be MS_DEFCON 2.
Have a great vacATION!
Tom R, October 6th, 2012 at 07:32
What about KB2597986? Patch now, or keep holding off?
Woody, its defcon 2. however the banner is still on green 4.
Hi Woody. ~ I appreciate your MS-DEFCON alerts. I have your site in my Windows start-up folder, so that every morning I automatically see your recommendation. ~ FYI, starting October 5, 2012, your blog entry moved to MS-DEFCON 2, but your graphics and words at the top of the page still showed MS-DEFCON 4.
Hey Woody have a Good Va Ca but you forgot something Sir.! Here on the Post you have us at MS-Defcon 2.. But up on the Site up at the Top it’s showing 4.. is there a typo somewear.. Just funnen Ya Lol Take Care & have Fun.. Ron
It looks like MShas fixed thepatch. Go for it…
I like the seasonal “Pumpkin Patch” icons.
Trick or treat? ;^)
In your portrait at the top of the page, is that Hogwarts’ Sorting Hat you’re wearing, or a generic sorcerer-wizard’s thinking cap?
At last, we know the real secret behind your almost magical powers of deducing whether it’s safe to patch….
Just back from the US. Trying to recover from jet lag….
Gindy53 October 21st, 2012 at 22:02
I really like the Halloween banner, very neat. You look fabulous in the wizard hat. Are you going to make this a regular thing? I do hope so.
Keimma October 22nd, 2012 at 03:32
Hi Woody! Hope you enjoyed your trip!
Jacquie October 22nd, 2012 at 03:37
I keep getting updates for Java. I thought I had disabled it – do I need to install the patches, or should I ignore them?
If you ever get to Brooklyn, give a holler.
rc primak October 24th, 2012 at 06:57
Another Microsoft Stealth Update may have occurred:
(from my computer notes)
6:48 PM 10/23/2012 Issue identified — This DEFINITELY should not have happened automatically!! Microsoft in all its Corporate Wisdom, Stealth Updated the Windows Time Zones for Daylight Savings Time, even though I had Windows Updates set to Notify but Do NOT Download! Windows 8 Release Preview, 64-bit. Anybody else get this one? No harm done, but would it KILL them to ASK FIRST, as AGREED in the Updates Settings??
Issue happened at 6:10 PM CDT, USA, Central Time Zone. The only clue was when I went to check for Windows 8 Restore Points in CCleaner a short time ago. (I dual-boot, and Windows 7 keeps wiping out my Windows 8 Restore Points. I really should try to fix that.)
I looked at the detailed System Restore Point description in the System Restore Windows feature. Although this was listed as “Windows Modules Installer” it was also shown that it was a Time Zone Update. Silent and automatic, in spite of my Windows Updates settings.
rcprimak? Can you pop me your windowsupdate.log file? My email address is firstname.lastname@example.org.
There was a time zone update but Microsoft does not stealth download them. I have “download but do not install” and it did not come down.
Send me your log file and I’ll let you knwo what happened.
You sure that wasn’t a flash update? As I’m not seeing a time zone update applicable for Windows 8?
rc primak October 25th, 2012 at 13:10
@Susan — It was labeled in the Restore Point Data as follows:
“Time: 10/23/112 6:10:42 PM
Description: Install: Windows Modules Installer
Current time zone: Central Daylight Time”
Affected Programs from scan:
This is definitely not the recent Flash Player Update for Win 8 RP, which I got from MS Updates in the normal (for me, manual) way.
In Windows 8, I do indeed have the updates set to Notify but Let Me Choose.
How do you get the Updates Log in Windows 8?
My %windir%/Windowsupdate.log file was overwritten today by a 10/25/12 Windows Defender definitions update. No previous data exist in that location. The Windows Updates History shows no entries for any official MS Updates since 10/18/2012.
This is definitely a real update, it was done silently, and there is no record of it outside of the Restore Point it set. I have yet to scan for malware. It is by all indications a Time Zone Update.
MS Updates is not offering me the new Time Zone Update. I just checked. (It did however offer yet another NVidia graphics driver optional update.)
I have under Time Settings checked off to automatically adjust for Daylight Saving time. This is the only way I can think of that Microsoft could have gained permission to do this.
Without any Windows Update Log data surviving, this is about as far as I can think of to go to trakc down what actually has happened here.
rc primak October 26th, 2012 at 12:23
Hitman Pro, Super Antispyware and Windows Defender (MSE) in Quick Scans Modes, show nothing malicious. Not proof of the Stealth Update theory, but more evidence.
rc primak October 27th, 2012 at 03:45
Time Zone Update may not be what actually happened to me. It was definitely something, it was definitely stealth, but what it was, is still under investigation.
rc primak October 31st, 2012 at 15:00
Last night, Hitman Pro found Registry traces in Windows 8 of a possible piece of adware. This was the Babylon Toolbar, and it appears to have failed to install fully. Got rid of the traces. This or a Chrome update which included Pepper Flash Player, could have been the source of the Windows Modules Installer (TrustedInstaller) Restore Point on October 23rd.
In any event, Chrome DEV is OK under Win 8 RP, Babylon and funmoods are gone and did not return upon rebooting, and I have in hand but not yet installed, Windows 8 Pro System Builder, awaiting some spare time before I back up the whole laptop and attempt to install it.
Quite a chase these things led me on, eh? I wish Windows would keep better track of Silent Installs! They’re becoming very common, and if anything goes wrong, there’s little to guide repairs.
rc primak October 31st, 2012 at 15:03
BTW, I know about the timing of the pepperFlash update, because unlike IE 10, Chrome does keep track of Modified Dates with its plugins. But you have to dig to get at the records.
Still Holding at No.2 them Updates must be Ringers Wow) And Woody that’s Cool with the Political Theme Way to Go! Have a Good Weekend. Ron..
rc primak November 11th, 2012 at 09:44
Woody usually holds off until near the last minute before the next Patch Tuesday, just in case anything gets reissued or modified. This time should be no different. I’ll patch near that time in Windows XP and Windows 7, but I like to keep Windows 8 completely up to date, as my NVidia subsystem only gets Win 8 updated drivers from MS Updates, and you never know when a Win 8 IE 10 Flash Player update may show up.
I expect Win 8 patching to settle in to the old patterns in a few months.
Leave a reply