MS-DEFCON 4: Time to get patched – and watch out for JavaPosted on September 5th, 2012 at 10:05 26 comments
Last month’s Black Tuesday patches had a bunch of surprises, according to the comments at the SANS Internet Storm Center, but it looks like things have settled down.
There’s one lingering stinker in the bunch: MS 12-060 (KB 2597986/2687323/2687441) can make older Office Visual Basic apps go wonky, with an “Unspecified Automation Error” message. Susan Bradley will have details – including a fix – in tomorrow’s Windows Secrets Newsletter.
The big, big Windows patching problem continues to be Java. Five months ago I was roundly criticized by some self-appointed experts for admonishing that It’s Time to Run Java Out of Town. By Jove, it’s more true now than ever. Oracle issued an “urgent” update to Java 7 last week – Update 7 fixed a big security hole that was being actively exploited. Apparently, researchers had warned Oracle about the flaw months ago, but they didn’t get around to patching until this week. Within hours of Update 7 being posted, the same security researchers announced that the new version had a similar security hole.
Brian Krebs has some good advice: “If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.”
So get your Microsoft patches applied, and think hard about how to wean yourself off the Java Runtime Environment.
I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.Windows Patches/Security August 2012 Black Tuesday, KB 2597986, KB 2687323, KB 2687441, MS 12-060, Unspecified Automation Error
26 responses to “MS-DEFCON 4: Time to get patched – and watch out for Java”
Drat (my techie brother’s word), I didn’t do my usual check here before I took the Java update prompt (remembering vaguely that it’s always been panned but…). So now I have to figure out how to disable it from Firefox and follow the advice you posted)- and I’ll do the Windows patches as it’s now Defcon 4. Old to be learning is not easy, but maybe my luck will hold…
rc primak September 6th, 2012 at 02:19
JRE is still needed to run some features of OpenOffice/LibreOffice. Tell your story to them, not us who use OpenOffice/LibreOffice.
Here here. I’m astounded that QuickBooks still requires the Java Runtime, too.
Applied patches, but now notice that my computer takes a bit longer to start-up (stays on the Windows screen with the floating color balls longer), and also takes longer after typing my login to go to my desktop (we’re talking about 10-15 seconds for the first and 10 or so for the second, whereas it used to do it, say, in 5 seconds each). I’m guessing one or more of the patches is responsible, but I just don’t have the time or ability to remove them all and install one by one to figure it out. Anything to be concerned about or any other similar reports?
Here are the updates I installed, so let me know if there is anything that could be causing the slight slowdown. Thanks!
Update for Windows 7 for x64-based Systems (KB2732500)
Update for Windows 7 for x64-based Systems (KB2729094)
Update for Windows 7 for x64-based Systems (KB2732487)
Update for Windows 7 for x64-based Systems (KB2647753)
Installation date: 9/5/2012 3:19 PM
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2722913)
Security Update for Windows 7 for x64-based Systems (KB2705219)
Security Update for Windows 7 for x64-based Systems (KB2731847)
Security Update for Windows 7 for x64-based Systems (KB2712808)
Windows Malicious Software Removal Tool x64 – August 2012 (KB890830)
Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.135.542.0)
Roger Sitterly September 6th, 2012 at 09:17
Don’t know if I’m the only one, but this month when I downloaded the MS patches, eight of them failed to install. I tried again, and they all failed again – and again a third time, so I did some online research and found an MS blog with the solution. I pass it along for those who might have experienced the same difficulty.
1) Close everything.
2) Click ‘Start’
3) Select ‘All Programs’
4) Select ‘Accessories’ folder
5) Find ‘Command Prompt’ and right click it.
6) In resulting dialog box, select ‘run as administrator’
7) In resulting dialog box asking if you want to allow the program to make changes, select ‘Yes’.
Key the following commands and press enter after each line. Wait for a new command prompt before keying the next line.
net stop wuauserv
ren %windir%\SoftwareDistribution SoftwareDistribution.OLD
net start wuauserv
9) Click ‘Start’
10) Select ‘All Programs’
11) Select ‘Windows Update’
12) Select ‘Check for Updates’
13) After updates are found, make sure the ones you want to install are marked, then select ‘Install Now’
This worked like a charm – the eight troublesome patches downloaded and installed without a hitch.
I don’t know why this problem arose, though I saw a comment somewhere saying that if you’ve made changes to your hard drive (such as partitioning), this might trigger the issue.
Roger Sitterly September 6th, 2012 at 09:18
Apologies for the smilie face – I didn’t know the “8)” would create it. I should have used “8:)
old skeptic September 6th, 2012 at 12:39
1) OpenOffice 3.3 (only one with needed localization) works only with JRE 6 …
2) LibreOffice at installation requires JRE 6 if in the PC is JRE 7 or none of the JRE
3) Local city webcam app works only with JRE 6 (and don’t work with JRE 7 or both 6 and 7 installed)
RCPrimac, Which features of Open Office use Java JRE? Is it specific parts, such as drawing, etc. or is it threaded through different uses/features? I have disabled Java as per instructions, but want to know which parts of Open Office 3.4 need JRE. I couldn’t find anything more specific online.
rc primak September 7th, 2012 at 18:37
There seems to be a possible Windows August Updates patching issue. A few of us at a local Computer Club have noticed that after applying the August 2012 MS Updates, our Ethernet (NIC) drivers stopped working, with the Yellow Triangle in the Windows Device Manager. Uninstalling and rescanning for new hardware reinstalled the same drivers as before, and all is well once again.
Although I don’t have (installed) MS Office, I got the same Office (2007) patches as everyone else.
I do not run McAfee security and never have. Neither have some of the others affected. No Kaspersky either.
I wonder which August MS Update(s) might have been responsible? I did no other patching at the time. None of us had updated our NIC drivers very recently. (My NIC is from Realtek, about three years old, with an updated driver as of May, 2012. )
You’ve probably answered this before, but do you recommended installing “recommended” as well as “important” updates?
Thanks for your great work.
Jonathan Breton September 10th, 2012 at 09:07
I Kick out Java of my browser
I rarely see a Recommended patch that’s worth installing.Frequently they’re warmed-over device drivers.
Any chance you iall installed a “Recommended” patch???
It sounds like the side effects were minor; I wouldn’t worry.
Hi Woody, 2 things:
One – I had problems on my Vista pc when I downloaded the following updates that came out in August
kb2722913, kb2705219, kb2712808, kb2731847, kb2596615, & kb2596856.
The problem was that the pc would just hang up on the screen where one enters a password to bring up the icons and start working on whatever you wanted to do. I had to shutoff machine and restart it everytime I wanted to use the pc and I know that this is not a good thing. Removed all of the above updates and no longer have a problem. Should I try to patch again with these?
Two – have a load of .NET framework updates sitting out on the updates that I refuse to bring onto my machine as per your advice on prior occassions. I use Mozilla Firefox and I am not into web development. Just surf the net, so should I update my .NET stuff or just let them sit there. Thanks for any advice you can give.
rc primak September 12th, 2012 at 16:03
Not likely that I and several others installed “recommended” patches. No drivers or anything like that, if that’s what you mean. Only my Toshiba Satellite (Realtek Ethernet) got the issue. The Winbook (older Realtek NIC) was not affected. The Toshiba’s problem was easily resolved, but there was also a residue on my (XP Pro) Winbook of a WGA Validation failure — once per account, resolved by re-registering WGA .dlls or some such (I used a MS Fixit for that). Possibly not even related. Maybe MS updated my Windows Updates mechanisms?
I find only a few OpenOffice features really need a Java Runtime to work. Some Database features, especially when connecting to an external database, such as my old-style Access databases. Probably the SMath module as well. Not much else that anyone would normally encounter, as far as I know. You’d find out pretty quickly if something else in OOO breaks.
Netscape’s original name was LiveScript, but they changed it to cash in on what was then the Java cachet. Very unfortunate!
rc primak September 12th, 2012 at 16:09
One more thing — OpenOffice is on Version 3.6 now. Version 3.4 may require an older JRE if it needs any JRE at all. The current JRE7update7 may not work with OOO 3.4. Both the OpenOfice and the JAva updates are security related.
rc primak September 12th, 2012 at 16:12
@old skeptic —
JRE7update7 worked for me (2 laptops, 3 Windows versions) right off the install with LibreOffice 3.6. Maybe you’re using an older LO version?
Not sure which of the August patches are messing up your system. You might try installing one a day for a while, and see if you can narrow it down.
I’d take the same approach with the .NET updates. Unfortunately, you need to apply them sooner or later. Just pick a day when you’re feeling very brave, and apply all of them. Chances are good you won’t have a problem, but if you do, uninstall the lot.
rc primak September 14th, 2012 at 02:45
Woody: Per your instructions:
“There’s one lingering stinker in the bunch: MS 12-060 (KB 2597986/2687323/2687441) can make older Office Visual Basic apps go wonky, with an “Unspecified Automation Error” message. Susan Bradley will have details – including a fix – in tomorrow’s Windows Secrets Newsletter.”
Have WinXP and Office 2003 – D’loaded all but the offered KB2687323. However, I can not find Susan Bradley’s fix in Secrets Newsletter.
Any suggestions on how to get her advice about what to do with the update?
Go ahead and install it.
The “fix” for the “Unspecified Automation Error” message is to reregister MSCOMCTL.OCX after applying MS 12-060. A Microsoft Fix it, and steps to fix it manually, are available at the following link:
Leave a reply