|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
MS-DEFCON 4: Time to get patched – and watch out for Java
Posted on September 5th, 2012 at 10:05 26 commentsLast month’s Black Tuesday patches had a bunch of surprises, according to the comments at the SANS Internet Storm Center, but it looks like things have settled down.
There’s one lingering stinker in the bunch: MS 12-060 (KB 2597986/2687323/2687441) can make older Office Visual Basic apps go wonky, with an “Unspecified Automation Error” message. Susan Bradley will have details – including a fix – in tomorrow’s Windows Secrets Newsletter.
The big, big Windows patching problem continues to be Java. Five months ago I was roundly criticized by some self-appointed experts for admonishing that It’s Time to Run Java Out of Town. By Jove, it’s more true now than ever. Oracle issued an “urgent” update to Java 7 last week – Update 7 fixed a big security hole that was being actively exploited. Apparently, researchers had warned Oracle about the flaw months ago, but they didn’t get around to patching until this week. Within hours of Update 7 being posted, the same security researchers announced that the new version had a similar security hole.
Brian Krebs has some good advice: “If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.”
So get your Microsoft patches applied, and think hard about how to wean yourself off the Java Runtime Environment.
I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.
Windows Patches/Security August 2012 Black Tuesday, KB 2597986, KB 2687323, KB 2687441, MS 12-060, Unspecified Automation Error26 responses to “MS-DEFCON 4: Time to get patched – and watch out for Java”
-
Drat (my techie brother’s word), I didn’t do my usual check here before I took the Java update prompt (remembering vaguely that it’s always been panned but…). So now I have to figure out how to disable it from Firefox and follow the advice you posted)- and I’ll do the Windows patches as it’s now Defcon 4. Old to be learning is not easy, but maybe my luck will hold…
-
rc primak September 6th, 2012 at 02:19
JRE is still needed to run some features of OpenOffice/LibreOffice. Tell your story to them, not us who use OpenOffice/LibreOffice.
-
@RC -
Here here. I’m astounded that QuickBooks still requires the Java Runtime, too.
-
Applied patches, but now notice that my computer takes a bit longer to start-up (stays on the Windows screen with the floating color balls longer), and also takes longer after typing my login to go to my desktop (we’re talking about 10-15 seconds for the first and 10 or so for the second, whereas it used to do it, say, in 5 seconds each). I’m guessing one or more of the patches is responsible, but I just don’t have the time or ability to remove them all and install one by one to figure it out. Anything to be concerned about or any other similar reports?
Also, it might be a good idea to specify that Javascript in Firefox (or elsewhere) is different than Java Runtime. I realize most people know this, but I used to not, and reading your post, some my be confused between a Java add-on and the built-in Javascript in Firefox (or other browsers) and think they have to turn that off or something (which would make posting on message boards a pain!). Unless, I’m totally wrong, then let me know so I can turn off Javascript!
Here are the updates I installed, so let me know if there is anything that could be causing the slight slowdown. Thanks!
Update for Windows 7 for x64-based Systems (KB2732500)
Update for Windows 7 for x64-based Systems (KB2729094)
Update for Windows 7 for x64-based Systems (KB2732487)
Update for Windows 7 for x64-based Systems (KB2647753)
Installation date: 9/5/2012 3:19 PM
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2722913)
Security Update for Windows 7 for x64-based Systems (KB2705219)
Security Update for Windows 7 for x64-based Systems (KB2731847)
Security Update for Windows 7 for x64-based Systems (KB2712808)
Windows Malicious Software Removal Tool x64 – August 2012 (KB890830)
Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.135.542.0)
-
Roger Sitterly September 6th, 2012 at 09:17
Don’t know if I’m the only one, but this month when I downloaded the MS patches, eight of them failed to install. I tried again, and they all failed again – and again a third time, so I did some online research and found an MS blog with the solution. I pass it along for those who might have experienced the same difficulty.
1) Close everything.
2) Click ‘Start’
3) Select ‘All Programs’
4) Select ‘Accessories’ folder
5) Find ‘Command Prompt’ and right click it.
6) In resulting dialog box, select ‘run as administrator’
7) In resulting dialog box asking if you want to allow the program to make changes, select ‘Yes’.
Key the following commands and press enter after each line. Wait for a new command prompt before keying the next line.net stop wuauserv
ren %windir%\SoftwareDistribution SoftwareDistribution.OLD
net start wuauserv
exit9) Click ‘Start’
10) Select ‘All Programs’
11) Select ‘Windows Update’
12) Select ‘Check for Updates’
13) After updates are found, make sure the ones you want to install are marked, then select ‘Install Now’This worked like a charm – the eight troublesome patches downloaded and installed without a hitch.
I don’t know why this problem arose, though I saw a comment somewhere saying that if you’ve made changes to your hard drive (such as partitioning), this might trigger the issue.
-
Roger Sitterly September 6th, 2012 at 09:18
Apologies for the smilie face – I didn’t know the “8)” would create it. I should have used “8:)
-
old skeptic September 6th, 2012 at 12:39
1) OpenOffice 3.3 (only one with needed localization) works only with JRE 6 …
2) LibreOffice at installation requires JRE 6 if in the PC is JRE 7 or none of the JRE
3) Local city webcam app works only with JRE 6 (and don’t work with JRE 7 or both 6 and 7 installed)
-
RCPrimac, Which features of Open Office use Java JRE? Is it specific parts, such as drawing, etc. or is it threaded through different uses/features? I have disabled Java as per instructions, but want to know which parts of Open Office 3.4 need JRE. I couldn’t find anything more specific online.
-
rc primak September 7th, 2012 at 18:37
Woody —
There seems to be a possible Windows August Updates patching issue. A few of us at a local Computer Club have noticed that after applying the August 2012 MS Updates, our Ethernet (NIC) drivers stopped working, with the Yellow Triangle in the Windows Device Manager. Uninstalling and rescanning for new hardware reinstalled the same drivers as before, and all is well once again.
Although I don’t have (installed) MS Office, I got the same Office (2007) patches as everyone else.
I do not run McAfee security and never have. Neither have some of the others affected. No Kaspersky either.
I wonder which August MS Update(s) might have been responsible? I did no other patching at the time. None of us had updated our NIC drivers very recently. (My NIC is from Realtek, about three years old, with an updated driver as of May, 2012. )
-
Hi Woody,
You’ve probably answered this before, but do you recommended installing “recommended” as well as “important” updates?
Thanks for your great work.
-Marty
-
Jonathan Breton September 10th, 2012 at 09:07
I Kick out Java of my browser
-
@Marty -
I rarely see a Recommended patch that’s worth installing.Frequently they’re warmed-over device drivers.
-
@RC -
Any chance you iall installed a “Recommended” patch???
-
-
@Jack -
It sounds like the side effects were minor; I wouldn’t worry.
No need to remove Javascript. The bugbear is the Java Runtime Environment, or JRE. In spite of the name similarity, Javascript is fine.
-
Hi Woody, 2 things:
One – I had problems on my Vista pc when I downloaded the following updates that came out in August
kb2722913, kb2705219, kb2712808, kb2731847, kb2596615, & kb2596856.
The problem was that the pc would just hang up on the screen where one enters a password to bring up the icons and start working on whatever you wanted to do. I had to shutoff machine and restart it everytime I wanted to use the pc and I know that this is not a good thing. Removed all of the above updates and no longer have a problem. Should I try to patch again with these?
Two – have a load of .NET framework updates sitting out on the updates that I refuse to bring onto my machine as per your advice on prior occassions. I use Mozilla Firefox and I am not into web development. Just surf the net, so should I update my .NET stuff or just let them sit there. Thanks for any advice you can give. -
Woody,
I disabled Java Console in my Firefox extensions. Then I also disabled JavaScript in my Options. That “broke” my Readability.com bookmarket. I figured, OK, it’s worth it. But now it pulled out the rug from under Gmail! I got this message trying to open Gmail:
JavaScript must be enabled in order for you to use Gmail in standard view. However, it seems JavaScript is either disabled or not supported by your browser. To use standard view, enable JavaScript by changing your browser options, then try again.
To use Gmail’s basic HTML view, which does not require JavaScript, click here.
Is it safe to re-enable JavaScript?
Morty -
rc primak September 12th, 2012 at 16:03
@Woody –
Not likely that I and several others installed “recommended” patches. No drivers or anything like that, if that’s what you mean. Only my Toshiba Satellite (Realtek Ethernet) got the issue. The Winbook (older Realtek NIC) was not affected. The Toshiba’s problem was easily resolved, but there was also a residue on my (XP Pro) Winbook of a WGA Validation failure — once per account, resolved by re-registering WGA .dlls or some such (I used a MS Fixit for that). Possibly not even related. Maybe MS updated my Windows Updates mechanisms?@Sanda –
I find only a few OpenOffice features really need a Java Runtime to work. Some Database features, especially when connecting to an external database, such as my old-style Access databases. Probably the SMath module as well. Not much else that anyone would normally encounter, as far as I know. You’d find out pretty quickly if something else in OOO breaks.It is indeed unfortunate that the name “Javascript” is still in use for the Web standard, which is really ECMA Script. This has been the name of the scripting language since Java (later Sun, and now Oracle) trademarked the name JavaScript in 1995. The “Javascript” name should have been discontinued for the scripting language as soon as ECMA got hold of it from Netscape. But history has sided with the incorrect name, and here we sit in 2012 with the confusion still with us.
Netscape’s original name was LiveScript, but they changed it to cash in on what was then the Java cachet. Very unfortunate!
-
rc primak September 12th, 2012 at 16:09
@Sanda –
One more thing — OpenOffice is on Version 3.6 now. Version 3.4 may require an older JRE if it needs any JRE at all. The current JRE7update7 may not work with OOO 3.4. Both the OpenOfice and the JAva updates are security related. -
rc primak September 12th, 2012 at 16:12
@old skeptic —
JRE7update7 worked for me (2 laptops, 3 Windows versions) right off the install with LibreOffice 3.6. Maybe you’re using an older LO version? -
@Morty -
It’s safe to run JavaScript. Very confusing, but JavaScript isn’t the same thing as Java. I’ll put together an article on this for Windows Secrets Newsletter in a couple of weeks…
-
@Jose -
Not sure which of the August patches are messing up your system. You might try installing one a day for a while, and see if you can narrow it down.
I’d take the same approach with the .NET updates. Unfortunately, you need to apply them sooner or later. Just pick a day when you’re feeling very brave, and apply all of them. Chances are good you won’t have a problem, but if you do, uninstall the lot.
-
rc primak September 14th, 2012 at 02:45
@Morty —
My Firefox (32-bit Windows XP) has had the Java Console disabled for many Firefox version upgrades. And nothing breaks. NoScript and AdBlock Plus are usually responsible for “Enable Javascript” errors at websites, especially GMail and Yahoo. Bookmarklets rarely use Java, but often run Javascript, which ad and script blocking Extensions do block. -
Woody: Per your instructions:
“There’s one lingering stinker in the bunch: MS 12-060 (KB 2597986/2687323/2687441) can make older Office Visual Basic apps go wonky, with an “Unspecified Automation Error” message. Susan Bradley will have details – including a fix – in tomorrow’s Windows Secrets Newsletter.”
Have WinXP and Office 2003 – D’loaded all but the offered KB2687323. However, I can not find Susan Bradley’s fix in Secrets Newsletter.
Any suggestions on how to get her advice about what to do with the update?Thanks
-
@Ann -
Go ahead and install it.
-
@Ann -
The “fix” for the “Unspecified Automation Error” message is to reregister MSCOMCTL.OCX after applying MS 12-060. A Microsoft Fix it, and steps to fix it manually, are available at the following link:
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- NEW >> Windows 8 All-In-One For Dummies
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)