Woody Leonhard's no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon
  • MS-DEFCON 2: Another huge crop of patches

    Posted on May 15th, 2013 at 06:52 woody 17 comments

    The Black Tuesday patches are out and, as usual, there’s no reason to install any of them immediately…

    … with one exception: if you’re still using Internet Explorer 8, you should stop using it, as I explained in January. Get Firefox or Chrome (my current favorite) and stop using IE 8. If you absolutely must continue using IE 8, install MS13-038 / KB 2847204 (one of today’s patches) immediately. The hole covered by this patch was well documented weeks ago, and is now widely available.

    Let’s see how this month’s patches fare. We’ve had two bad patches so far this year, and a couple that were a bit dicey.

    I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

     

    17 responses to “MS-DEFCON 2: Another huge crop of patches”

    1. I am using IE 9. 2847204 is checked along with 12 other updates. Should I go ahead with 2847204 or wait until I install the other patches? Thanks.

    2. @Linda -

      If you have IE 9, there’s no reason to rush.

    3. I use firefox 20 and I never use IE only IE Tab plug in.

      I have a problem installing this patch KB2847204 that you mention it corrupt urlmon.dll that make WLMail no working.

      I dont update to IE9 cause I have a netbook with limited ram, then I don’t want to go with it, also I never use IE , but I can’t uninstall it

    4. Woody,
      I don’t have MS13-038 KB2047204 on either my XP box or my VISTA box.
      I use IE 8 on both of them only to get Windows Updates when You say OK.

      So I will get them on both computers today, Thanks!

      A question, I have been holding off getting IE9 on the Vista Home Basic box.
      Should I get IE9 on it?

      Thanks and God Bless!

    5. I got KB2847204 on the XP and Vista boxes.
      While I was at WU I noticed another IE8 update KB2829530, but I did as I was told and only grabbed KB2847204 this evening.

      Should I start using IE9 on the Vista box?

      On WU for the XP box there is an Optional KB931125 that I hadn’t allowed after reading Susan Bradley say something about it long time ago in Windows Secrets Free Edition newsletter.
      What do You think?

      Thanks again.

    6. Susan Bradley is recommending that it’s safe to apply KB 2840149 now. Woody, what’s your take on this patch?

    7. @RC -

      Susan is probably the world’s #1 expert on this patch, and if she says it’s safe, I’ll buy it.

      BUT. I, personally, won’t run out and install it. It patches a hole that’s only a problem if a bad guy logs on to your computer. If a bad guy can log on to your computer, you’ve got much bigger problems. From the KB article: “An attacker must have valid logon credentials and be able to log on locally to exploit the most severe vulnerabilities.”

      Given the history of this patch, I feel comfortable recommending that folks hold off until I give the all-clear next month.

    8. @MoreOff -

      I think you’re confused. I’m recommending that people NOT install the May Black Tuesday patches yet. It’s far too early to know if KB2847204, among others, is a stinker.

      Yes, absolutely, start using IE 9 on any box that’ll run it – Vista or Win7.

      I never, ever install Optional updates. The benefits rarely exceed the problems.

    9. @gus -

      I haven’t seen the problem of KB2847204 making Windows Live Mail stop working. What, exactly, is happening?

      The best way to use IE is to not use it.

    10. @Woody
      Why have you made the move to Chrome? I’ve heard it has serious privacy concerns and by defualt it auto updates.

      Since you are recomending users to hold off MS patches I’m surprised you swallow Google’s auto update system without so much as a hiccup.

      Am I missing something?

    11. @David -

      I’m not convinced that Google’s privacy invasion with Chrome is either more or less intrusive than Microsoft’s with Windows 8 Microsoft Account login, and IE 10. The Scroogled ads are just the pot calling the kettle black.

      Chrome autoupdates never seem to brick the browser. Can’t say the same for IE’s. Browser bricking isn’t a really big deal: if one goes belly-up, you can always use a different one.

      Chrome has many, many advantages over IE, but beyond that point the discussion turns into a religious debate.

    12. Firefox, imho is the best.

      But if you want Chrome without privacy invasion, you can install Chromium, the open sorce project from which Google Chrome derives.

      There is also a portable version.
      http://crportable.sourceforge.net/

    13. In response to the Chrome concerns…auto-updating isn’t really a problem. Chrome is definitely more likely to go belly-up if one goes to the developer or Canary channels.

    14. Chromium doesn’t run Google Apps.

    15. Woody,
      When I closed down yesterday, I saw a message come up not to shut off the computer because it was installing updates!
      I muttered a silent… well, it wasn’t a prayer, although that would have been more appropriate….
      When I turned it on tonight, it gave me some kind of message about installing update 44 of 44 and told me again not to shut the computer.
      Thank Heaven, nothing seems to be broken. But I think we do need a drill on preventing MS sneak attacks when closing the computer.
      All the best, Morty

    16. @Morty -

      Best bet is to choose “Notify but don’t download” for Automatic Updates. Instructions are on the “Automatic Updates” tab above.

    17. Woody,
      Thanks! Will set it up now!
      I guess setting it to just “Notify” would would limit MS to using only a semiautomatic!
      All the best,
      Gun-shy Morty

    Leave a reply