Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 3: Get patched, but beware

    Posted on January 4th, 2013 at 21:20 woody 23 comments

    It’s time to get caught up on your Microsoft patches.

    But there’s a problem. One of the patches is still causing problems – and we have several people posting here with details.

    Usually I try to use a green-light/red-light approach: either I recommend that you avoid all of the current patches, or I recommend that you install all of them. Keeping track of individual patches is a headache for most of you – and I don’t blame you for not wanting to sift through Microsoft’s detritus.

    This month, though, I really don’t have much of an option. The other December 2012 Black Tuesday patches are working well enough, and I figure you really should get them installed. 

    So here’s what I recommend. Go ahead and install all of the outstanding Microsoft patches EXCEPT MS12-078, which is identified in your Update list as KB 2753842. I haven’t heard of any real-world exploits that take advantage of that security hole, but I sure have heard a lot of wailing from people who have been zapped by it.

    While you’re thinking of it, if you run Internet Explorer 6, 7 or 8 (Nota Bene: if you have Windows XP, you are running IE 6, 7 or 8), you need to apply a Microsoft Fixit to plug a gaping hole in IE that’s currently being exploited. 

    A far better solution is to upgrade to IE 9, but if you have Windows XP that isn’t an option.

    To apply the Fixit, go to the Microsoft Security Advisory page, KB 2794220, scroll down and click on the first Fixit link that you see. (The second Fixit on the page is very poorly marked, but it’s the Fixit that undoes the first Fixit.) That’ll run a very simple program that plugs the security hole in IE 6, 7 and 8.

    To recap: Install all outstanding Microsoft patches, except MS12-078 / KB 2753842. And if you’re using IE 6, 7 or 8, and can’t upgrade to IE 9, run the Fixit.

    I’m moving us down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Oh. One other important note. Usually Susan Bradley’s Patch Watch column in Windows Secrets Newsletter only appears in the paid version. (In a unique twist, you get to decide how much you want to pay for a subscription.) This week, though, Patch Watch appears in the free and online versions of the newsletter. If you’ve never read Susan’s columns, you should take a look. They’re by far the best source of understandable, detailed, unbiased advice about Microsoft patches you’ll find anywhere.


    If that helped, take a second to support AskWoody on Patreon

    23 Responses to “MS-DEFCON 3: Get patched, but beware”

    1. Dennis says:

      Hi Woody, all patched, seemed to take a long time. Should I hide KB 2753842 or just let it keep popping up everyday. Thanks.

    2. Jack says:

      Hi Woody,

      I installed all four security patches, including KB 2753842 and have not noticed any problems. (However, I don’t use any of the software in question.)

      Is there anything I should look for in regards to if I might be having an issue I’m unaware of and need to uninstall it?


    3. Tom R, says:

      So thumb-up on the .NET patches?

    4. Ron says:

      Woody these are the Updates that i got i’m putting off the KB (2753842) the KB (2794220) i don’t have in my List nor did i find in my recent Updates. So i guess i’m cleared of this one.. Here is my List of Updates as of 1/5/2013:

      Update for Windows XP and Windows Server 2003 (KB2798897)

      (Security Update for Windows XP (KB2753842)
      Download size: 649 KB This One i will Not Update.!!!!)

      Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2761465)
      Download size: 10.2 MB

      Update for Windows XP (KB2779562)
      Download size: 512 KB

      Windows Malicious Software Removal Tool – December 2012 (KB890830)
      Download size: 3.5 MB

      Security Update for Windows XP (KB2758857)
      Typical download size: 295 KB

      Security Update for Windows XP (KB2779030)
      Typical download size: 433 KB

      Security Update for Windows XP (KB2770660)
      Typical download size: 269 KB

      Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
      Download size: 10.8 MB

      Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)
      Download size: 15 MB

      Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450)
      Download size: 14.1 MB

      Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
      Download size: 13.5 MB

      Thanks Woody for your Time Looking at this: Ron

    5. Charlie says:

      Concerning Ron’s comment:

      It’s nice to see that the size of Win XP updates are still measured in kilobytes! Most of the updates for Win 7 and Office 2010 are in the 10 to 30 megabyte range! If you don’t have a fast connection…

      Good luck to all.

    6. Marty says:

      Hi Woody,

      I see that the Susan Bradley column (to which you you provided a link) mentions that Microsoft re-released KB2753842 on December 20, and she recommends installing it. However, there several user postings in the Windows Secrets Lounge made after 12/20 that suggest problems with the revised patch.



    7. Steven Latus says:

      Woody, I just saw this article about the MS Fix-It for IE 8 and prior. In short, according to the article, the Fix-It doesn’t really, er, fix it, at least not fully. Link is below.


      • woody says:

        @Steven –

        Yep. The bad guys have already bypassed the Fixit. Doesn’t hurt to apply it, but if you use Internet Explorer, your tail’s still hanging in the wind.

    8. Marty says:


      On my Win7 machine there’s a second MS12-078 patch being offered. It is dated 12/11/2012, but this one carries the KB2779030 identifier. Like the problematic one (KB2753842), it purportedly addresses a “remote code execution” problem in Windows Kernel-mode Drivers.

      Do you recommend installing KB2779030? I’m not clear why Microsoft offers multiple patches with different KB numbers but with the same MS identifiers.

      Thanks as always.


      • woody says:

        @Marty –

        This particular security bulletin, MS12-078, fixed two completely different security holes. That’s why there are two KB numbers – a fairly common practice, as MS wants to minimize the number of MS12-xxx security bulletins, for publicity reasons, but needs to separately identify the patches. KB 2779030 appears to be benign. Go for it.

    9. Marty says:


      I was waiting to install KB 2779030 until I saw your comment about it. Today, oddly, that patch is no longer being offered on my Win7 machine. Usually, the previous month’s patches don’t disappear when new ones come out. Perhaps KB 2779030 has been superseded by one of the other patches released on 12/8?

    10. linwood says:

      Is it ok for me to install these windows updates now my comp is running slower than usual?

    11. linwood says:

      which updates are safe to install

      • woody says:

        @linwood –

        At this point I recommend that you refrain from installing any of this month’s patches. None of them are pressing.

        There’s a new Internet Explorer patch, released in the last 24 hours. I’d hold off on that one, too, unless you’re using Internet Explorer 6, 7, or 8 for day-to-day web browsing.

    12. EP says:

      Forget the FixIt solution from KB2794220.
      Microsoft has just posted MS13-008 (2799329( security updates for IE6, IE7 & IE8, which are way better than the KB2794220 fixit solutions for those affected IE versions.

    13. Marty says:

      Hi Woody,

      Are you still monitoring KB2753842, which you previously advised against installing? I haven’t seen any go-ahead for this one yet.




    Leave a Reply