Adobe patches June 2013

This just in from EP:

In addition to the June 2013 security updates Microsoft has released, Adobe has released new Flash Player security updates mentioned in Adobe security bulletin APSB13-16

For Windows 8 and Windows Server 2012 users, get the recent Adobe Flash
player security updates from Microsoft support KB article 2847928

Black Tuesday is here, batten down the hatches

Microsoft has a relatively light bunch of patches coming out of the Automatic Update chute today.

Now’s the time to double-check and make sure that you have Windows Automatic Update set to “Notify but don’t download.” Details on the “Automatic Update” tab above.

Microsoft plans to issue five security bulletins, only one of which – another IE patch – is rated critical. Turn off Auto Update now, and let’s see what kind of offal hits the fan.

I’m moving us back up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

MS-DEFCON 5: Get all Microsoft patches applied NOW

There’s never been a better time — at least, not recently — to get all of Microsoft’s patches applied. Go, go, go.

The lingering problem with KB 2823324 has been fixed with KB 2840149, and the fix (unlike so many other fixes in the past) seems to be working well.

The May 2013 Black Tuesday patches have passed the “cannon fodder” test. Install them.

Several of you are still reticent about installing Internet Explorer 10 on your Windows 7 systems. There were some problems with the first iterations of IE 10 running on Win7, but now all looks good. Install it.

Go, go, go.

I’m lowering us to a (very unusual) MS-DEFCON 5: All’s clear. Patch while it’s safe.

Adobe Reader and Flash Player updates, and Avira vs Win8

This just in from EP -

Another round of monthly security updates for Adobe Reader and Adobe Flash Player have been posted this May.

Adobe security bulletin APSB13-15 mentions new security patches for Adobe Reader:
http://www.adobe.com/support/security/bulletins/apsb13-15.html
while Adobe security bulletin APSB13-14 mentions new security patches for Flash Player:
http://www.adobe.com/support/security/bulletins/apsb13-14.html

As for Avira Antivirus software and Windows 8, only Avira Free Antivirus (aka. Avira
Antivir Personal) has been certified as Windows 8 compatible since early April 2013
as mentioned here:
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1385
the rest of their products (Avira Antivirus Premium, Avira Internet Security, etc.) have yet to receive the Windows 8 certification from Microsoft.

MS-DEFCON 2: Another huge crop of patches

The Black Tuesday patches are out and, as usual, there’s no reason to install any of them immediately…

… with one exception: if you’re still using Internet Explorer 8, you should stop using it, as I explained in January. Get Firefox or Chrome (my current favorite) and stop using IE 8. If you absolutely must continue using IE 8, install MS13-038 / KB 2847204 (one of today’s patches) immediately. The hole covered by this patch was well documented weeks ago, and is now widely available.

Let’s see how this month’s patches fare. We’ve had two bad patches so far this year, and a couple that were a bit dicey.

I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

KB 2670838 fries Firefox fonts

Thanks to Arianna…

Our old favorite botched Windows update patch, KB 2670838, has even more tricks up its sleeve.

InfoWorld Tech Watch.

MS-DEFCON 3: Install all patches except one, KB 2840149

I’ve been waiting, hoping that we’d get some sort of definitive word on whether the patch for the botched patch last month is working. So far, I’ve heard mixed results, with some people posting on this forum saying the new patch, KB  2840149, is causing problems. I DON’T recommend that you install the patch-of-a-patch KB 2840149.

You shouldn’t be offered the earlier patch, KB 2823324, which proved so problematic. If you didn’t take my advice and installed that patch (in particular, if you had Automatic Update turned on around April 11), Microsoft sill recommends that you remove it. Use Control Panel’s Add or Remove Programs.

There are also known problems with MS13-036/KB 2808735, but they’re obscure, and it’s highly unlikely you’ll hit them.

So I’m straddling the middle, moving to MS-DEFCON 3. Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. In particular, avoid installing KB 2840149.

Let’s hope Microsoft has better luck with the May crop of Black Tuesday patches.

P.S. If you have Windows 7, don’t install Internet Explorer 10 yet. Give it a while to sink in.

P.P.S. From the comments:

@Jack, @Ken -

I should’ve been more explicit. Yes, please do install KB2670838. That KB article is now up to version 7.0. In theory, if the patch encounters a system that it’ll nuke, the installer will tell you that it didn’t install the patch. If that happens to you, take a look at the KB article and see if there’s a new video driver which doesn’t have compatibility problems. I haven’t heard of any problems with the patch for about a month.

Microsoft re-releases botched KB 2823324 as KB 2840149

But there’s more to the story…

InfoWorld Tech Watch.