MS-DEFCON 4: Get patched now

The July Black Tuesday patches have come and gone, and they’re not too bad.

Now’s a good time to get patched up. I recommend that you apply all outstanding Microsoft patches, then make sure you have Automatic Update turned off in anticipation of next week’s onslaught.

Those of you with Windows XP Service Pack 2 or Windows 2000, or if you use ESET NOD32 antivirus, please note the blog entry below. You’ve got some interesting times ahead.

I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

UPDATE: Sorry, I should’ve made it more clear. Yes, I’m recommending that you go ahead, throw up your hands and give in to the offered .NET patches. I don’t think there’s any chance MS is going to fix any of them from this point – so patch ‘em and brace yourself for the next round.

LNK patch went pretty well, but XP SP2 users note

I have a rundown on the aftermath of the LNK patch, posted in the InfoWorld Tech Watch blog. Basically, the major problems cropped up for those using ESET NOD32.

In spite of some initial confusion, MS did NOT release a patch for Windows XP Service Pack 2, or for Windows 2000. There’s a tip for those with SP2 in that blog entry. Folks with Windows 2000 are basically SOL. (That’s a technical term.)

Get ready to install the out-of-band LNK patch coming on Monday

I never, ever, ever recommend that you install an unproven patch.

Except this time.

On Monday, Microsoft will release an out-of-band patch that fixes the link file icon rendering 0day hole I talked about two weeks ago. Brian Krebs has a good synopsis here.

Even though it may break things, MS has put this patch through a lot of tests. Chances are good it won’t break anything important. And the bad guys are using the exploit right now.

Best to apply this patch – and this patch only – on Monday morning.

Understanding the LNK 0day “USB drive” security hole

If you’re confused and concerned about all the talk of a USB-based security hole in Windows, there’s more and less to the matter than what you’ve probably heard.

I have an article on InfoWorld Tech Watch that tries to explain what’s happening. Basically, the problem has nothing to do with USB drives or whether AutoRun is enabled on a PC or not. It has everything to do with how Windows handles calls for showing the icons in a shortcut.

Right now there’s nothing you can do about it, but be of good cheer: there aren’t any exploits in the wild (far as anyone knows) except the original one, which targeted businesses with a Siemens SCADA industrial computer system. On the other hand, there’s a working “exploit” now available via Metsploit, so more cracks are undoubtedly on their way.

Stay tuned.

UPDATE: Oooops. I gave you a bad link, originally. There’s now a fix, described in this Tech Watch post.

MS-DEFCON 2: Get patched, then shut down Auto updates – fix for the Help 0day coming

Microsoft has announced that it will deliver four security bulletins on Tuesday July 13.

Three of them don’t appear to be terribly interesting, but one of them must be. Quoth Microsoft:

We are also closing Security Advisory 2219475 (Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution) with a comprehensive update that addresses the issue currently under attack.

Looks like MS is finally going to plug the security hole I talked about a week ago. I’m still not convinced it’s a Big Deal, but it’ll be nice to get it fixed.

Get all of the MS patches applied, except the .NET patches, then make sure you have Automatic Updates turned off. Let’s see what Tuesday will bring.

MS-DEFCON 4: Apply all patches except the .NET updates

It’s time to get patched up, but watch out for one giant collection of problems, disguised as updates.

Susan Bradley, in her June 24 article in Windows Secrets Newsletter, talks about the pain of trying to keep up-to-date with .NET patches. I’ve always disliked .NET and detested .NET patching – the people who put together the patches have created an unholy mess. Susan gives a few of the details.

So I’m going to suggest you apply all of the currently outstanding Windows and Office patches, EXCEPT the .NET patches. Susan lists them as:

KB 982670 ,KB 982524 for Windows XP and Windows Server 2003, KB 982525 for Vista and Server 2008, and KB 982526 for Win7 and Windows Server 2008 R2. She also mentions KB  956250. I hate to do this to you, but when you go into Microsoft Update or Windows Update, jot down all of those numbers and DON’T apply those updates.

There isn’t a single .NET update that’s of any significance. (One could argue that there haven’t been any real improvements in .NET patches in many moons – only added headaches.)

So get patched up now. And if you use Windows XP, see the next blog item to run a little fixit that’ll protect you from a 0day that (in my opinion) is way overblown.

I’m rolling us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

That Windows XP “Help Center” 0day

Jacie wrote in one of the comments about seeing a BBC report on a Windows XP 0day security hole associated with the Help & Support function. Brian Krebs has a good discussion of it on his site.

I’m not convinced it’s a major problem, but there’s no reason to sit and wait for Microsoft to patch it. If you’re still using Windows XP, go to KB article 2219475 and apply the fixit.

June Black Tuesday patch clobbering SharePoint servers

Looks like MS10-039 is taking out a wide swath of Microsoft SharePoint Server systems.

It’s a complicated problem, with no simple solution. Compounding the problem is the fact that you can’t uninstall the security patch.

I have a more detailed look over on my InfoWorld blog.

Maybe Microsoft will fix it. Or maybe not. Amazing, eh?