MS-DEFCON 2:Get ready for another round of patches

Actually, Microsoft released the Security Bulletins accidentally last week, but yanked them. From what I saw, there aren’t any real killer patches in September either.

Recapping: If you regularly use Internet Explorer, you can apply the August patches. But if you use any other browser, there’s no pressing reason to apply any of the August patches.

Wait for the September patches – due out on Tuesday – and let’s see what happens.

Zombie cookies won’t die

A researcher caught Microsoft using two different kinds of zombie cookies on the MSN site, the English home page of microsoft.com, and the Microsoft Store.

I thought zombie cookies were going away, so this was a real eye-opener.

See my InfoWorld Tech Watch article.

MS-DEFCON 3: The .NET patches are broken again, but others look OK

Now it gets ugly.

Usually, I try to give a blanket up-or-down, yes-or-no signal on each crop of monthly patches. The August Black Tuesday patches aren’t so neat.

The only really interesting patch this month is MS11-057/KB 2559049. It’s another big rollup patch for every version of Internet Explorer, from 6 to 9. If you use IE to surf the web, you should seriously consider installing it. I haven’t heard of any killer problems – and it does plug a number of gaping holes.

The other patches this month are either boring or ugly. There are many reports of the .NET patches, MS11-066 and MS11-069, breaking things. So what else is new – Microsoft’s never been able to deliver sound .NET patches the first time around.

So I’m going to run us down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

Specifically, if you use IE, you need to get patched up. If you don’t use IE, I don’t see any reason at all to sacrifice your system to the .NET patch inanities; don’t bother patching just yet.

MS-DEFCON 1: This month’s bunch is a baaaaaaad bunch

The Black Tuesday patches are out, and they’re a mess.

Make sure you have automatic updates turned off, and let’s wait this one out.

I’m moving us to MS-DEFCON 1: Current Microsoft patches are causing havoc. Don’t patch.

Yeah, it’s that bad.

UPDATE: MS11-057 is supposed to be a likely candidate for exploitation in the near future. The warnings focus on Internet Explorer drive-by infections, and the patch includes a fix for Internet Explorer 9. The solution? You’re using Firefox, Chrome, Safari, or one of the other browsers, yes?

MS-DEFCON 4: Install all Microsoft patches

I’ve been looking at the ongoing problems with the .NET patches, and with Office 2010 SP1, and decided to give the blanket go-ahead again. There are a few real problems with the .NET patches, but I don’t see them getting better any time soon, so I’m recommending that you go ahead and install all of them.

If you’re paranoid about the .NET patches, look at the list I published last month, and avoid them again.

But I’ve installed them and Office 2010 SP1 on all of my machines, and nothing’s gone belly-up.

I suggest you do the same.

I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

MS-DEFCON 2: Make sure auto updates are turned off

It’s Black Tuesday again.

Time to make sure all of your computers have Microsoft (or Windows) automatic update turned off.

Let’s see how this month’s drama plays out: four bulletins, only one of which is critical, and MS says it’ll be difficult cracking that one.

MS-DEFCON 4: Pass on a couple of patches

I’m moving to MS-DEFCON 4. If you’re willing to trudge through the details, you should apply most outstanding Microsoft patches. If you don’t want the headache, you can safely pass on the June Black Tuesday patches – for now.

Susan Bradley has an excellent roundup of the problems with the .NET patches in her Windows Secrets article. There are two .NET patches in this group, MS11-039 and MS11-044. They’ve spawned an evil mess of KB articles and, unfortunately, you have to wade through the KB numbers to get the right patches. These are the ones to avoid:

XP: KB 2478656, KB 2478658, KB 2478663, KB 2518864, KB 2530095, and KB 2518870;

Vista: KB 2478657, KB 2478659, and KB 2478663, KB 2518863, KB 2518865, and KB 2518870;

Win7: KB 2478662, KB 2478663, KB 2518867, KB 2518870, and KB 2518869

Like I said, it’s a mess. If you don’t want to fool around with individual patches, I say avoid the current round altogether: pick them up next month.

At this point, I would also avoid Office 2010 Service Pack 1. There’s no benefit in it, if you’ve kept up on patching Office 2010.

The other Microsoft patches look like they’re good to go.

By all means, make sure you download and run the Malicious Software Removal program, and apply Microsoft Security Essentials updates.

We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

Why is it so hard to push good .NET patches?

Hard to imagine what patching Windows 8 will be like, if MS can’t even get .NET 3.0 patched correctly.

InfoWorld Tech Watch.