MS-DEFCON 4: Time to get patched

It looks like the December Black Tuesday patches have stabilized.

As usual, there was much wailing and gnashing of teeth with the gigantic Internet Explorer patch update, known as MS09-072 or KB 976325, but you’re used to those by now, right? Besides, you use Firefox (or Chrome of Opera), and you realize that you have to apply the Internet Explorer patches to keep Windows safe, but you wouldn’t actually use IE, right?

There’s one lingering glitch in the patches: installing MS09-073 / KB 973904 can introduce weird bugs in the way Microsoft’s text converters work. (The patch only applies to Windows XP and 2000.) If you install the patch and suddenly get either of these messages while trying to open a file:

Word cannot start the converter mswrd632
Cannot load Word for Windows 6.0 files

you’ve fallen victim to the bug in the MS09-073 patch. See Knowledge Base article KB 973904 for a fix.

I think of that as an example of sloppy patching on Microsoft’s part. There doesn’t seem to be any rush to fix the patch, probably because it’s very uncommon – and, hey, it’s for Windows XP, which isn’t high on anybody’s priority list right now. Except, of course, those of you who run Windows XP.

Anyway, I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch. You should use Microsoft Update to get all outstanding MS patches applied.

Oh. I had a question from a reader about applying all of the patches. Yes, you should apply every Microsoft patch that’s offered to you by Windows Update, even if it’s a patch for a program that you don’t think you have installed. For example, if you’re offered a patch for Outlook, and you don’t think you have Outlook, go ahead and install the patch anyway. It probably won’t hurt anything, and it may be futzing with something behind the scenes.

Problems with the December Black Tuesday patches

Windows Secrets Newsletter just hit the stands, and Susan Bradley’s column has a bunch of information about problems with December Black Tuesday fixes.

The most bizarre of the bunch is the bug in the patch for WordPad. (Yes, WordPad.) MS09-073/KB 973904 can, under certain circumstances, prevent WordPad from opening files. MS documents a registry change that fixes the problem in KB 973904.

Susan’s column goes into great detail on several additional fixed security problems that aren’t in “official” Security Bulletins. Interesting reading.

MS-DEFCON 2: Six more Security Bulletins

Microsoft just announced its payload for December Black Tuesday. I just love the new graph they’re publishing every month. Sure looks impressive, doesn’t it? Unfortunately, I don’t see how it gives Microsoft’s customers any useful information.

Far better, as usual, is the SANS Internet Storm Center summary. From that source, it’s obvious that there’s not too much happening, as long as you don’t use Internet Explorer. Which you don’t, right?

There aren’t any known exploits for any of the patches, other than the inevitable IE patch, MS09-072.

As is my wont, I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

Let’s see what shakes out.

Six Security Bulletins coming

As part of its regular pre-announcement series, MS has said that it will release six Security Bulletins next Tuesday, covering twelve separately identified security holes.

A couple of interesting notes.

We want to make customers aware that we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday. We know that customers are concerned about this issue and we are also aware that Proof of Concept (PoC) code is available publicly.

There’s a patch or two for Project 2000 (yawn), Word and Works 8.5 (another yawn).

The rest of it looks plain-vanilla to me. Get yourself patched up, for now, then make sure automatic updating is turned off. We remain at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented on this site.