MS-DEFCON 4: Time to get patched

It looks like the December Black Tuesday patches have stabilized.

As usual, there was much wailing and gnashing of teeth with the gigantic Internet Explorer patch update, known as MS09-072 or KB 976325, but you’re used to those by now, right? Besides, you use Firefox (or Chrome of Opera), and you realize that you have to apply the Internet Explorer patches to keep Windows safe, but you wouldn’t actually use IE, right?

There’s one lingering glitch in the patches: installing MS09-073 / KB 973904 can introduce weird bugs in the way Microsoft’s text converters work. (The patch only applies to Windows XP and 2000.) If you install the patch and suddenly get either of these messages while trying to open a file:

Word cannot start the converter mswrd632
Cannot load Word for Windows 6.0 files

you’ve fallen victim to the bug in the MS09-073 patch. See Knowledge Base article KB 973904 for a fix.

I think of that as an example of sloppy patching on Microsoft’s part. There doesn’t seem to be any rush to fix the patch, probably because it’s very uncommon – and, hey, it’s for Windows XP, which isn’t high on anybody’s priority list right now. Except, of course, those of you who run Windows XP.

Anyway, I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch. You should use Microsoft Update to get all outstanding MS patches applied.

Oh. I had a question from a reader about applying all of the patches. Yes, you should apply every Microsoft patch that’s offered to you by Windows Update, even if it’s a patch for a program that you don’t think you have installed. For example, if you’re offered a patch for Outlook, and you don’t think you have Outlook, go ahead and install the patch anyway. It probably won’t hurt anything, and it may be futzing with something behind the scenes.

Problems with the December Black Tuesday patches

Windows Secrets Newsletter just hit the stands, and Susan Bradley’s column has a bunch of information about problems with December Black Tuesday fixes.

The most bizarre of the bunch is the bug in the patch for WordPad. (Yes, WordPad.) MS09-073/KB 973904 can, under certain circumstances, prevent WordPad from opening files. MS documents a registry change that fixes the problem in KB 973904.

Susan’s column goes into great detail on several additional fixed security problems that aren’t in “official” Security Bulletins. Interesting reading.