Posted on June 14th, 2012 at 10:49 11 comments
There’s been a lot of hubub about last Tuesday’s Microsoft patches.
The best piece of advice: DON’T use Internet Explorer – it’s been compromised once again, and apparently the exploit is widely distributed.
Tellingly, the only Black Tuesday patch to win ISC Storm Center‘s “Patch Now” status is the IE patch.
I see some advice from antivirus companies to install the other patches, but I don’t buy it. The .NET exploit might be a problem, but I haven’t heard of any active attacks on .NET – and patching .NET is always so much fun.
Keep your powder dry. I’m leaving us at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
Posted on May 24th, 2012 at 18:19 8 comments
Microsoft can’t get their act together. Patching .NET is always a hassle. It’s time for developers to throw in the towel and choose an alternative that works.
InfoWorld Tech Watch.
Posted on July 10th, 2011 at 06:57 10 comments
I’m moving to MS-DEFCON 4. If you’re willing to trudge through the details, you should apply most outstanding Microsoft patches. If you don’t want the headache, you can safely pass on the June Black Tuesday patches – for now.
Susan Bradley has an excellent roundup of the problems with the .NET patches in her Windows Secrets article. There are two .NET patches in this group, MS11-039 and MS11-044. They’ve spawned an evil mess of KB articles and, unfortunately, you have to wade through the KB numbers to get the right patches. These are the ones to avoid:
XP: KB 2478656, KB 2478658, KB 2478663, KB 2518864, KB 2530095, and KB 2518870;
Vista: KB 2478657, KB 2478659, and KB 2478663, KB 2518863, KB 2518865, and KB 2518870;
Win7: KB 2478662, KB 2478663, KB 2518867, KB 2518870, and KB 2518869
Like I said, it’s a mess. If you don’t want to fool around with individual patches, I say avoid the current round altogether: pick them up next month.
At this point, I would also avoid Office 2010 Service Pack 1. There’s no benefit in it, if you’ve kept up on patching Office 2010.
The other Microsoft patches look like they’re good to go.
By all means, make sure you download and run the Malicious Software Removal program, and apply Microsoft Security Essentials updates.
We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if youâ€™re affected and if things look OK, go ahead and patch.There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if youâ€™re affected and if things look OK, go ahead and patch.