Cleaning up after massive Patch Tuesday

Topic

New Reply

	PATCH WATCH[/size][/font] Cleaning up after massive Patch Tuesday[/size]
	By Susan Bradley While much of the world turns its attention to this week’s royal wedding of Will and Kate, I’m still cleaning up the royal mess following the largest Patch Tuesday we’ve had. PowerPoint 2003 finally is fixed, but headaches remain for .Net and other updates.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2011/04/28/06 (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table.

Patch [/size]	Released [/size]	Description [/size]	Status [/size]
2492386 [/size]	04-26 [/size]	Application compatibility for April [/size]	Hold [/size]
982018 [/size]	04-26 [/size]	Advanced Format Disk update [/size]	Hold [/size]
2512715 [/size]	04-26 [/size]	Windows 2008 R2 server core update [/size]	Hold [/size]
2506928 [/size]	04-26 [/size]	IE 9 and Outlook update [/size]	Hold [/size]
976932 [/size]	02-22 [/size]	Windows 7 Service Pack 1 [/size]	Hold [/size]
2446708 [/size]	04-12 [/size]	.NET 4 — historic patching issues [/size]	Hold [/size]
2446709 [/size]	04-12 [/size]	.NET 2/3.5 — historic patching issues; KB 2446710 for Win7 SP1, KB 2446704 for XP [/size]	Hold [/size]
2509470 [/size]	04-12 [/size]	Extended Protection for Outlook — patch recalled [/size]	Hold [/size]
2467023 [/size]	02-08 [/size]	Win7 fix; load/unload binaries flaw [/size]	Wait [/size]
2467174 [/size]	04-12 [/size]	Visual C++ redistributable — check LOB impact [/size]	Wait [/size]
2467175 [/size]	04-12 [/size]	Visual C++ 2005 redistributable — check LOB impact [/size]	Wait [/size]
2511250 [/size]	04-12 [/size]	Printing fix for IE 9 — hold back on IE 9 upgrade for now [/size]	Wait [/size]
971029 [/size]	02-22 [/size]	Flash-drive patch for Windows XP [/size]	Optional [/size]
2387530 [/size]	02-22 [/size]	Win7 hotfix for configuring Wi-Fi services [/size]	Optional [/size]
2484033 [/size]	02-22 [/size]	XPS document print patch for Windows 7 [/size]	Optional [/size]
2487426 [/size]	02-08 [/size]	Win7 fix — running x32 apps in x64 OS (post-SP1 update) [/size]	Optional [/size]
2505438 [/size]	02-22 [/size]	Fixes possible performance problems running some apps [/size]	Optional [/size]
947821 [/size]	02-22 [/size]	Windows System Update Readiness fix for SP1 [/size]	Install [/size]
2393802 [/size]	02-22 [/size]	Kernel patch triggered BSOD; use Symantec solution [/size]	Install [/size]
2464588 [/size]	04-12 [/size]	PowerPoint 2003 — follow up with KB 2543241 if needed [/size]	Install [/size]
2497640 [/size]	04-12 [/size]	Internet Explorer — attacks in the wild [/size]	Install [/size]
2502786 [/size]	04-12 [/size]	Excel 2003; KB 2466169 for Excel 2002, 2464583 for Excel 2007, 2466146 for Excel 2010 [/size]	Install [/size]
2506014 [/size]	04-12 [/size]	Hardening the system for prevention of rootkits [/size]	Install [/size]
2506223 [/size]	04-12 [/size]	Windows Kernel — wait for further testing [/size]	Install [/size]
2508272 [/size]	04-12 [/size]	ActiveX kill bit — wait for further testing [/size]	Install [/size]
2509503 [/size]	04-12 [/size]	Office 2003 — Excel vulnerability, KB 2509461 for XP, 2509488/2007 [/size]	Install [/size]
2509553 [/size]	04-12 [/size]	DNS — unlikely threat for home/small-biz users [/size]	Install [/size]
2511455 [/size]	04-12 [/size]	SMB client — likely to see exploits [/size]	Install [/size]

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.
[/size][/font]

Reply | Quote

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table.

Patch	Released	Description	Status
2492386	04-26	Application compatibility for April	Hold
982018	04-26	Advanced Format Disk update	Hold
2512715	04-26	Windows 2008 R2 server core update	Hold
2506928	04-26	IE 9 and Outlook update	Hold
976932	02-22	Windows 7 Service Pack 1	Hold
2446708	04-12	.NET 4 — historic patching issues	Hold
2446709	04-12	.NET 2/3.5 — historic patching issues; KB 2446710 for Win7 SP1, KB 2446704 for XP	Hold
2509470	04-12	Extended Protection for Outlook — patch recalled	Hold
2467023	02-08	Win7 fix; load/unload binaries flaw	Wait
2467174	04-12	Visual C++ redistributable — check LOB impact	Wait
2467175	04-12	Visual C++ 2005 redistributable — check LOB impact	Wait
2511250	04-12	Printing fix for IE 9 — hold back on IE 9 upgrade for now	Wait
971029	02-22	Flash-drive patch for Windows XP	Optional
2387530	02-22	Win7 hotfix for configuring Wi-Fi services	Optional
2484033	02-22	XPS document print patch for Windows 7	Optional
2487426	02-08	Win7 fix — running x32 apps in x64 OS (post-SP1 update)	Optional
2505438	02-22	Fixes possible performance problems running some apps	Optional
947821	02-22	Windows System Update Readiness fix for SP1	Install
2393802	02-22	Kernel patch triggered BSOD; use Symantec solution	Install
2464588	04-12	PowerPoint 2003 — follow up with KB 2543241 if needed	Install
2497640	04-12	Internet Explorer — attacks in the wild	Install
2502786	04-12	Excel 2003; KB 2466169 for Excel 2002, 2464583 for Excel 2007, 2466146 for Excel 2010	Install
2506014	04-12	Hardening the system for prevention of rootkits	Install
2506223	04-12	Windows Kernel — wait for further testing	Install
2508272	04-12	ActiveX kill bit — wait for further testing	Install
2509503	04-12	Office 2003 — Excel vulnerability, KB 2509461 for XP, 2509488/2007	Install
2509553	04-12	DNS — unlikely threat for home/small-biz users	Install
2511455	04-12	SMB client — likely to see exploits	Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

What about; KB2522422, and KB2515325. Are these safe to install?

Reply | Quote

What about; KB2522422, and KB2515325. Are these safe to install?

Yes, they are safe. I have installed both on five PCs.

Reply | Quote

Susan – Your columns are very useful, but a bit complex for non IT professionals to utilize in a practical fashion. I manage six machines at home, for example. Just running Windows update monthly can be a two hour exercise. It would be too much for me to print your list of various categories of updates and then look at each machine to decide which to manually accept — as opposed to just using “automatic update” on those machines. Is there some way for you to author a simplified version for non IT professionals. Maybe just something that says “take the time and don’t do this one because it might crash your system.” In short, is there some way for you to communicate what non IT professional absolutely need to know, as opposed to what would be nice to know if we had more time to know the subtleties? Thanks! Jim

Reply | Quote

I don’t know if this was a previous “hold” or something new, but it’s not on your list. What’s your recommendation?

Reply | Quote

Susan – Your columns are very useful, but a bit complex for non IT professionals to utilize in a practical fashion. I manage six machines at home, for example. Just running Windows update monthly can be a two hour exercise. It would be too much for me to print your list of various

Jim, you might try my method of ‘automating’ Susan’s charts. First I copy the chart as shown in Tracey’s message #2. Then I paste it into a spread sheet. Adjust the columns to fit one page. Then I do a sort based on the patch numbers. Finally I go through and change the color of any that are labeled Wait or Hold. Then I can eliminate any that don’t apply to my OS. Print it out (I do one copy for each computer) and check through the list of what is pending, and install those that are okay, hide those that are to be held. Periodically I check the Installed Updates file and see where I am. Takes longer to write than it does to do.
BJ

Reply | Quote

I have had a different problem with 2464588 (Powerpoint 2003). When installed, it caused Outlook to freeze up when viewing an email. Possibly related to the graphics pulled down from a website. The freeze was a good one – it took many attempts to end the program through Task Manager to kill it.

I did not install the hotfix 2543241 because that fix relates to a Powerpoint problem. I un-installed 2464588 (and there it will stay) and Outlook recovered.

My setup is WinXP Home SP3 with Office 2003 Professional SP3.

Chris

Chris
Win 10 Pro x64 Group A

Reply | Quote

I have had a different problem with 2464588 (Powerpoint 2003). When installed, it caused Outlook to freeze up when viewing an email. Possibly related to the graphics pulled down from a website. The freeze was a good one – it took many attempts to end the program through Task Manager to kill it.

I did not install the hotfix 2543241 because that fix relates to a Powerpoint problem. I un-installed 2464588 (and there it will stay) and Outlook recovered.

My setup is WinXP Home SP3 with Office 2003 Professional SP3.

Chris

I have since installed the later Powerpoint patch 2535812 sucessfully, so it looks like the problem I had with 2464588 was fixed by the subsequent patch.

Chris

Chris
Win 10 Pro x64 Group A

Reply | Quote

Again, I don’t know if this was a previous hold/wait or something new.

Any chance you could, in your column, explicitly list patches that you’ve changed to an “install” recommendation since your prior column? This would clarify a lot of things, I suspect.

Reply | Quote

The two updates [KB2515325 & KB2522422] mentioned above were offered to me as for Windows 7 x64-based systems.

Norman

Reply | Quote

As far as the patches went, you were right in regards the .NET updates; they messed with all my XP machines. I found that I could simply use ADD/REMOVE PROGRAMS to remove all the .NETs save for v1.1 and then went onto Windows Update. The first one offered was the 704; it was downloaded and started the install AFTER turning off antimalware/antivirus products (in this case, Threatfire and Avast {these play well with one another} but Threatfire messes with updates the worst). It installed properly, the a couple more times with Windows Update in Custom mode to select the .NET updates only and I’m back in business. An hour to hour and a half on two netbooks, a laptop (an old Sony at least 6 yr old) and two desktops. I went through this before when a .NET kept reinstalling itself. I read the column, went to the .NET removal site, then crossed my fingers and tried the add/remove which indeed worked.

Reply | Quote

The comments on this topic prompt me to raise an issue regarding Windows7 SP1 update.
We have a Sony Vaio running Windows7 64bit which insists on downloading microsoft updates and installing them on shutdown WITHOUT permission. This is even though I have the options set to ‘download but not install without my permission’?? Why is this, is there some thing I have missed in the settings?
So, this machine went on to download this W7 SP1 update which quite literally took hours – at least four – I don’t know exactly because I went to bed and left it. The following morning it insisted on ‘configuring the update’ which also took between three and four hours!!
SInce this episode I have reviewed the update settings and they are as I stated earlier.This evening it again did a download without permission although this time it shut down almost straight away. In doing this I don’t know what is being downloaded and I can’t select which items to allow or not. ANy ideas ??

Reply | Quote

Question: In the patch chart, KBs 2506223 and 2508272 say “wait for further testing” in the description but indicate “Install” in the right column. Which is correct – Install or Wait?

I really appreciate your patch watch column as I always use it before patching our XP’s.

Reply | Quote

Ditto to hsmith’s question: Are KB 2506223 and 2508272 OK to install? Is the “wait for testing” a reference to previous instructions and just part of the description or is there more to wait for before installing these updates?

Also, is it OK to install KB2466156, KB2485663, and KB2464635? KB2466156 and KB2485663 were on the 4/12 list as OK to install, but in her narrative, Susan said to wait to install all the Office updates if we are running Office 2003, so I didn’t install any of the updates I was offered that linked to MS11-021, 022, 023 or 033.

Thanks.

Reply | Quote

Ditto to hsmith’s question: Are KB 2506223 and 2508272 OK to install? Is the “wait for testing” a reference to previous instructions and just part of the description or is there more to wait for before installing these updates?

Also, is it OK to install KB2466156, KB2485663, and KB2464635? KB2466156 and KB2485663 were on the 4/12 list as OK to install, but in her narrative, Susan said to wait to install all the Office updates if we are running Office 2003, so I didn’t install any of the updates I was offered that linked to MS11-021, 022, 023 or 033.

Thanks.

I have installed all the above Office 2007 and Office 2003 updates on two Office 2007 machines and two Office 2003 machines without any trouble.

Reply | Quote

addition of the status table has been a great improvement. Having previously approved patches removed is a bad idea. Maybe move to a 2nd page or a 2nd group. But…it would be really great to sort by number. Makes the search so much easier. And yes, I know you can cut/paste into excel, but why make it harder for everyone when you have all the info and can post it.

Reply | Quote

Does installation of KB2393802 (Kernel patch that crashed the Intel and AMD graphics) present any problems for computers with NIVIDA graphics cards?

Reply | Quote

Does installation of KB2393802 (Kernel patch that crashed the Intel and AMD graphics) present any problems for computers with NIVIDA graphics cards?

I have installed this update on two machines using Nvidia graphics adapters without any negative issues. However, it is prudent to do a fresh image backup before installing updates just in case something goes awry. Check out image backups in several threads in the Security and Backups Forum.

Reply | Quote

I’m still confused about KB2506223 (Windows kernel) and KB2508272 (Active X kill bit). Chart description says wait for further testing, but status column says install. Should we wait or install? Thanks.

Reply | Quote

The patch chart is very helpful to those of us (me!) who follow your advice. The chart needs more information. You list the date of the patch, but I also need to know the date that you cleared it. Without that information, I can’t tell easily if I’ve already followed your advice and installed a patch or not.

Also, here’s a line from the chart:

2506223 04-12 Windows Kernel — wait for further testing Install

The listing seems contradictory. It says both install and wait for further testing. When you approve installation, you need to edit the rest of the line.

thanks.

Bob

Reply | Quote

Susan et al,
I am also a little confused as to where to post … here or the patch forum (http://windowssecrets.com/forums/showthread//128352-Windows-Secrets-Lounge-Patch-Watch-forum?highlight=patch+chart) … I chose here.

I thought that you would like to know that I took heed of the patch chart and waited to install as you directed. I am up to date with the patch chart. Unfortunately, on my fully operational system, I got blindsided yesterday by my wife not being able to print and after a restart me not being able to print (Win 7 Pro 64-bit) … printers were no longer visible and trying to install them I received a “Windows can’t open Add Printer” error!!!

Googling located a Microsoft hotfix (http://support.microsoft.com/kb/981070) for the problem … that seems to have corrected it.

Wherever you go ... there you are!

Reply | Quote

Susan et al,
I am also a little confused as to where to post … here or the patch forum (http://windowssecrets.com/forums/showthread//128352-Windows-Secrets-Lounge-Patch-Watch-forum?highlight=patch+chart) … I chose here.

I thought that you would like to know that I took heed of the patch chart and waited to install as you directed. I am up to date with the patch chart. Unfortunately, on my fully operational system, I got blindsided yesterday by my wife not being able to print and after a restart me not being able to print (Win 7 Pro 64-bit) … printers were no longer visible and trying to install them I received a “Windows can’t open Add Printer” error!!!

Googling located a Microsoft hotfix (http://support.microsoft.com/kb/981070) for the problem … that seems to have corrected it.

Thanks for the warning Aussie. You have convinced me to hold off Win7 SP1 for another month. I have a similar setup to you on one of my clients, but printing via an old printer on a NAS drive, which is a blighter to set up with drivers.

Chris

Chris
Win 10 Pro x64 Group A

Reply | Quote

I installed SP1 not long after it appeared and after running CheckSur. I had no apparent problems. Then I read about the hibernation problem in Win7/SP1 setups you mentioned in Issue 291, so I decided to test WIN7/64’s “Sleep” mode, its word for hibernate. Sleep worked fine, but left these three errors: Event 1 LMS, LMS lost connection to Intel(R) MEI driver; event 27, e1kexpress, Intel(R) 82578DM Gigabit Network Connection, Network link is disconnected; and finally Event 21 HAL, The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. My bios was up to date so I called Dell tech support, which, essentially, said to ignore the error if the system is running okay. Googling led me to this MS whitepaper on the subject http://msdn.microsoft.com/en-us/windows/hardware/gg463112.aspx . My favorite section is the “resolution” section, which suggests that hardware manufacturers be wary of code defects that cause memory corruption in the first page of memory. Of course the first thing I did was run full DOS level diagnostics on the system, including the extended memory check. All passed. Another WIN conundrum. I don’t think it’s related to SP! (which is why I’m writing this) because it apparently take place on XP machines as well. Maybe Dell will rewrite their BIOS to address this. ALL FYI.

Reply | Quote

I did not install SP1 and it has disappeared from my Windows Update list. There are still 20 important updates listed, of which 10 are from February or earlier, for some of which I have no guidance either from Susan or from Secunia PSI. My practice is to leave updates alone until one of my two trusted sources says to install them. However, I would still like to clear the older ones. To wit: 2284742, 2345886, 2388210, 2443685, 2454826, 2467023, 2487426, 979538, 982110 and 2434419. I am still holding off on 2284654 based on prior advice. Recommendations, please?

Reply | Quote

I’ve been holding off on the three Visual Studio / Visual C++ patches (one each for Visual Studio 2005, 2008, and 2010) based on the “wait” recommendation in Patch Watch. As of today, the VS 2005 and 2008 updates disappeared from my Windows Update panel (and no, I didn’t hide them).

Anyone have any idea what’s up with that, or with the other patches that folks have reported as disappearing from their Windows Update lists?

Reply | Quote

@Susan:

I’ve been holding off on these two patches, as they had either “wait” or “hold” recommendations (one released 4/21 and one 5/24) in Patch Watch. Both have now disappeared from the Patch Watch list, and never saw an “install” recommendation.

Did I miss something?

Reply | Quote

@Susan:

I’ve been holding off on these two patches, as they had either “wait” or “hold” recommendations (one released 4/21 and one 5/24) in Patch Watch. Both have now disappeared from the Patch Watch list, and never saw an “install” recommendation.

Did I miss something?

Microsoft’s bulletin email earlier today announces the re-release of some C++ patches in MS11-025 (version 3). My guess is that this impending re-release means they have withdrawn the originals from Microsoft update.

Chris

Chris
Win 10 Pro x64 Group A

Reply | Quote

Microsoft’s bulletin email earlier today announces the re-release of some C++ patches in MS11-025 (version 3). My guess is that this impending re-release means they have withdrawn the originals from Microsoft update.

Chris

You misunderstood–these patches are still in Update, but they’ve disappeared from Susan’s Patch Watch list without ever being listed as “install” (at least, from what I can tell).

Reply | Quote

@Susan:

I’ve been holding off on these two patches, as they had either “wait” or “hold” recommendations (one released 4/21 and one 5/24) in Patch Watch. Both have now disappeared from the Patch Watch list, and never saw an “install” recommendation.

Did I miss something?

I installed 2541014 back in May. I installed it without issue on several Windows 7 machines, so it should be safe. As to 2467173, I have no record of ever installing it, so I must have missed something too.

Reply | Quote

Bethel95

Sorry for the misunderstanding

Chris

Chris
Win 10 Pro x64 Group A

Reply | Quote

There might be an XLS problem with this week’s patches — not sure which one.

I’ve been letting Automatic Updates install updates as they came in.

Today when I went to load a 3MB XLS off our network it took 2-3 minutes to open instead of a few seconds.

This occured on two XPS SP3 PCs.

I used System Restore to roll both back to Tuesday, 6/28, and the file opened normally.

I’m using MSE security software.

Reply | Quote