MS-DEFCON 2: Get locked down

Topic

New Reply

I’m on vacation until the middle of the month, but I’ll drop by this site and let you know if anything dire happens.We’ve had a good, long stretch of
[See the full post at: MS-DEFCON 2: Get locked down]

Reply | Quote

Replies

Woody,

‘Fraid you forgot to change the header to Defcon 2 – it’s still 4!

Chris

Reply | Quote

Woody

I know we are on MS-DEFCON 2. I also know you are on vacation. In between having fun and relaxing, you might want to change your banner at the top of your site to also be MS_DEFCON 2.
Have a great vacATION!
oTTO

Reply | Quote

What about KB2597986? Patch now, or keep holding off?

Reply | Quote

Woody, its defcon 2. however the banner is still on green 4. 😉

Reply | Quote

Hi Woody. ~ I appreciate your MS-DEFCON alerts. I have your site in my Windows start-up folder, so that every morning I automatically see your recommendation. ~ FYI, starting October 5, 2012, your blog entry moved to MS-DEFCON 2, but your graphics and words at the top of the page still showed MS-DEFCON 4.

Reply | Quote

Hey Woody have a Good Va Ca but you forgot something Sir.! Here on the Post you have us at MS-Defcon 2.. But up on the Site up at the Top it’s showing 4.. is there a typo somewear.. Just funnen Ya Lol Take Care & have Fun.. Ron

Reply | Quote

@Tom-

It looks like MShas fixed thepatch. Go for it…

Reply | Quote

I like the seasonal “Pumpkin Patch” icons.
Trick or treat? ;^)

In your portrait at the top of the page, is that Hogwarts’ Sorting Hat you’re wearing, or a generic sorcerer-wizard’s thinking cap?

At last, we know the real secret behind your almost magical powers of deducing whether it’s safe to patch….

*snicker*

Reply | Quote

Just back from the US. Trying to recover from jet lag….

Reply | Quote

I really like the Halloween banner, very neat. You look fabulous in the wizard hat. Are you going to make this a regular thing? I do hope so.

Reply | Quote

Hi Woody! Hope you enjoyed your trip! 🙂

Reply | Quote

Dear Woody,

I keep getting updates for Java. I thought I had disabled it – do I need to install the patches, or should I ignore them?

Reply | Quote

Woody,
If you ever get to Brooklyn, give a holler.
Morty

Reply | Quote

Another Microsoft Stealth Update may have occurred:

(from my computer notes)

6:48 PM 10/23/2012 Issue identified — This DEFINITELY should not have happened automatically!! Microsoft in all its Corporate Wisdom, Stealth Updated the Windows Time Zones for Daylight Savings Time, even though I had Windows Updates set to Notify but Do NOT Download! Windows 8 Release Preview, 64-bit. Anybody else get this one? No harm done, but would it KILL them to ASK FIRST, as AGREED in the Updates Settings??

Issue happened at 6:10 PM CDT, USA, Central Time Zone. The only clue was when I went to check for Windows 8 Restore Points in CCleaner a short time ago. (I dual-boot, and Windows 7 keeps wiping out my Windows 8 Restore Points. I really should try to fix that.)

I looked at the detailed System Restore Point description in the System Restore Windows feature. Although this was listed as “Windows Modules Installer” it was also shown that it was a Time Zone Update. Silent and automatic, in spite of my Windows Updates settings.

Reply | Quote

rcprimak? Can you pop me your windowsupdate.log file? My email address is sbradcpa@pacbell.net.

There was a time zone update but Microsoft does not stealth download them. I have “download but do not install” and it did not come down.

Send me your log file and I’ll let you knwo what happened.

Reply | Quote

You sure that wasn’t a flash update? As I’m not seeing a time zone update applicable for Windows 8?

Reply | Quote

@Susan — It was labeled in the Restore Point Data as follows:

“Time: 10/23/112 6:10:42 PM
Description: Install: Windows Modules Installer
Current time zone: Central Daylight Time”

Affected Programs from scan:

“Cannot detect”

This is definitely not the recent Flash Player Update for Win 8 RP, which I got from MS Updates in the normal (for me, manual) way.

In Windows 8, I do indeed have the updates set to Notify but Let Me Choose.

How do you get the Updates Log in Windows 8?

My %windir%/Windowsupdate.log file was overwritten today by a 10/25/12 Windows Defender definitions update. No previous data exist in that location. The Windows Updates History shows no entries for any official MS Updates since 10/18/2012.

This is definitely a real update, it was done silently, and there is no record of it outside of the Restore Point it set. I have yet to scan for malware. It is by all indications a Time Zone Update.

MS Updates is not offering me the new Time Zone Update. I just checked. (It did however offer yet another NVidia graphics driver optional update.)

I have under Time Settings checked off to automatically adjust for Daylight Saving time. This is the only way I can think of that Microsoft could have gained permission to do this.

Without any Windows Update Log data surviving, this is about as far as I can think of to go to trakc down what actually has happened here.

Reply | Quote

Hitman Pro, Super Antispyware and Windows Defender (MSE) in Quick Scans Modes, show nothing malicious. Not proof of the Stealth Update theory, but more evidence.

Reply | Quote

Time Zone Update may not be what actually happened to me. It was definitely something, it was definitely stealth, but what it was, is still under investigation.

Reply | Quote

Last night, Hitman Pro found Registry traces in Windows 8 of a possible piece of adware. This was the Babylon Toolbar, and it appears to have failed to install fully. Got rid of the traces. This or a Chrome update which included Pepper Flash Player, could have been the source of the Windows Modules Installer (TrustedInstaller) Restore Point on October 23rd.

In any event, Chrome DEV is OK under Win 8 RP, Babylon and funmoods are gone and did not return upon rebooting, and I have in hand but not yet installed, Windows 8 Pro System Builder, awaiting some spare time before I back up the whole laptop and attempt to install it.

Quite a chase these things led me on, eh? I wish Windows would keep better track of Silent Installs! They’re becoming very common, and if anything goes wrong, there’s little to guide repairs.

Reply | Quote

BTW, I know about the timing of the pepperFlash update, because unlike IE 10, Chrome does keep track of Modified Dates with its plugins. But you have to dig to get at the records.

Reply | Quote

Still Holding at No.2 them Updates must be Ringers Wow) And Woody that’s Cool with the Political Theme Way to Go! Have a Good Weekend. Ron..

Reply | Quote

Woody usually holds off until near the last minute before the next Patch Tuesday, just in case anything gets reissued or modified. This time should be no different. I’ll patch near that time in Windows XP and Windows 7, but I like to keep Windows 8 completely up to date, as my NVidia subsystem only gets Win 8 updated drivers from MS Updates, and you never know when a Win 8 IE 10 Flash Player update may show up.

I expect Win 8 patching to settle in to the old patterns in a few months.

Reply | Quote