MS-DEFCON 4: Time to get patched

Topic

New Reply

It looks like the December Black Tuesday patches have stabilized.As usual, there was much wailing and gnashing of teeth with the gigantic Internet Exp
[See the full post at: MS-DEFCON 4: Time to get patched]

Reply | Quote

Replies

On the “bug” you just described in MS09-073, that is NOT a bug, it is a feature! More precisely, it is a deliberate defence-in-depth feature intended against future security vulnerabilities in the converters.

Reply | Quote

Yuhong –

Yep, you’re right – but it feels like a bug! The converters should, IMHO, be able to handle anything thrown at them without falling over dead. There has to be a better way to implement it.

Reply | Quote

Bug or feature, this is another Keystone Kops MS Update. Fortunately, the Registry Edit outlined in the MS KB Article is fairly straightforward, provided one has any sort of experience with RegEdit at all. I think most of us Windows XP diehards have had plenty of experience with RegEdit, so I feel fairly safe just forging ahead with this one. At least this patch will not cause a Blue Screen crash, or an Endless Reboot.

Perhaps Windows Secrets Newsletter (or The Lounge)could post a Registry batch file to cope with the fix? That would be the most elegant way to handle things, in the absence of an MS “Fixit” button to push on line.

Reply | Quote

Win2000 users should download and apply the revised “V2” (KB951748) MS08-037 security update ASAP as it was released as part of the December 2009 security updates. The “original” KB951748/MS08-037 patch for Win2k, which was released back in July 2008, partially fixed the problem. So download and install V2 of the KB951748 update for Win2000 to provide FULL protection.

BTW, Woody, part of my 2010 New Year’s Resolution: give AVG Free Antivirus another chance on my computers which I am currently doing. the latest build of AVG Free 8.5 (version 8.5.431) seems to run well on my XP computer and my mom’s Vista laptop.

Reply | Quote

Hi Woody,
I have a question about these Black Tuesday updates.
I usually download and install when you move up to DEFCON 4 but when I look at my Event Monitor (under Admin Tools in Control panel on my Vista Home Premium 32 bit system, I get the following message for some of the updates: “Windows Servicing identified that package KBxxxxxx(Update) is not applicable for this system” . This happens for at least half of all the updates I download. Why does Windows update say I need an update that I then don’t need after I install it? Talk about Keystone Kops…
It doesn’t seem to affect my system.. just curious..

Reply | Quote

I just went through the entire KB article. The final Registry Edit suggestion, to enable conversions again, is said to completely undo all the protections which this Update created. Does this mean that a serious vulnerability is re-introduced by enabling the conversions? Or is this not a real issue, but a complete MS screw-up? Is there a real fix to the problem, which does not mess with conversions? Should conversions be allowed, or not?

Reply | Quote

RC –

It means that a minor vulnerability is re-introduced if you change the Registry as indicated. I don’t k now of any real solution to the problem. I think you’re better to turn off automatic conversions, just to let you know that you should convert the files manually. (I wonder if OpenOffice would work?)

Reply | Quote

Liz –

Not sure exactly what’s happening, but it doesn’t hurt to download and try to install them.

Reply | Quote

EP –

AVG works fine. What bothers me is the inflammatory “buy” screens…

Reply | Quote

Hello Woody,

How you doing ????

Please help me out with the below mentioned query.

1) Do we have any known post-installation issue on december patch i.e MS09-069, MS09-70, MS09-071, MS09-072, MS09-073, MS09-074?

2) Also about MS09-073, have you tested this patch on your test bed and recieved the error as well as resolution (worked for you) provided on KB973904?

3) And for MS09-070, there is know issues “Wctx parameter change” and “Username logging deprecation” is this a major issue after applying the patch.

Reply | Quote

What I was hoping for is that if conversions were not going to be done through WordPad, that something else might work without the added time (which is considerable) to open OpenOffice Writer every time a file needs to be converted. I think Ian “Gizmo” Richards of Windows Secrets Newsletter has some reviews of smaller, more nimble free word processors. Maybe one of those will do the trick for me. After all, I am a paid subscriber now, so I can search the archives for both free and paid WS content.

One thing I will definitely do is remove the second Registry change from the KB article, and see what breaks. Then I’ll decide if I need a lightweight, but secure word processor to replace WordPad for conversions. At least the original vulnerability will not be reintroduced.

The first Registry change in the KB article is meant to apply the changes to all applications, so that no application can invoke the insecure converters, as I read the KB article. So that Registry change is a keeper.

Reply | Quote

Woody Waiting for your Reply to my previous comments…..

Reply | Quote

Santosh –

1) I haven’t hit any problems with the December patches, as they now stand.

2) It’s a weird error that doesn’t seem to happen very often – no data loss, just an inconvenience.

3) MS09-070 is a Server patch. I rarely cover problems with patches to Windows Server 2003 and 2008, but the ones you mention seem to be pretty rare.

I do cover patches to Windows Home Server. Susan Bradley handles Small Business Server.

Reply | Quote

Hi Guys,
Good news for those of us that are worried about applying MS09-073 / KB 973904 and then having to do the MS-suggested registry edit. The KB 973904 link that Woody gives above now also includes a ‘Fix it for Me’ link for those affected by the new bug/feature described above. (I’m certainly relieved, since I have never felt comfortable editing the registry, and I work with MS Word so often that I can’t afford to get a rash of errors each time I open a file, either.) Thanks for the great patch info, Woody. I appreciate your help in keeping us informed of potential (and actual) issues with each batch of patches.

Best,

Dan

Reply | Quote

What’s the best way to implement the registry fix for MS09-073? Do I have to target only those computers with the patch installed or can I safely push this to all my clients? Does it matter whether Office is installed? The article says it will fall back onto the Office converters, but what if I deploy the registry fix to a computer that doesn’t run Office?

This fix confuses the hell out of me. I wish they would just revise it so you don’t need the registry workaround or include it into the patch.

By the way, easiest way to repro on a computer with Office installed is to right click > New text file somewhere in Explorer and then name it .doc instead of .txt. Then try to oepn the file.

Reply | Quote

Hi Woody,
I’ve tried everything I can to get the KB973904 patch downloaded to no avail.
I did the comand promt and tried worthless windows support.
For months now I’ve been getting the download window when I shut down and it never downloads or goes away.
What can I do to fix this ?

Reply | Quote