MS-DEFCON 5: Time to get patched

Topic

New Reply

Microsoft’s record-breaking bunch of patches in August seem to me to be ready for prime time. Even the .NET patch looks well-behaved. There have been
[See the full post at: MS-DEFCON 5: Time to get patched]

Reply | Quote

Replies

WOW! I think this is the 2nd time in Askwoody.com history that we’ve reached MS-DEFCON 5 status.

Reply | Quote

All the updates went fine but i have a silverlight kb2164913 update that wasn’t checked so i didn’t install it. I have vista 64 bit.Should I install it or hide it permanently?

Reply | Quote

Woody —

What do you think of Microsoft;s DLL Hijacking Mitigation Tools?

http://news.techworld.com/security/3237700/microsoft-silent-on-windows-apps-vulnerable-to-dll-hijacking-attacks/

(This is a link to Greg Keizer’s Tech/World article in which he outlines what Microsoft is doing so far.)

Reply | Quote

@Bob –

I think the tools stink. They break more than they fix – and Microsoft knows it. The problem is that they can’t fixit without breaking all sorts of things.

I’ll stick with my recommendations in my InfoWorld Tech Watch article.

Reply | Quote

@Jesus –

If Windows Update didn’t check the patch, don’t install it.

Reply | Quote

@EP –

Ha! You noticed! Right now the big threats aren’t patched – so you might as well get everything caught up and pray the DLL Hijacking mess doesn’t get worse.

Reply | Quote

When you say, “Even the .NET patch looks well-behaved,” does that include the Microsoft .NET Framework 4 Client Profile for Windows Vista x64-based Systems (KB982670) dated 8/24/10 too?

I’ve done all the .NET 3.5 stuff, but I’ve been holding off on that .NET 4 one.

Reply | Quote

@guest –

It looks like there’s some problem with an earlier corrupted (?) version. PA Bear has a good response at http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/034404d0-4acc-4f92-80a4-d34c09e3fc17 I’m guessing that the problem has been solved, and the corrupt download has been replaced. That’s why it’s appearing on your Update list now.

Would I, personally, install it? Naw. Wait for the next big load of .NET updates.

Reply | Quote

Hi Woody,

I’m always a bit confused when you lower the defcon about whether to install patches that you explicitly note by number and tell us not to install, albeit at an earlier date.

Specifically, I’m wondering about the .NET 3.5 SP1 patch (KB982526) and the associated security update (KB979916). Does the latter patch make the former ok with Firefox? I still have those 2 hidden (along with the crazy EEA browser selection patch) so I’m not sure what to do.

Thanks!

Brian

Reply | Quote

Hey Woody Defcon 5 Time to Say Woo EEE An Cool Beans And Get those Patches. But Around the Corner Here Comes Some More Wonder if there going to be as big as the ones in Aug. Since I Talked to U last Time When it Was a 112. We’ve Had some Cooler Weather An Some Rain. It Helped a little How’s the Weather there in Patong.

Reply | Quote

@Ron –

It’s balmy most of the time, but raining a little bit almost every day.

Reply | Quote

@Brian –

When I drop the MS-DEFCON rating like that, I’m saying go ahead and install all of the outstanding patches.

The .NET patches are always problematic, but they don’t seem to get much better. You need ’em sooner or later, may as well get them after they’ve had a chance to stabilize a bit.

Reply | Quote