![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Learn to read the obscure WindowsUpdate.log file
In this issue
- BONUS: Free ways to save money and energy with your PC
- TOP STORY: Learn to read the obscure WindowsUpdate.log file
- WACKY WEB WEEK: The transforming of the greatest 'blanket' ever
- LANGALIST PLUS: How to correct Device Manager hardware errors
- WOODY'S WINDOWS: Important Windows 7 questions remain unanswered
- PATCH WATCH: No need to undo pre-patch ActiveX killbit
Free ways to save money and energy with your PC
This month’s free bonus download for all our subscribers is Green Home Computing for Dummies by Katherine Murray and our very own contributing editor Woody Leonhard. The book is full of tips on how to reduce your PC’s power cost, optimize your system’s performance for better energy efficiency, and more! The printed volume isn’t in stores yet, but all subscribers can receive our exclusive excerpt of two full chapters, now through August 5. Simply visit your preferences page, save any changes, and a download link will appear. Thanks! —Brian Livingston, editorial director
All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere
Learn to read the obscure WindowsUpdate.log file
By Susan Bradley
Every moment your computer is on, a nearly undocumented Microsoft file — WindowsUpdate.log — maintains a record of your system’s patching activity.
Making sense of the information in this update log can be a challenge, but I’ll show you how you can use it to learn the inside story of your PC’s update history.
In his June 25 and July 2 Top Stories, WS contributing editor Scott Spanbauer reported that Automatic Updates sometimes installs patches on PCs configured to require prior user approval.
The WindowsUpdate.log file can help us determine why Windows sometimes runs “forced patches” at shutdown time — displaying none of the expected notifications that patches are available.
Microsoft’s text file can appear indecipherable at first glance, but at least it’s easy to locate. On any Windows computer, browse to the C:Windows folder to find WindowsUpdate.log. Note: To access this file, you may need to click Show the files in the right pane.
(In XP, you may see a second file named Windows Update.log. One file has a space in its name and the other doesn’t. The one with the space is for an earlier version (V4) of the Windows Update engine. The log file without the space is the newer format and is the one you want to open.)
Open the file in Notepad or your default text editor. Make sure you start at the very top of the file. Depending on how recently and frequently a computer has been used, the log file may record activity going back several months or only a month or two. (See Figure 1.)
Figure 1. The WindowsUpdate.log file in the C:Windows folder records your system’s update activity.
First, look for the start of the log. This records the computer’s settings when it boots up and describes some of the computer’s components. The following is a snippet from the top of one such file (each line of the file begins with a date and time stamp):
- 2009-02-24 23:07:27:325 1052 46c AU ########### AU: Initializing Automatic Updates ###########
2009-02-24 23:07:27:341 1052 46c AU AU setting next detection timeout to 2009-02-25 07:07:27
2009-02-24 23:07:27:356 1052 46c AU # Approval type: Scheduled (User preference)
2009-02-24 23:07:27:356 1052 46c AU # Scheduled install day/time: Every day at 3:00
2009-02-24 23:07:27:356 1052 46c AU # Auto-install minor updates: Yes (User preference)
In line 3, the cryptic phrase “Approval type: Scheduled (User preference)” means that back on Feb. 24 — the farthest back this particular log file goes — the computer was configured to update automatically. As you’ll see, this factoid can be useful to us.
Whenever you or some third-party application changes the PC’s update settings, the information is recorded in the WindowsUpdate.log file, as shown below:
- 2009-07-03 19:01:30:531 1120 2cc AU ########### AU: Setting new AU options ###########
2009-07-03 19:01:30:547 1120 2cc AU Setting AU Approval Type to 2
2009-07-03 19:01:30:547 1120 2cc AU # Policy changed, AU refresh required = No
2009-07-03 19:01:30:547 1120 2cc AU # Approval type: Pre-download notify (User preference)
2009-07-03 19:01:30:547 1120 2cc AU AU settings changed through User Preference.
Line 2 indicates that on July 3, I changed the machine’s setting for Automatic Updates (AU) to Notify me but don’t automatically download or install them. Interestingly, the log file describes this as “Setting AU Approval Type to 2.” Most Windows users, by contrast, consider this to be Option 3 in the AU dialog box. (See Figure 2.)
Figure 2. The WindowsUpdate.log file calls it “2,” but it corresponds to Option 3 in the Automatic Updates dialog box.
As Microsoft explains in Knowledge Base article 328010, the AU options are inexplicably numbered by the log file (and such tools as the Group Policy Editor) in descending order:
4 means Automatic;
3 means Download but let me choose when to install;
2 means Notify me but don’t download or install;
1 means Turn off Automatic Updates.
Most important is the fact that the log file clearly records when a change was made to this setting. If patches started automatically installing, but you thought you’d made your PC require your permission, you can scan the log file to see whether your setting was changed — and possibly by whom or what.
Tracking the source of an AU settings change
When you install third-party antivirus software, the program’s setup routine may change the AU setting to “fully automatic” without letting you know. Windows Secrets articles on Oct. 25, 2007, and May 25, 2006, reported that this rude behavior was exhibited by Microsoft Live OneCare and Norton Internet Security, respectively.
When this happens, the log file indicates that the change was made by the user, even though you may not have understood — nor even had a clue — that the change had been made.
Still, locating these change entries in the log file can help you relate a software installation to the alteration of the machine’s AU setting. At the very least, this lets you eliminate other causes for the switch.
How can you find out whether patches will be installed the next time you shut down your PC? An example of such a situation is shown in the following snippet.
Near the bottom of the WindowsUpdate.log file for my test system — which is set to “notify me” — four patches are identified as ones that will be installed automatically at shutdown time. This doesn’t mean that the four patches have been downloaded yet — merely that they’re ready to be approved by the user. The entries that provide this information are as follows (notice “4 updates for install at shutdown” in line 1):
- 2009-07-09 21:38:48:625 1112 4e0 AU AU found 4 updates for install at shutdown
2009-07-09 21:38:48:656 1708 6d8 Misc =========== Logging initialized (build: 7.2.6001.788, tz: -0700) ===========
2009-07-09 21:38:48:656 1708 6d8 Misc = Process: C:WINDOWSExplorer.EXE
2009-07-09 21:38:48:656 1708 6d8 Misc = Module: C:WINDOWSsystem32wuaueng.dll
2009-07-09 21:38:48:656 1708 6d8 Shutdwn Install at shutdown: found updates to install
The tricky part is confirming that your log file corresponds to the update alerts you expect to see. On my test XP PC, the yellow Windows-patch icon does show up in the notification area. (In Vista, the update-alert icon is bluish-green). If I click the icon to view the available patches, I see five updates listed. Funny — these aren’t the same as the four that the log file indicates will be installed if I approve them. (See Figure 3.)
Figure 3. The WindowsUpdate.log file indicates that four updates are ready to be installed, but the selection window shows five different updates pending.
Why does the update dialog box show that Internet Explorer 8 will be installed in addition to the patches described in KB articles 961501, 963093, 969898, and 890830?
The discrepancy relates to the difference between patches being offered via Windows Update and those Microsoft is pushing.
At this writing, IE 8 is being offered as an update rather than being pushed. It may look to you as though IE 8 is going to be installed automatically. But as of today, it will install only if you select it. It will also install if you view available updates — as on my test XP PC — and fail to uncheck the IE 8 option.
Unless you read Microsoft blogs every day for fun, it’s difficult to track the critical security patches — the ones being pushed — and the less-critical updates that are merely being offered.
When you choose the “notify me” option in AU, the update process is supposed to show an alert icon in Windows’ notification area. You can click this icon to open a window in which you approve specific updates prior to installing any of them.
What if you shut down a PC without clicking the icon to select available updates? In that case, you should see a link that lets you shut down without installing patches this time around. (See Figure 4.)
Figure 4. The XP shutdown screen indicates that important patches will be installed when you turn off the system.
In the WindowsUpdate.log file, the following line represents the presence of the “install-at-shutdown” warning:
- 2009-07-09 21:38:48:656 1708 6d8 Shutdwn Install at shutdown: found updates to install
This line means Windows will display in its shutdown dialog box an option to control the installation of patches. To shut down without installing the pending patches — in case you want to research them further, for instance — you must choose Click here to turn off without installing updates. If you fail to select that option but instead click the normal Turn Off button, the updates will install automatically as the system shuts down.
A bug in the update process has been noted by many responsible observers. For some reason, Microsoft’s usual “patches will be installed” indicators — the one in the notification area and the one on the shutdown screen — sometimes don’t function properly. This occurs more frequently when Microsoft “throttles” its download servers, such as with the particularly large number of updates released on Patch Tuesday, June 14, 2009.
I hope my explanation of the update log will help you identify any mysterious behavior you may have experienced. Many individuals and companies must ensure that needed updates aren’t installed before testing is completed for negative side-effects.
If a PC suddenly updates itself when it wasn’t supposed to, WindowsUpdate.log can show you which settings were changed and when.
Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
The transforming of the greatest 'blanket' ever
![]() |
By Stephanie Small
Everyone’s favorite blanket with arm holes — also known as the Snuggie — has returned with a vengeance. Once available only in solids, the new and improved version of the WTF blanket now comes in attractive dead animal prints! Doing nothing never looked so stylish. Throw them on your couch to instantly uglify the decor, or wear one on your next at-home date to dazzle that special someone. And of course, the trusty book light still comes free with each purchase. So snuggle up with your fleecy backwards robe, grab your reading light, and plant yourself on the couch with the other potatoes! Play the video |
How to correct Device Manager hardware errors
![]() |
By Fred Langa
Device Manager — Windows’ underutilized repair tool — offers a fast, free way to repair common hardware misconfiguration problems. Instead of removing and replacing a device that shows some error in Device Manager, the most effective solution is often to use a “soft” uninstallation and reinstallation. |
Easy fix for your PC’s recalcitrant hardware
Al Rodemann encountered this problem on an older PC, but the same kind of trouble can crop up even on the latest hardware and software. The same simple fix works for all Windows versions — even Windows 7:
- “I maintain a Windows 98 SE computer at my golf course and it has a problem I can’t solve. I know WIN98SE is ancient, but I wrote two large tournament programs back in the ’90s using dBase III Plus, and I need an LPT port to do printouts. These programs are used four days every week.
“I used a hard-disk cloning program to back up the main drive to a slave drive, and this cloning program worked only once. Now, looking at Device Manager, two areas are expanded and show problems. ‘Generic IDE Disk Type 01’ has a red X through it and, when opened, tells me that ‘This device is not working properly because a device it depends on — Primary IDE Controller (Dual FIFO) — has been dynamically disabled.’ The hard-disk controller has a yellow exclamation point (!) through it.
“This appeared only after cloning. Everything else works fine, but this problem has me stumped. How do I re-enable it so I can use the cloning program again?”
It sounds like your cloning software worked by overriding the normal functions of your hard-drive subsystem, in effect benignly “hijacking” the normal disk operations to make the clone. Something didn’t get set back correctly, most likely because the clone software wasn’t designed with ancient Windows in mind. In all, I suspect this is just a simple hardware configuration error with no permanent damage to anything.
Whenever you see any hardware problem in Device Manager, the best first aid is a simple soft uninstall/reinstall of the hardware. It’s called “soft” because you don’t have to physically remove any hardware. All you’re doing is telling Windows to forget what it knows about the hardware in question and to rediscover it as if from scratch. This process takes only a minute and yet can clear up a myriad of issues with misconfigurations, munged settings, and the like.
To open Device Manager in XP, click Start, Control Panel, Performance and Maintenance, System. On the Hardware tab, click Device Manager. A quicker way is to click Start, Run; type devmgmt.msc; and press Enter.
In Vista, click Start, Control Panel, System and Maintenance, Device Manager. Or press the Windows key, type devmgmt.msc, and press Enter.
Next, right-click the item in Device Manager that’s showing an error and select Uninstall. (See Figure 1.) Note that in older versions of Windows, such as Al’s copy of Win98, this option is called Remove rather than Uninstall.
Figure 1. A “soft” uninstall of selected hardware in Device Manager is often all it takes to correct common configuration problems.
Now close Device Manager and reboot. On restart, Windows will rediscover the hardware you just uninstalled and set it up afresh. This is often all it takes to correct minor “soft” errors with hardware setups and configurations. And if this simple fix doesn’t work, at least you’ll know there’s something more serious afoot.
But in your case, Al, I’ll bet this procedure will get your system back to normal!
UPDATE 2009-08-20: In his Aug. 20, 2009, column, Fred explains how to update drivers for hardware labeled “unknown device” in Windows’ Device Manager applet. |
Did BitTorrent put 100GB of junk files on my PC?
Dale Ward found what just might be record-breaking clutter on a PC he’s maintaining:
- “Temporary and junk files filling up hard drives has been talked about numerous times, but my daughter’s computer may take the cake — over 100GB!
“Recently, she has been having issues with only a few gigs free on her drive, so I moved a number of movies off it and got the system working better. Then last week it blue-screened and I couldn’t get it to boot (she then told me she had only a few MB of free space left — darn!).
“I removed that drive, put it in another system, and went to work with a number of different cleaners and scanners, all of which just locked up. To make a long story short, I finally just used the command prompt to get into her temporary Internet files, where I found massive amounts of files — one directory had over 215,000 files. So I let del *.* /s go to work and over 24 hours later had recovered 100 gigs of space!
“The question now is, what went wrong and how do I prevent it from happening again?”
The word “movies” in your note jumped out at me. That — coupled with the huge temp-file baggage — strongly suggests to me that your daughter was downloading movies with a P2P (peer-to-peer) file-sharing tool such as BitTorrent. If that’s the case, many of the excess files were most likely fragments of the movies she had downloaded and were deliberately left there.
With BitTorrent-like tools, when a user selects a file to download, the software initiates multiple simultaneous downloads, asking different servers for different parts of the same file. Various parts of the file stream in concurrently from multiple servers, so the overall download can go much faster than pulling in the same file in a straightforward, linear way from a single server.
Although the partial files arrive out of sequence, that’s OK; once all the pieces reside on the downloading PC, the software then assembles the file pieces into a coherent whole.
When the download’s done, most P2P file-sharing tools intentionally retain the downloaded fragments. The idea behind this kind of file-sharing network is for every user’s PC to become an ad-hoc server, offering the downloaded file fragments to anyone else who wants them.
Most BitTorrent-type tools let you turn off the default sharing actions, and you usually can tell the software not to save the downloaded files. That helps with the problem of disk space, but note that there still may be a serious legal issue with these kinds of tools.
Although valid uses exist, by far the majority of P2P file-sharing traffic is the distribution of illegal copies of software, music, and movies. Downloading illegal content is bad enough, but once you’re on a P2P file-sharing network, you may also be an active participant in the distribution of this illegal material.
I suggest you ask your daughter to remove any P2P file-sharing software on her PC. Once that’s done, I’ll bet her 100GB temp-file problem will vanish and not recur.
Internet Explorer 8 causes screen blackout
David Stone’s PC went dark on him during an IE 8 install:
- “It happened when I installed IE 8. But when I pressed my Windows key, I could see a very, very faint computer screen. When I shined a flashlight onto the screen, I could see it and restore my computer to an earlier point. I had to restart my computer again with the aid of my flashlight, but when it restarted, the computer was fine.”
You didn’t say so, but you must have an LCD screen because shining a flashlight on a CRT screen wouldn’t work. You saw an image on the LCD, so the pixel-control circuitry was working. But you needed to illuminate the screen to see the faint image. This suggests that the screen’s backlight was turned off.
I can’t think of anything in IE 8 that would turn off a screen’s backlight. I also can’t find any online mentions of others experiencing this problem, so it’s not at all common. In fact, the IE 8 connection may well be a coincidence and something else is going on.
I think the key to this strange behavior lies in the fact that the pixel-control circuitry continued to run even though the backlight was off. I’ve seen this happen only a few times, but in those cases, it was caused by a “Who’s in charge here?” conflict between Windows’ built-in power controls and third-party or OEM controls.
One piece of software thinks it’s time to turn off the LCD, but the other wants it to stay lit, so you end up with the weird in-between state: the screen’s active, but the backlight’s off — just as you experienced.
It’s a software error that shouldn’t happen, but it’s relatively harmless and easy to fix.
I suggest you ditch any third-party or OEM tools that came with the LCD screen and let Windows handle your system’s power-management functions. And whether you do that or not, lengthen the screen-off timeouts in whatever power-management software you use.
For XP, see Microsoft’s article “Configure Windows XP power management.” The same information for Vista is in the Windows Help and How-to article “Manage how your computer uses power.”
With longer screen-off timeouts and only one power-management tool running the show, your IE 8 installation should be able to run to completion with your screen still shining brightly!
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.
Important Windows 7 questions remain unanswered
![]() |
By Woody Leonhard
My July 16 Top Story about potential pitfalls in upgrading to Windows 7 generated a torrent of questions that Microsoft hasn’t yet addressed publicly. Here’s a partial list of what we don’t yet know about Windows 7 — think of it as a Windows 7 anti-FAQ. |
Release dates now known for some W7 markets
Microsoft has recently posted official Windows 7 release dates for different types of customers:
- MSDN and TechNet subscribers get the English version on August 6 and the other languages by October 1;
- If you’re an independent hardware or software vendor, you’ll also be able to get Windows 7 on August 6;
- Big customers with volume licenses who paid extra for Software Assurance can download Windows 7 in English starting on August 7;
- MS Partner Network members get the bits on Aug. 16;
- Action Pack Subscribers get the English version on Aug. 23.
Microsoft announced the release of Windows 7 to manufacturing on July 22, but consumers won’t find the product in retail stores until three months later on Oct. 22. Expect to see build 7600.16385.090713-1255 burning up the torrents by Friday or Saturday at the latest, however.
Will the Win7 upgrade DVD install over itself?
A crucial question is whether installing the upgrade edition of Windows 7 will require a “genuine” copy of Windows XP or Vista. Or will the upgrade version of Windows 7, like Vista, simply accept an installed copy of itself as a “qualifying product”?
From the day of its release, Vista’s upgrade edition has always allowed people who know the secret to perform a clean install of Vista. The so-called full version of Vista isn’t required to do this. The upgrade edition of Vista accepts itself as a qualifying product, as described by WS editorial director Brian Livingston in his Feb. 1, 2007, Top Story.
Earlier versions of Windows made upgrades simple. They allowed you to insert a CD — or even a diskette — that contained an older version of Windows as proof that you qualified for the upgrade price.
At this point, nobody is saying exactly what kind of proof of a previous OS a Windows 7 upgrade disc will require.
If you’re currently using the Windows 7 Release Candidate, you face even more uncertainty: Will the upgrade DVD allow you to install a legit copy of Windows 7 over the Release Candidate? Or will you need to drop back ten yards and install and activate an old copy of Windows XP or Vista before you can run an upgrade?
There are all sorts of conflicting reports about Win7 upgrades on the Internet. On his TechBlog, Houston Chronicle writer Dwight Silverman quotes a Microsoft spokesman as saying:
- “If you’re running the Windows 7 Release Candidate and you have activated it, you will not need to reinstall an older version of Windows before using a Windows 7 upgrade disk…. But there’s a catch. If for some reason you later need to reinstall the finished version of Windows 7 from scratch using the upgrade copy you bought, you’ll first need to install and activate Windows XP or Vista.”
That’s exactly the kind of confusion I’m talking about. At this point, you can find experts online who offer many different opinions — but we’re waiting for some definitive answers.
Does upgrading deactivate the old Windows key?
Whether upgrading to Windows 7 will deactivate an old Windows key is an important question for several reasons:
- If a Windows 7 upgrade can be performed only on a “genuine” copy of Windows XP or Vista (as discussed in the question above), then reinstalling Windows 7 could require that you first reinstall and activate Windows XP or Vista and then perform the upgrade again. But if your old copy of XP or Vista has been deactivated, you’re up the upgrade creek without a paddle.
- If you upgrade to Windows 7 and decide to run your previous version of Windows in a virtual machine under Windows 7, your old OS may not activate.
- If you use an upgrade DVD to create a dual-boot system and the old operating system gets deactivated, you end up with a dead dual boot.
Once again, there are plenty of opinions on this question but no definitive answer from Microsoft.
What about pricing and the Family Pack?
Microsoft has announced prices for the upgrade and full-installation editions of Windows 7 — as described on the Windows 7 Team Blog — but there has been no official announcement about “Anytime Upgrade” pricing. The Anytime Upgrade allows you to upgrade Win7 versions — for example, from Windows 7 Home Premium to Pro — simply by handing over your credit card number.
Microsoft just announced that the long-rumored “Windows 7 Family Pack” will be available: “We will indeed be offering a family pack of Windows 7 Home Premium (in select markets) which will allow installation on up to 3 PCs.”
I’ve seen stories of a family pack that would allow three installs for about U.S. $140. If true, that would make this pack even cheaper than Microsoft’s $49 limited-time upgrade offer — and the Family Pack could be a great choice for small businesses. But it isn’t clear whether, for example, you can use the Family Pack to upgrade a machine running Windows XP Pro.
Are Vista Ultimate users getting shafted again?
Those of you who got suckered into buying Vista Ultimate might’ve expected some sort of price break, at least for in-place upgrades to Windows 7 Ultimate. At this point, it doesn’t look like that’s going to happen.
Microsoft learned its lesson: You can fool some of the consumers some of the time, but they aren’t going to line up in droves to make the same mistake again. So far, Windows 7 Ultimate doesn’t appear prominently in any Microsoft promotions, and it appears unlikely that Vista Ultimate owners will get any sort of break, though Microsoft remains mum on the matter.
Will the Microsoft Store offer upgrade discounts?
Many of you wrote to complain that the Microsoft Store shut down its previous Win7 upgrade promotion early, as discussed in the July 16 Known Issues column. Microsoft advertised that the deep-discount Win7 upgrade prices would be available until midnight Eastern Time on the night of July 11, but those who tried to order after about 11:15 p.m. on that date couldn’t get through.
I haven’t heard any official Microsoft mea culpa and doubt that one is forthcoming. It remains to be seen whether there will be some sort of consolation offer for those who missed the boat the first time around. I expect we’ll see more Win7 discount offers in coming months.
Is Windows 7 E more than a flash in the pan?
Microsoft’s taking a brilliant Cheshire-cat approach by shipping Windows 7 in Europe without Internet Explorer. Windows 7 E, as it’s known, could suddenly become moot if Microsoft can reach an antitrust settlement with the European Union (EU). Whether that will happen is anybody’s guess. If not, retailers in Europe may well tape CDs with IE on the sides of new boxes of Windows 7 E.
If you somehow get a copy of Windows 7 without a copy of Internet Explorer, Microsoft has posted instructions for installing the browser. The instructions basically tell you to download IE, save it to a USB drive, install Windows 7, then install the browser. Rocket science.
In a surprise move, Microsoft announced last week in its IE Blog that it was changing the way IE 8 installs itself. In the past, IE 8 set itself as the default browser unless you explicitly told it not to. Starting in August, IE 8 won’t take over the default-browser role unless you specifically give it permission. You can bet that EU concerns had an influence on that change.
Will my PC be able to run 64-bit Win7 versions?
Many of you wrote to ask how you can tell whether your PC is capable of running one of the 64-bit versions of Windows 7. Most recent processors are able to run 64-bit Windows. Unfortunately, the processor is only part of the story. The majority of 64-bit headaches involve older peripherals that don’t have 64-bit drivers.
The Windows 7 Upgrade Advisor, currently available in a beta version, will tell you whether your processor is capable of running 64-bit Windows. The tool is also supposed to indicate whether peripherals attached to your computer will run with Windows 7 — and presumably 64-bit Windows 7 — but I haven’t found any assurances from Microsoft that the Upgrade Advisor catches all potential 64-bit driver glitches.
I used to have some faith in the Upgrade Advisor, but that faith was shaken by the fact that the beta Upgrade Advisor won’t even run on some 64-bit XP machines. Until we get more detailed assurances from Microsoft, I’m skeptical about Upgrade Advisor’s 64-bit advice.
So there you have my short list of big Windows 7 questions. With a little bit o’ luck, Microsoft will dribble out answers to these and other important Windows 7 questions over the next month or two. As they become available, we’ll be sure to pass on the news — be it good, bad, or downright ugly.
Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies — will appear on store shelves in October.
No need to undo pre-patch ActiveX killbit
![]() |
By Susan Bradley
If you previously applied a killbit for an ActiveX flaw in IE, rest easy — there’s no need to undo the killbit prior to installing the full patch that Microsoft’s released. XP systems with the killbit installed will not be offered the patch automatically, but you can download and install the update manually without having to make any other changes, if you like. |
MS09-032 (973346)
For some XP users, this update is strictly DIY
My July 16 Patch Watch column discussed a killbit you could install on XP to protect Internet Explorer against a zero-day ActiveX hole. This problem was described in Microsoft security advisory 972890.
I reported that people who installed the killbit would not automatically be offered the subsequent patch. The fix was released as security bulletin MS09-032 (973346) on July 14.
Installing the killbit but not installing the patch doesn’t mean that a PC would be vulnerable. It simply means that your Windows Update history would indicate that you hadn’t received the patch.
To allow Microsoft’s update service to download the patch automatically, I recommended that you undo the killbit.
Unfortunately, by that time, Microsoft had removed from its site the Fix-it button that worked to undo the killbit. MS deleted the Fix-it button so XP users wouldn’t install the update and then mistakenly uninstall the killbit. (Doing things in that order would’ve actually made the PCs vulnerable, but Windows would have inaccurately reported that the MS09-032 patch was correctly installed.)
Fortunately, there’s an easy solution to this dilemma: download and install the update manually from Microsoft’s Download Center. Doing so ensures that your system is patched and that the update appears in Add/Remove Programs, as expected.
Set up IE 8 post–XP, Vista, .NET service packs
Many of you have e-mailed to ask for my yea or nay on rolling out Internet Explorer 8. Unfortunately, IE 8 has joined the ranks of XP Service Pack 3, Vista Service Pack 2, and .NET Framework Service Pack 1 on the list of updates I recommend you postpone indefinitely.
Among other problems, installing one of these service packs for XP, Vista, or .NET after IE 8 eliminates your ability to uninstall IE 8, if necessary, without first removing the service pack(s). If you absolutely must have IE 8, installing it only after you’ve updated the other software allows you to retain your options.
The incompatibilities of some Web sites with IE 8 can present you with difficulties. Just the other day, I found that a workstation on which I’ve installed IE 8 wouldn’t play a local news station’s video.
Fortunately, many webmasters are learning to accommodate IE 8. For example, the airline site on which I was prevented from printing a boarding pass a few months ago didn’t hesitate to print a boarding pass this week.
In previous columns, I’ve suggested that advanced users allow a healthy lag time before installing most service packs. For me, that puts IE 8 on the shelf as well — for now, anyway.
Without IE 8, you won’t see Vista SP2 offered
My sister recently bought an Asus netbook that runs Vista. As usual, the first thing I did after starting the machine for the first time was to update the OS. Among the updates offered for the system was Internet Explorer 8 — but Vista Service Pack 2 was not listed.
As I mentioned in the previous item, I don’t recommend rushing to install IE 8. But if you really need Vista SP2 for some reason, you must understand its interaction with IE 8.
If you let Microsoft Update determine the order in which patches are installed, IE 8 has to be installed before Vista SP2 is even listed among the available updates.
To make Vista SP2 show up in Windows Update without installing IE 8, click Start, All Programs, Windows Update. Choose View available updates, right-click the entry for Internet Explorer 8, and select Hide update. (See Figure 1.)
Figure 1. To make Vista SP2 appear among the available updates without first installing IE 8, right-click IE 8’s entry in Windows Update and choose Hide update.
The next time you open Windows Update in Vista, SP2 will be offered to you. If you want to install the new browser thereafter, you’ll have to go back into Windows Update, select View hidden updates, and choose Internet Explorer 8.
Microsoft Update is scheduled for stealth update
Starting in August, the plumbing underlying Windows Update and Microsoft Update will get a refresh. If you haven’t entirely disabled Automatic Updates (AU) on your PC, several new executable files will be installed automatically. This will happen even if you’ve configured the AU dialog box to “do not install” or “notify me” prior to any patch installations.
The fact that these files on occasion are silently replaced was first reported in the Windows Secrets Newsletter on Sept. 13, 2007. The stealth updates prevented machines that had used XP’s “repair” function from installing security patches, as disclosed by WS associate editor Scott Dunn on Sept. 27, 2007.
The Microsoft Update blog says the silent installations will begin in late August and continue for about two months, without any visible indication to users. Your PC’s update settings reportedly won’t be altered. The new files, according to the company, will provide enhanced information about future update notifications.
Once the updates begin, I’ll explain how to determine whether and when your PC received the update. All systems need to undergo this type of update-engine upgrade. At least Microsoft is giving us a heads-up about it this time.
Unpatched hole in Firefox 3.5.1 browser
Normally, whenever you hear “unpatched” and “browser exploit” in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 — as described by the Mozilla Security Center — news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack.
The good news is that this exploit can’t take control of your system. The bad news is that the latest version of Firefox isn’t as bulletproof at it should be.
Google readies automatic update of Chrome
Not to be left out, Google announced several updates for its Chrome browser, including a number of security fixes. According to the Google Chrome Releases blog, the patch fixes a JavaScript vulnerability that can be used to attack your system.
One comment to the blog indicates that some Chrome users may not be able to add posts to Facebook after the patch is installed. Chrome updates are applied in the background, normally without requiring the approval of the user. I suspect that Chrome’s Facebook glitch will be remedied by the time you read this.
Fix Adobe Reader and Acrobat to close Flash hole
Both IE and Firefox are reportedly vulnerable to an attack that was first seen in the wild two weeks ago. The exploit uses small Flash files, affecting Adobe Reader 9 and Acrobat 9 (both of which execute Flash content embedded in PDF files) and Flash versions 9 and 10, according to US-CERT.
Using the NoScript extension to Firefox would not necessarily protect you against this attack, says The Register’s Dan Goodin. That’s because some legitimate Web sites might unwittingly serve ads or other content containing infected Flash.
A workaround that does protect against the flaw involves renaming two Adobe .dll files to .dll.old or similar. Renaming these files prevents Reader and Acrobat from executing PDF-embedded Flash. It doesn’t, however, protect you from Flash .swf files — for example, ones that are served from Web sites. Details on this workaround are provided by US-CERT vulnerability note 259425.
At this writing, most antivirus packages do not detect either of the two threat vectors, according to a VirusTotal analysis of the PDF exploit and analysis of the .swf threat. Check these reports to see whether your AV software now protects against the attacks. Also, visit the Adobe product security blog to determine whether versions of Reader and Acrobat later than 9.1.2 are available. (WS technical editor Dennis O’Reilly contributed to this reporting.)
The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.
Your email subscription:
- Subscription help: customersupport@askwoody.com
Copyright © 2025 AskWoody LLC, All rights reserved.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Xfinity home internet
by
MrJimPhelps
1 hour, 48 minutes ago -
Convert PowerPoint presentation to Impress
by
RetiredGeek
22 minutes ago -
Debian 12.11 released
by
Alex5723
8 hours, 48 minutes ago -
Microsoft: Troubleshoot problems updating Windows
by
Alex5723
12 hours, 30 minutes ago -
Woman Files for Divorce After ChatGPT “Reads” Husband’s Coffee Cup
by
Alex5723
9 hours, 59 minutes ago -
Moving fwd, Win 11 Pro,, which is best? Lenovo refurb
by
Deo
8 hours, 58 minutes ago -
DBOS Advanced Network Analysis
by
Kathy Stevens
1 day, 5 hours ago -
Microsoft Edge Launching Automatically?
by
healeyinpa
19 hours, 50 minutes ago -
Google Chrome to block admin-level browser launches for better security
by
Alex5723
1 day, 8 hours ago -
iPhone SE2 Stolen Device Protection
by
Rick Corbett
1 day ago -
Some advice for managing my wireless internet gateway
by
LHiggins
7 hours, 54 minutes ago -
NO POWER IN KEYBOARD OR MOUSE
by
HE48AEEXX77WEN4Edbtm
45 minutes ago -
A CVE-MITRE-CISA-CNA Extravaganza
by
Nibbled To Death By Ducks
1 day, 17 hours ago -
Sometimes I wonder about these bots
by
Susan Bradley
1 day, 13 hours ago -
Does windows update component store “self heal”?
by
Mike Cross
1 day, 3 hours ago -
Windows 11 Insider Preview build 27858 released to Canary
by
joep517
2 days, 7 hours ago -
Pwn2Own Berlin 2025: Day One Results
by
Alex5723
15 hours, 29 minutes ago -
Windows 10 might repeatedly display the BitLocker recovery screen at startup
by
Susan Bradley
4 hours, 7 minutes ago -
Windows 11 Insider Preview Build 22631.5409 (23H2) released to Release Preview
by
joep517
2 days, 10 hours ago -
Windows 10 Build 19045.5912 (22H2) to Release Preview Channel
by
joep517
2 days, 10 hours ago -
Kevin Beaumont on Microsoft Recall
by
Susan Bradley
1 day, 22 hours ago -
The Surface Laptop Studio 2 is no longer being manufactured
by
Alex5723
2 days, 18 hours ago -
0Patch, where to begin
by
cassel23
2 days, 12 hours ago -
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
by
Alex5723
3 days, 8 hours ago -
89 million Steam account details just got leaked,
by
Alex5723
2 days, 19 hours ago -
KB5058405: Linux – Windows dual boot SBAT bug, resolved with May 2025 update
by
Alex5723
3 days, 16 hours ago -
A Validation (were one needed) of Prudent Patching
by
Nibbled To Death By Ducks
3 days, 7 hours ago -
Master Patch Listing for May 13, 2025
by
Susan Bradley
9 hours, 43 minutes ago -
Installer program can’t read my registry
by
Peobody
1 hour, 37 minutes ago -
How to keep Outlook (new) in off position for Windows 11
by
EspressoWillie
3 days, 5 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.