Why the need to reboot after updating Windows?

Why the need to reboot after updating Windows?

By Susan Bradley

Not so long ago, Microsoft promised that fewer Windows patches would require restarting the system to complete their installation.

Microsoft clearly hasn’t delivered on that promise, so PC users need to take steps to ensure that they don’t lose data due to unexpected post-update reboots.

Let’s face it, we all hate rebooting. At best, rebooting requires that you start your work session over. At worst, if you’ve set Windows to update automatically, any open documents may close without giving you a chance to save your information.

In 2005, Microsoft started talking about a new restart manager to be built into Vista to ensure that fewer operating-system and application updates would require a reboot. In an Eweek interview at the time, Jim Allchin, former Microsoft co-president of the Platform Products and Services Group, boasted how much this technology would change the game.

But Microsoft’s promises of fewer or no reboots were a lot of hot air. For example, let’s look at Internet Explorer, although the same idea holds for any software you update.

When you update IE, the new software is written to disk. Any old code (such as dynamic link libraries or DLLs) already active in system memory usually remains untouched. Only when you restart do you flush out all the old code and load the new, updated software from your hard drive.

This is why in my experience, virtually all IE patches still insist on a reboot. Without a restart, you’re still running the old code that contains whatever flaw the update was designed to correct.

And don’t think that using Firefox gets you a pass on these updates: You have to update Internet Explorer because Windows uses IE for many other purposes. Thus malware can still reach your system through IE whether you open the program or not.

Predicting whether an update requires a reboot

Patches whose installation requires a restart are normally released by Microsoft only on the second Tuesday of the month (Patch Tuesday). However, Microsoft also distributes updates on the fourth Tuesday of the month. This is where the water gets muddier.

The descriptive text accompanying these updates states only that a reboot may be required. In these cases, some machines will need to reboot to complete the update installation, and some won’t, but there’s no good way to tell in advance.

Even Windows 7 is annoyingly vague in stating its update-reboot requirements. On my Win7 test machine, I reviewed several recent randomly chosen updates to determine whether the patches demanded a reboot. Each update used the vague wording that it “may” require a restart.

• KB976098 patches Win7’s Date and Time applet and didn’t need a reboot, even though the update indicated that it “may” need one.
• KB890830 for the Malicious Software Removal tool also didn’t need a reboot but stated that one “may” be required.
• KB974431 is a monthly compatibility update normally delivered on the fourth Tuesday; it did require a reboot.
• KB975467 and KB974571 are security updates that forced a restart to complete their installation.
• KB976325 is an Internet Explorer 8 patch that — to my amazement — didn’t require a reboot, although both the update itself and the related MS security bulletin MS09-072 warn that one may be necessary. (See Figure 1.)

Figure 1. The message accompanying some Windows updates warns that a restart may be required, but there’s no good way to tell whether one will in fact be necessary.

Confused? As Ms. Palin would say, you betcha. The uselessly vague fudge-phrase “may need to restart” leaves you guessing. What’s the story, Microsoft? I asked the company to clarify but haven’t yet received a response.

Until we have clear word from Microsoft as to when reboots are truly required, it’s generally wise to reboot after installing any Windows patches. It’s the only way to be sure that all old code is flushed out of active memory.

Note that Windows XP lacks the restart manager and thus doesn’t support “hotpatching.” That’s why reboot nags are so common on XP machines. However, even Windows 7 fails to live up to Jim Allchin’s no-reboot promise.

Autosaving avoids data loss from forced restarts

You can do two things to minimize accidental loss of data due to files closing unexpectedly during a forced reboot. First, set your automatic-update options to either “download but do not install” or “notify me when updates are available.”

Second, configure your applications to save files automatically.

Office 2007’s “AutoRecover” function autosaves open files every 10 minutes by default, but you can reset Word, Excel, and other apps to automatically save your files more frequently. To do so, click the Office button and choose Options, Save. Make sure Save AutoRecover information every xx minutes is checked, and then adjust the time between autosaves to your liking. (See Figure 2.) You can also change the autosaved files’ location so they’re easier to find if you need to restore them manually.

Figure 2. Use Word 2007’s AutoRecover (autosave) features to ensure you don’t lose data due to a forced reboot.

To change your autosave settings in Word 2003, click Tools, Options, Save. Make sure the Save AutoRecover info every option is checked, and then adjust the number of minutes. (See Figure 3.) As in Word 2007, you can also change the folder storing your autosaved files; in Word 2003, this option is found under the File Locations tab.

Figure 3. Word 2003’s autosave settings are found under the Save tab in the Options dialog box.

Is this sufficient protection? Not for me. I’ve gotten into the habit of clicking the Save button (or pressing Ctrl+S) every few minutes while I work. I also save all open files before stepping away from my PC, even if I expect to be gone just a few minutes.

If you use Windows 7, be extra-observant on the second and fourth Tuesdays of each month, when Microsoft releases most updates. Watch for a “shut down and install patches” prompt in place of the normal shutdown prompts around those days. If you get the prompt and want to postpone the patch installation to a later time, shut down by pressing Ctrl+Alt+Delete and choosing the direct shut-down option on the resulting screen. (See Figure 4.)

Figure 4. Press Ctrl+Alt+Delete to shut down Windows 7 without installing downloaded updates.

With each passing year, we seem to spend more of our workday maintaining our systems rather than actually using them. I hope someday the people at Microsoft will realize we want to spend more time doing our work and less time doing theirs.

Susan Bradley received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

Ask vendors to honor your rebate up front

By Dennis O’Reilly

Here’s a secret that vendors don’t want you to know about: rebate terms are sometimes negotiable.

You may be able to avoid the hassle of submitting rebate documentation via mail by asking for the rebate amount to be deducted from the price at the time of purchase.

Redeeming rebates for hardware and software is a pitfall-filled process, as contributing editor Scott Dunn’s Jan. 7 Top Story pointed out. But reader Walter Donavan says he’s found another way to play the rebate game:

• “Scott omitted one possible method of dealing with rebates that is 100% certain — if you can negotiate it. Simply tell the vendor by phone or e-mail that you want the product and will buy it, but only with the rebate already included in the price. For example, ‘$50 after mail-in rebate of $100’ becomes ‘$50 price now.’ Never mind the risky $150 price before rebate.

  “I will no longer buy a product that depends on a mail-in rebate. If the vendor won’t give me the post-rebate price up front, I hang up. It’s very satisfying.”

Whether a particular hardware or software vendor can or will convert a mail-in rebate to an instant discount is an open question, but it can’t hurt to ask.

Hotfix for a bad XP SP3 Firewire driver

The clock is ticking for Windows XP SP2, as contributing editor Susan Bradley explained in her Dec. 17, 2009, Patch Watch column (paid content). As of next July, Microsoft will provide security updates only for XP SP3. Carl Spencer highlights one precaution some XP users need to take before applying Service Pack 3:

• “I see from your current version of Windows Secrets that it will soon be time to upgrade from XP SP2. However, please advise your readers to back up their firewire drivers. … Many PC owners — myself included — have lost the ability to download DV camcorder files due to the camcorder not being recognized by the PC [after] having upgraded to XP SP3.”

It’s true: Following installation of XP SP3, some systems freeze before the sign-in screen appears if the PC has certain firewire devices connected. But on Jan. 13, 2009, Microsoft released a hotfix for the problem via Knowledge Base article 955356.

The company warns that the update is intended only for systems experiencing that specific symptom. There’s discussion of the problem on Microsoft’s Windows Client TechCenter forum.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.

Super Mario gets the hand-drawn treatment

By Stephanie Small You’ve probably seen plenty of flipbooks in your time — and maybe even created one or two. A flipbook that takes five seconds to “read” probably took the artist hours to draw. Nevertheless, the books are a cool way to watch do-it-yourself animation. This short video presents a portion of a popular video game, flipbook-style. You won’t believe how real the animation appears! You’ll also be amazed at the amount of work required to complete a sequence that takes less than a minute to flip through. It just might give you a new appreciation of flipbook art! Play the video

Upgrade from Windows 7 RC to the retail version

By Fred Langa Microsoft’s Engineering Windows 7 blog documents a little-known Win7 upgrade path from the Release Candidate. If you’re using the Windows 7 RC, you can upgrade directly to the final, retail release of Win7 Ultimate, though following this unsupported upgrade path isn’t for everyone.

Switch the Windows 7 beta to the retail release

Michael Flitterman is using a Windows 7 beta, but he’d like to upgrade directly to a retail version. Doing so is usually forbidden by the Setup software, but Michael’s wondering whether there’s a workaround:

• “For the past few months, I’ve been using a beta version of Windows 7 — Win7 RC. I bought a retail copy of Win7 Ultimate, but now it seems there’s no way to upgrade the RC release directly to the final version.

  “Do you know of any workaround that allows the upgrade so I don’t have to — again — spend endless hours reinstalling my apps? I know that I’m not alone in hoping there’s a way to do it.”

Yes, there’s a way to upgrade directly from the Win7 RC to the retail version of Win7 Ultimate. The process is documented on the Engineering Windows 7 blog on the Microsoft Developer Network. However, there are some very good reasons not to upgrade this way, so please read on before you decide to try it.

The process is surprisingly simple: You just have to edit one line in one setup file. Of course, the files on a setup DVD aren’t directly editable, so you must first copy all the files off the retail setup DVD to a hard drive or partition other than C:. (Windows setup will alter C:, so the copied setup files must be placed elsewhere.)

Navigate to the sources folder of the copied files and open cversion.ini in Notepad (or another text editor). The MinClient value stored in this file controls which Win7 versions are allowed as upgrade “clients.”

Figure 1 shows the unmodified default value of MinClient=7233.0. To allow an upgrade from the RC, edit the MinClient number to a much-lower value — say, MinClient=7000.0.

Figure 1. To upgrade from the Win7 Release Candidate, edit this setup file so the MinClient value is much less than the MinServer value. MinClient=7000.0 works well.

Save the altered sourcescversion.ini file and run setup.exe from the top folder of the copied setup files. The retail Win7 Ultimate version will now install over your RC version — simple as that.

Many people have used this technique successfully. I also tested it to make sure it works — and it does. But it’s not for everyone. For one thing, note that the Win7 RC is the “Ultimate” edition, so this process only works to upgrade the RC to the retail version of Win7 Ultimate.

The Engineering Windows 7 blog details several other reasons why this method isn’t ideal. The short form: This isn’t a normal, authorized upgrade path, so Microsoft hasn’t bug-checked or quality-controlled upgrades done in this fashion. If you try it, you’ll be in unsupported territory.

The safest, surest way to upgrade to Win7 is to follow the rules and use only Microsoft-approved techniques for migrating from Vista or XP. But if you really want to do an in-place upgrade from the Win7 RC, now you know how.

Does the order of driver installs matter?

After reading the item “Clean install? What about OEM drivers?” in my Dec. 10, 2009, column, David Entwistle had a follow-on question:

• “The only concern I have with a clean install is that I’ve been told drivers have to be installed in a specific order. The problem I have is that driver-download sites use different terminology and suggest different install orders. Any info would be appreciated.”

There was a time when the driver-installation order mattered a lot. This was because early versions of Windows were sort of like a house of cards: hardware drivers were at the lowest level, DOS functions sat atop those, and Windows precariously balanced itself at the pinnacle.

Even when Windows itself ran perfectly, any malfunction at the driver or DOS level could topple the whole edifice.

Today’s Windows versions are far more robust, and most driver functions are well integrated into the OS itself. As a result, driver setup order isn’t as critical as it once was.

But when you’re setting up or rebuilding a system, you still can make a case for installing drivers in a specific order to reduce the chances of even a low-probability conflict: start with the motherboard drivers (sometimes called “chipset drivers”) and work outward.

The motherboard drivers come first because they support the most essential functions of the system — without them, your PC is just a fancy paperweight.

I suggest installing graphics drivers next because you need to see what your PC is doing in order to complete the setup. (In fact, computer screens are called “monitors” because their original function was to let you monitor the computer’s activity.)

Network drivers come next — these days, a non-networked PC isn’t good for much. Then, attend to the less-important, nonessential drivers for the modem, fax, printer, external storage devices, and other peripherals, until you’re done.

Although this isn’t the make-or-break process it used to be, starting with drivers for the most-essential core functions and working outward to the least-essential ones is both logical and easy to remember.

The above sequence has served me well over the years, and I bet it’ll work for you, too!

Why can’t I ‘connect’ without an ISP?

Troy Newton would like to be his own Internet service provider (ISP):

• “I’ve always wondered why I need an ISP. I mean, I connect to an ISP to get Internet access, but how does the ISP get access? Could we connect without an ISP? I’m sure it’s complicated and that’s why I’m asking you!”

Hoo, boy. You’ve opened a giant can o’ worms, Troy.

Here’s the core concept: In a normal Internet connection, the data you’re sending or receiving flows through many separate network segments, or “hops.” Each network is owned by someone, and you need their direct or indirect permission to access their segments and use their bandwidth.

To get an idea of what’s involved, go to YouGetSignal.com’s Visual Trace Route Tool. In the Remote Address box, enter the address of a target site, such as www.windowssecrets.com. Next, click Proxy Trace to start an analysis of the route your clicks must take to get to the target site.

When the test completes, look on the right side of the window under “trace information” to see the number of hops — or segments — you just accessed to make that one connection to your target. It’s not uncommon to see 20 or even 30 hops for every site you visit. Your ISP has obtained authorized access to all those segments; that’s part of what you pay an ISP for.

Yes, you can do it on your own. There are bandwidth wholesalers and aggregators who can simplify the process of gaining access to all the networks involved. You’d typically sign a contract with a bandwidth aggregator, and the company’s license gives you access to the “big pipes” that are the actual data-transport guts of the Internet.

But these services usually aren’t geared to individual users and you’d most likely have to buy or rent some specialized equipment. You’ll likely end up paying far more for a do-it-yourself Internet connection than you do now for your ISP’s service.

In addition, there are stringent regulatory issues you have to deal with, especially if you’re going to act as an ISP for others.

If you really want to become your own ISP, the DSLreports.com forum discussion “Is it possible to be your own ISP?” is packed with useful information.

You can do it, but it won’t be cheap or easy!

Explorer.exe startup failure means no desktop

Nigel Pickering loses his desktop at boot time:

• “We have a number of PCs that sometimes start with no desktop (just a blue background screen, no taskbar, and no icons on the desktop). If I open Task Manager, I can see that Explorer.exe isn’t in the list of running processes. Workarounds are to launch Explorer.exe manually or reboot. That fixes the problem, but only temporarily.

  “Most of our PCs are configured fairly simply with Win XP and ZoneAlarm Internet Security Suite 9.1. All of the PCs are up-to-date. What’s causing this problem? I’ve searched [for a solution] online without success.”

I suspect that the ZoneAlarm suite is taking a long time to get all its components going, which interferes with XP’s normal startup sequence. This type of problem isn’t unique to ZoneAlarm — it can happen with any large, aggressive program that starts early in the boot process and inserts itself very deeply into your system.

I bet a less-complex setup will solve your boot problems. Try this: Completely uninstall ZoneAlarm and replace it with a simpler security package such as Microsoft’s free Security Essentials. You’ll find more info about that program and a download link on the Microsoft site. Also, use XP’s built-in firewall. Odds are, your PCs will now start normally.

Smaller, simpler software that does just the essential tasks — no bells, no whistles, no marching bands — is often your best bet.

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

'Samy worm' author now targets your router

By Robert Vamosi Fresh from criminal probation for his Samy worm exploits, Samy Kamkar is back with new software that can maliciously target your home network’s router. Kamkar’s first worm brought MySpace to its knees in 2005. Now, his new proof-of-concept software puts vulnerable home routers in its crosshairs.

The first Samy worm’s cross-scripting exploit

In October 2005, Samy Kamkar went looking for friends — specifically, friends on MySpace. Unfortunately, Kamkar chose to do so by writing and executing a cross-site scripting exploit dubbed the Samy worm, which became one of the first major worms to hit a Web 2.0 app (read more about it in the Oct. 27, 2005, WS newsletter).

The Samy worm attempted to infect as many MySpace profiles as possible. The payload seemed relatively harmless: it merely tagged your profile with the phrase “but most of all, Samy is my hero” and added Kamkar as a friend. But the infection grew wildly. At one point, Kamkar had accrued over a million bogus friends and was getting more, at the rate of thousands every few seconds. The MySpace servers choked under the onslaught.

MySpace removed the infection and patched the code vulnerability that allowed Samy to execute.

The attack led to Kamkar’s being charged with a felony; he was subsequently sentenced to three years’ probation, ordered to perform 90 days of community service, and required to pay restitution to MySpace. During his probation, Kamkar was allowed to use a computer and the Internet only for work-related purposes.

Kamkar’s not-so-triumphant return

Kamkar’s probation is over and he’s back. On his new, Kamkar warns people to change the default settings of their routers. (Note: This and other links to Kamkar’s site have been removed because they aren’t trustworthy.) This is sound advice, but coming from Kamkar, the warning is also a bit sinister — especially when his site provides a number of different proof-of-concept programs that can be used to attack routers.

For example, if you use a Belkin router set with the default password, clicking a specific link on Kamkar’s site changes your router’s basic service set identifier (BSSID) to “Samy was here.”

A similar demo page for a Verizon FiOS router displays your current password but employs a cross-scripting vulnerability that Kamkar says “could be extended to do worse, such as changing your Wi-Fi password, setting an admin password, or even installing malicious firmware onto your router.” Any Web page you visit that housed the malicious code could launch this kind of cross-site scripting attack.

All that’s bad enough, but there’s more: One of Kamkar’s first tweets on his Twitter account was about a proof-of-concept worm that could pinpoint your router’s physical location. Kamkar’s code grabs the unique Media Access Control (MAC) address of a router and — for now — sends the address back to him. But he says he could send the MAC address to Google Location Services (GLS) to obtain your router’s longitude and latitude. Google says GLS can be accurate “to within a few meters.”

It’s a new take on an old attack stratagem

Determining your location via your router’s MAC address is not new. A similar process was described by Terry Stenvold in a July 2008 article called “Don’t Locate Me” in 2600 Magazine (subscription required). Stenvold showed how a MAC address could be used to find the longitude and latitude of a router.

In a related YouTube video, Stenvold demonstrates how he can find a random Linksys router’s MAC address on Google and then use Google Location Services to find its location.

Stenvold’s method is specific to the “Skyhook” collection of millions of wireless router and access-point MAC addresses. The Skyhook Wireless company (corporate site) sends vehicles around the U.S. to map and register all the MAC address it can find. Stenvold’s method won’t work unless the MAC address is already in the Skyhook database.

What’s new in Kamkar’s attack is that it can sniff out MAC addresses from scratch, whether or not they’re already listed in the Skyhook database. Kamkar also says he can then learn a router’s physical location via the Google geolocation service, but he doesn’t say exactly how. Currently, the Firefox browser does have GLS built in — but the GLS privacy policy states, “The Firefox Geolocation Feature will make requests to Google only if you tell the feature to do so.”

GLS is also used on iPhone and Android Google search pages, according to a ZDNet blog post. The service is able to determine the phone’s location and provide search results — and ads — relevant to that specific area.

The upshot is that you should enter your router’s configuration settings and change the default name and password as soon as possible, if you haven’t already. You’ll find specific instructions for doing so on your router vendor’s site, but Bradley Mitchell provides a generic overview of the process in the About.com article, “How to Set Up a Network Router.”

Adobe Reader updates to become automatic

Beginning April 13, Adobe plans to release automatic, silent updates for its Adobe Reader PDF-viewing software.

In an interview with InfoSecurity.com, Brad Arkin, Adobe director of product security and privacy, said Acrobat Refresh Manager was quietly installed on millions of machines worldwide as part of the October 2009 quarterly patch released by the company.

The new, silent updater is currently disabled. Now, as before, Adobe Reader prompts users when an update is available and lets them decide whether to install it. Adobe wants to change this because users often postpone an update until they’re confident the patch won’t cause problems of its own. This delay opens what Arkin calls a “window of vulnerability.”

Acrobat Refresh Manager is designed to take the user out of the equation; the updates will install when Adobe wants them to. This week’s scheduled Adobe Reader update will begin test-activating the new updater with “selected users.”

Depending on the results of this testing, Adobe Reader’s automatic, silent updater may be operational across the millions of Reader installations starting in April. The company currently has announced no plans to launch an automatic-update feature for its Flash Player or any other Adobe products.

WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers.

Update repairs font glitch in Word and Web sites

By Susan Bradley January’s lone critical MS patch fixes a problem with embedded fonts — caused by an update released last July. The new update is critical only for Windows 2000 but should still be applied on all Windows systems to prevent fonts from displaying incorrectly on the Web and in Office apps.

MS10-001 (972270)
Embedded-font patch fixes earlier update

At first glance, it appeared that Microsoft’s first security bulletin for 2010 — MS10-001 (972270) — was a high priority only for Windows 2000 machines. But then I spotted 978909, which indicates that last July’s patch 961371 for embedded fonts causes some Web sites, Word documents, and printed PowerPoint documents to show the wrong fonts in all versions of Windows.

If the fonts in your Web pages, Word files, or PowerPoint slides don’t look right, installing MS10-001 should fix the problem.

This security patch is also critical for 32-bit Windows XP machines using the /3GB switch described in this Microsoft TechNet article. These systems could be compromised by malware. Few OEM machines use the /3GB switch, and it’s unusual for the switch to be set on XP workstations. It’s used more frequently on XP servers, however.

To determine whether an XP PC uses the /3GB switch, right-click My Computer, select Properties, and click the Advanced tab in the System Properties dialog box. In the Startup and Recovery area, click Settings. In the System Startup area, click Edit. The Windows boot.ini file will open in Notepad or your default text editor.

In the [Operating Systems] section, look for /3GB at the end of the line that includes the /fastdetect switch. Even if the switch isn’t present, I recommend that you apply this patch.

Upgrade Adobe PDF software or use an alternative

If you use version 6 or 7 of Adobe’s Acrobat and Reader PDF software, upgrade to versions 8.2 and 9.3, respectively. The old releases are insecure and are no longer being updated. Systems running Adobe Reader 9.2 or Acrobat 8.1.7 will automatically receive updates to versions 9.3 and 8.2, respectively.

Vulnerabilities in the older versions of Adobe Acrobat and Reader have already been exploited in malware attacks.

On my test machine, the Adobe Reader update failed to install. I had to download and install the full version 9.3 from the Adobe site. (When you download the program, be sure to uncheck the box that installs the Google Toolbar along with the PDF software.) Unfortunately, the download may also install the Adobe AIR plug-in, as described in my Oct. 22, 2009, column.

Many people prefer to use an alternative PDF reader, such as the free CutePDF program (more info). Just make sure to uncheck the offer to install the Ask toolbar along with the program. (See Figure 1.) Downloading and installing the Ask toolbar also changes your default search engine to Ask.com.

Figure 1. The CutePDF installer prechecks the option to add the Ask toolbar.

Likewise, if you choose to install Foxit Software’s free Foxit Reader PDF software (more info), uncheck that program’s option to install the Ask toolbar. (See Figure 2.)

Figure 2. The Ask toolbar is also preselected to tag along with the Foxit Reader installation.

I understand the need for vendors of “free” software to make a buck, but it’s a shame these programs precheck the option to install software you don’t want. You have to dodge a lot of potholes when installing software these days.

979267
Update Adobe’s Flash Player on new XP netbooks

This past holiday season, many people purchased netbooks that run Windows XP. If you’re one of them, be sure to use Adobe’s Flash Removal Tool to replace the machine’s outdated Flash Player, as described on the Adobe site. Then browse to the company’s Flash Player download page to install version 10 of the player, once again making sure to uncheck the offer to install the Google Toolbar.

Microsoft security advisory 979267 warns that the Flash Player version shipped on XP-based netbooks is vulnerable to Web-based malware attacks.

978597
Incomplete SQL Server patch causes headaches

Many people are encountering problems patching Microsoft’s SQL Server database program. Microsoft KB 978597 explains that, when you install Windows Live Photo Gallery and Windows Live Mail, SQL Server 2005 is also loaded onto your system. Unfortunately, a failed update may not install completely on Vista PCs.

Instructions for repairing the glitch are listed in the MS article. After you complete the repair, open Windows Update and scan for available updates to ensure that the SQL Server patch has installed correctly.

Still blocked from accessing MS licensing site

The Jan. 7 Patch Watch column described my trials and tribulations in dealing with fallout from an update to the Microsoft Volume Licensing site. I’m still unable to access the site to view the licenses for my firm. Microsoft’s Eric Ligman reports on his Microsoft Developer Network blog that the company is still working on the problem.

The wait times for the support phone line have diminished, but sending e-mails to the support address is still frustratingly slow. Anyone affected by the site outage should contact Ligman via his blog’s comment fields.

I’m hoping to report in my next column that the MS volume-license site is once again fully operational.

MS Word 2007’s Custom XML feature gets pulled

After losing a patent case, Microsoft released a patch that removes Custom XML processing from Word 2007. The patch is available on the Microsoft download site, but it won’t be distributed via automatic Microsoft updates. For more on the court’s decision, see Gregg Keizer’s Dec. 22, 2009, Computerworld story.

If your copy of Word 2007 or Office 2007 was bundled with your PC when you bought it, you don’t need to apply this patch. However, businesses that deploy new computers with Word 2007 may require the update.

On his TechNet blog, Office product manager Gary Knowlton indicates that Microsoft will soon release a tool allowing you to determine whether specific Word documents are affected by this patent dispute.

Removing Word 2007’s ability to process custom XML won’t cause any problems for most users. In my next column, I’ll go into more detail about ensuring you’re not affected by the court’s decision.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.