Newsletter Archives

  • MS-DEFCON 3: Install all patches except one, KB 2840149

    I’ve been waiting, hoping that we’d get some sort of definitive word on whether the patch for the botched patch last month is working. So far, I’ve heard mixed results, with some people posting on this forum saying the new patch, KB  2840149, is causing problems. I DON’T recommend that you install the patch-of-a-patch KB 2840149.

    You shouldn’t be offered the earlier patch, KB 2823324, which proved so problematic. If you didn’t take my advice and installed that patch (in particular, if you had Automatic Update turned on around April 11), Microsoft sill recommends that you remove it. Use Control Panel’s Add or Remove Programs.

    There are also known problems with MS13-036/KB 2808735, but they’re obscure, and it’s highly unlikely you’ll hit them.

    So I’m straddling the middle, moving to MS-DEFCON 3. Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. In particular, avoid installing KB 2840149.

    Let’s hope Microsoft has better luck with the May crop of Black Tuesday patches.

    P.S. If you have Windows 7, don’t install Internet Explorer 10 yet. Give it a while to sink in.

    P.P.S. From the comments:

    @Jack, @Ken –

    I should’ve been more explicit. Yes, please do install KB2670838. That KB article is now up to version 7.0. In theory, if the patch encounters a system that it’ll nuke, the installer will tell you that it didn’t install the patch. If that happens to you, take a look at the KB article and see if there’s a new video driver which doesn’t have compatibility problems. I haven’t heard of any problems with the patch for about a month.

  • MS-DEFCON 4: Get patched, but don’t install IE 10 or KB 2670838

    With a rather ho-hum collection of patches coming this Tuesday, it’s time to get caught up.

    March’s Black Tuesday patches didn’t ring many bells. But there are two ancillary downloads – and a patch from February that’s still causing problems – that should give you pause.

    First, if you are running Windows 7 and you haven’t updated to Service Pack 1, now’s the time to do it. Microsoft released Win7 SP1 in February of 2011 — yes, more than two years ago — but it just started including SP1 in “automatic update” runs. If you look at your pending updates and SP1 is on the list, block out some time to run it (say, ten minutes, maybe more), and let ‘er rip.

    Second, the late-February patch known as KB 2670838 is still causing problems. The patch should NOT be offered – should not be pre-checked – when you look at the Windows update list. Don’t shoot yourself in the foot, and don’t check the box to install it.

    Third, details are all over the map, but a lot of people are complaining about the new version of Internet Explorer, IE 10, screwing up their Windows 7 systems. Simple solution: don’t install IE 10. If you’re running Windows 8, you already have IE 10, and it doesn’t seem to be causing any problems. If you have an earlier version of Windows, IE 10 isn’t even offered. IE 10 on Win7 seems to be a stinker. Once again, IE 10 is not pre-checked in the update list. Don’t check it.

    As always, avoid installing driver updates from Microsoft (go directly to the manufacturer’s site, or your PC manufacturer’s site), and if you’re offered Silverlight, laugh heartily; uninstall it if you have to.

    With those thoughts in mind, I’m moving us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  • MS-DEFCON 2: Make sure automatic updates is turned off

    This would be a very good time to make sure automatic updates are turned off.

    The magical reversal of Flash on IE 10 in Metro should be part of the big pile of Internet Explorer patches due today.

    Let the other folks get the arrows in their backs.

    I’m moving to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.