Newsletter Archives

• MS-DEFCON 5: A very quiet February

  Posted on February 22, 2022 at 02:45 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 19.08.1 • 2022-02-22

  

  By Susan Bradley

  For the first time in an extremely long time, this month of patching has been so quiet that I’m changing the patching status to the magical level of 5.

  All’s clear. Patch while it’s safe!

  Don’t blink, because it may not happen again. There are so few issues that it feels too quiet, like the calm before the storm. The only thing I’m tracking is a few reports on issues with the 2012 R2 print server, because it broke printing on DataMax label and badge printers. However, I’m not tracking any issues with standalone printers.

  Anyone can read the full AskWoody Plus Alert 19.08.1 (2022-02-22).

  AskWoody Plus Alert AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 5, Patch Lady Posts

• MS-DEFCON 5: Get your systems patched

  Posted on January 10, 2020 at 11:16 CST by woody • Comment in the Forums

  The problems this month — which is to say, the December patches — are relatively benign (as long as you aren’t manually installing WIn7/Server 2008 Security-only patches). If you’re running Win10 version 1903, life’s much simpler.

  Step-by-step instructions in Computerworld Woody on Windows.

  P.S. Yes, that’s an MS-DEFCON 5. Get ’em while the gettin’s good.

  Windows Patches/Security December 2019 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Rare opportunity to get Windows and Office completely patched

  Posted on March 2, 2017 at 10:22 CST by woody • Comment in the Forums

  With few outstanding patches, and all but one well-behaved, now’s an excellent time to get caught up.

  InfoWorld Woody on Windows

  Office Patches/Security, Windows Patches/Security February 2017 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5. Again. Get all Microsoft patches applied

  Posted on July 23, 2015 at 10:29 CDT by woody • Comment in the Forums

  They did it again.

  I’ve been posting MS-DEFCON warnings for seven (eight?) years, and I can’t recall having two MS-DEFCON 5 months in a row. Now we have three in a row.  Hard to believe.

  If you don’t mind having a Windows 10 advertisement stuck in your system tray — it won’t jump up and bite you — just go ahead and install everything that’s offered. If the thought of an obnoxious Microsoft ad on your machine bothers you, skip KB 3035583 and KB 3022345.

   There are a few minor problems with SQL Server 2005, mentioned in my InfoWorld article, but for most of you it’s clear sailing.

  For the third month in a row, I’m moving all the way down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

  The usual admonition applies: Use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source).

  Windows Patches/Security July 2015 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Get patched now

  Posted on June 29, 2015 at 08:48 CDT by woody • Comment in the Forums

  Yes, you read that correctly.

  I’ve been posting MS-DEFCON warnings for seven (eight?) years, and I can’t recall having two MS-DEFCON 5 months in a row. This is a first, and a great time to get caught up on all outstanding Microsoft patches.

  There were just a few minor problems with the June 2015 patches (the whole crop of them, not just Black Tuesday), and May 2015 worked out well, too.

  If you don’t mind having a Windows 10 advertisement stuck in your system tray — it won’t jump up and bite you — just go ahead and install everything that’s offered. If the thought of an obnoxious Microsoft ad on your machine bothers you, skip KB 3035583 and KB 3022345.

  For the second month in a row, I’m moving all the way down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

  The usual admonition applies: Use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source).

  Windows Patches/Security June 2015 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Time to get patched

  Posted on May 31, 2015 at 14:01 CDT by woody • Comment in the Forums

  I’m still amazed but this past month — the May  2015 Black Tuesday crop — has been one of the best-behaved mammoth bunches of patches I’ve seen.

  There were problems, to be sure, but most of them were confined to Microsoft’s insipid attempts to force Windows 10 upgrade advertising down our throats. Considering that was about 1% of all the patches dished out over the month, that’s not a horrible result. Misguided, yes, but not horrible.

  All of the May patches that appear to cause problems — KB 3020369, 3045171, 3057110 — have been fixed or nearly fixed. KB 3020369 can hang at “Stage 3 of 3” during reboot, but we’ve been reassured it isn’t a problem, if you just pull the plug.

  The April stinkers – KB 3048043, 3022345 — have been re-issued and re-issued and, in some cases re-re-re-re-issued. But they now appear to be stable.

  I continue to recommend that you don’t bother with KB 3022345. It’s a Windows 10 come-on. People who install it and then run SFC /scannow get treated to a report of broken system files, but we now know the system files are fine — it’s just that SFC doesn’t like KB 3022345. If you have 302234 installed already, thwack yourself on the forehead, but don’t uninstall it. Ain’t worth the effort.

  The other painful April patch, KB 303814, has been superseded by KB 3049563 on May 12. Another one bites the dust. The painful March IE patch, KB 3032359, was superseded by KB 3038314 in April. Once again, don’t use Internet Explorer unless you really have to. Microsoft’s abandoning it, and so should you. (Okay, I overstate the case, but only by a little bit.)

  So, I’m giving a green light except for KB 3022345, which is an embarrassment that will come back to bite us again. It’s not going to clobber your system, though, so don’t worry about it too much.

  In a rare occurrence, I’m moving all the way down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

  The usual admonition applies: Use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source).

  Windows Patches/Security May 2015 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Get all of your Microsoft patches applied

  Posted on September 24, 2014 at 21:06 CDT by woody • Comment in the Forums

  After last month’s monstrous Black Tuesday debacle, the September Black Tuesday patches had a couple of problems, but they’re resolved now. The two fourth-Tuesday patches are innocuous. It’s time to get caught up on patches, and it would be a good idea to advise your friends to get caught up, too.

  September saw two pulled patches, and both have been re-issued with fixes.

  It’s time to get caught up on all outstanding Microsoft patches. I’m setting the dial at MS-DEFCON 5: All’s clear. Patch while it’s safe. That doesn’t happen very often.

  I’m still ambivalent about installing Internet Explorer 11 on Windows 7.

  Get the patches installed by October 13 – October 14 is the next Black Tuesday, and I’m not expecting any significant patches to appear in the interim. (Although I may be surprised.)

  And the usual fine print:

  For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). I almost never install “Recommended” patches (reader Marty suggests that you uncheck the Windows Update box that says “Give me the recommended updates the same way I receive important updates”). If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind. I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

  Windows Patches/Security MS-DEFCON 5, September 2014 Black Tuesday

• MS-DEFCON 5: Get patched up

  Posted on February 5, 2014 at 20:06 CST by woody • Comment in the Forums

  Microsoft cleaned up its act with the January 2014 Black Tuesday patches. Perhaps there’s some sort of karmic spring involved, but after a year of absolutely dreadful patches, the four doled out in January were relatively benign.

  I’ve heard no new screams about the December PowerShell patch KB 2506143, that caused problems. I’ve also seen no flare-ups about KB 2887069, another patch that gummed up the works in December. Microsoft may have fixed them.

  The late November .NET roll-up, KB 2858725, isn’t generating any more screams than .NET rollups usually encounter. The KB article is up to version 5. I say go ahead and give it a whirl.

  So this is one of the (rare!) occasions when I’m opening the flood gates and unabashedly advising that you apply all the outstanding Microsoft patches.

  I’m moving us to MS-DEFCON 5: All’s clear. Patch while it’s safe. (If I had an MS-DEFCON level 4.5, I’d be tempted to hedge bets a bit, but it’s rare that we hit a lull like this.)

  As usual, if you encounter a patch that isn’t checked for automatic delivery, DON’T CHECK THE BOX. Just let Windows Update install the updates that it’s determined to install. Don’t help it mess you up.

  Windows Patches/Security January 2014 Black Tuesay, MS-DEFCON 5

• MS-DEFCON 5: Get all Microsoft patches applied NOW

  Posted on June 5, 2013 at 09:19 CDT by woody • Comment in the Forums

  There’s never been a better time — at least, not recently — to get all of Microsoft’s patches applied. Go, go, go.

  The lingering problem with KB 2823324 has been fixed with KB 2840149, and the fix (unlike so many other fixes in the past) seems to be working well.

  The May 2013 Black Tuesday patches have passed the “cannon fodder” test. Install them.

  Several of you are still reticent about installing Internet Explorer 10 on your Windows 7 systems. There were some problems with the first iterations of IE 10 running on Win7, but now all looks good. Install it.

  Go, go, go.

  I’m lowering us to a (very unusual) MS-DEFCON 5: All’s clear. Patch while it’s safe.

  Windows Patches/Security May 2013 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Get patched up, and go ahead with Windows 7 Service Pack 1

  Posted on June 5, 2011 at 22:09 CDT by woody • Comment in the Forums

  It looks like the Black Tuesday patches for May 2011 aren’t causing many problems.

  The one exception: if you use Master Plans in PowerPoint 2007, and you have a Plan with multiple Masters, you may have problems with PowerPoint freezing. Master Plans were a new feature with PowerPoint 2007. Chances are good you don’t use them or, if you do, you don’t have any plans with multiple masters.

  I suggest you go into Windows Update and install all outstanding patches.

  I’m also following Susan Bradley’s recommendation in this week’s Windows Secrets Newsletter: it’s time to go ahead and install Windows 7 Service Pack 1. Susan has a lot of experience installing SP1 on many different systems. She recommends that you NOT use Windows Update.

  Susan suggests that you start by going to the Microsoft Technet page that deals with SP1 updates, and follow the Windows Servicing Guy’s recommendations. She further recommends that you download the whole SP1 update – don’t use Windows Update – and install the whole enchilada. (See the warning below! Also, see the Comments for a number of important warnings and recommendations.)

  This is one of those rare times when it appears as if all outstanding Microsoft patches are reasonably safe. (Okay, I’ll still bellyache about the .NET patches, but you’re better off rolling the dice with them now than a week from now.) Accordingly, I’m moving us down to  MS-DEFCON 5: All’s clear. Patch while it’s safe.

  WARNING!!! A good, old friend of mine wrote with this cautionary tale. There’s good reason to apply all of your updates through Windows Update, except for Service Pack 1. Get updated with all of the patches except SP1, then do as Susan says, download SP1 and apply it manually. Here’s Brett’s tale:

  My wife’s computer went dead after she ran Windows Update to bring everything up to date on it. She couldn’t get it to boot until I looked the problem up on the Web and manually applied a fix.

  Turns out that if you run Window Update on a Windows 7 machine that doesn’t have SP1 installed yet, you will usually get a whole list of “important” updates to apply, including SP1. If you do what the site suggests — which is, of course, to install all of the updates– it can be fatal to your machine. Your system will crank away — downloading and updating — and then tell you that it needs to reboot. But thereafter, it will crash on reboot with a message that says, “Fatal error C000003A applying update”. The machine is useless after that unless you take some measures which are definitely not for the non-computer-savvy.

  This happens, as it turns out, because SP1 has to be installed separately from all other updates. But Windows Update doesn’t prompt you to do that. Instead, it leads you right into the fatal error by giving you a list of all the recommended updates, which includes SP1 plus others, and suggesting that you install them all at once!

  Microsoft admits to the problem in KB 975484 and provides a vbs script that you can run to “repair” the system. But you must put the script onto a thumb drive, or burn it onto a CD, on another machine to get things fixed.

  I suspect that a lot of people are going to be hit by this. There are already quite a few anguished complaints on the Web (search for “Fatal error C000003A”).

  Windows Patches/Security Error C000003A, May 2011 Black Tuesday, MS-DEFCON 5, Windows 7 Service Pack 1

• MS-DEFCON 5: Time to get patched

  Posted on September 8, 2010 at 20:29 CDT by woody • Comment in the Forums

  Microsoft’s record-breaking bunch of patches in August seem to me to be ready for prime time. Even the .NET patch looks well-behaved.

  There have been a lot of minor changes in the documentation surrounding the patches, but by and large I haven’t heard any major screams of pain. That’s remarkable, not just because of the .NET patch – .NET patches always cause massive headaches – but also because of the huge Internet Explorer roll-up.

  Of course, the one big gaping known security hole in Windows, the DLL hijacking vulnerability, remains unpatched and intractable. More about that shortly.

  I’m moving us down to MS-DEFCON 5: All’s clear. Patch while it’s safe. And while you’re at it, make sure you understand my recommendations about defending yourself against the DLL hijacking mess, as described in my Infoworld Tech Watch articles.

  Windows Patches/Security August 2010 Black Tuesday, MS-DEFCON 5

• MS-DEFCON 5: Get patched now

  Posted on September 2, 2009 at 19:54 CDT by woody • Comment in the Forums

  There have been a few minor problems with the August Black Tuesday patches, but nothing seems to have turned belly-up. Right now is a good time to get completely patched up – apply all outstanding Microsoft patches.

  Yes, I know there are ongoing problems with the .NET Framework patches, but I’ve already thrown in the towel on those.

  After you’re patched up, make sure your computer is set to notify but don’t download or install updates. Another crop of security bulletins is due next Tuesday.

  I’m moving us down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

  One historical note: Microsoft discovered a bug in Vista Service Pack 2 that caused it to crash some systems with a Blue Screen of Death error 0xc0000034. Details on the TechNet blog. There was also a problem that caused an error 0x0000007e or 0x00000050, which has been fixed in an update to SP2, as documented in Knowledge Base article 973879.

  At this point, those of you running Vista should be absolutely convinced that you want to upgrade to Windows 7. And if you’re definitely going to upgrade to Win7, I don’t see any reason at all to install Vista Service Pack 2.

  Windows Patches/Security 0x00000050, 0x0000007e, 0xc0000034, August 2009 Black Tuesday, KB 973879, MS-DEFCON 5