Wiz's Computer and Website Security Blog

April 8, 2014

As I write this it is April 8, 2014. Today marks the final Patch Tuesday Windows Updates for the XP operating system and also for MS Office 2003. Please run Windows Update from all XP computers, sometime around 2PM your time.

Once you have applied these updates and rebooted, you are totally on your own to protect XP computers from malware, viruses and information stealers. Most anti-virus programs will continue to run on XP and will receive updates for at least one more year. But, none that I have looked into have any real long term commitments planned, with the possible exception of customers who can pay for ongoing support.

If you must continue operating XP computers for some programs that will not run on Windows 7 or newer, follow best security practices, as outlined below.

Continue reading "Some best practice rules for XP computers, after final Windows Updates." »

Posted by Wiz at 12:52 PM | Permalink

back to top ^

December 11, 2012

On Patch Tuesday, December 11, 2012, Adobe and Microsoft released critical updates to some of their software. Adobe Flash has been updated to version 11.5.502.135, fixing a critical vulnerability and Microsoft released 8 critical or important updates. You are strongly advised to update your Windows computers now to protect against exploit kits targeting the patched vulnerabilities.

Windows Updates almost always require a reboot to complete the installing of new system files. This is because such files are in use when the operating system is running and can only be replaced when it is shut down temporarily.

I found out that sometimes Adobe Flash acts the same way as Windows Updates, in not letting go while Windows is running. On my Windows 7 computer, I found it necessary to reboot after upgrading Flash today. This was after I logged into my Administrator level account to run these updates. After the Windows Updates completed and I had rebooted, I upgraded to the new version of Adobe Flash. The "About Flash" results page showed the new version was installed. So, I logged out of the Admin account and into my Standard User account.

But, when I opened Firefox, something caused it to hang repeatedly, making the browser unusable. I Grokked that since the browser was fine when I went to fetch the new version of Flash, but was unstable after upgrading it, the old version must still be lingering, either in the Registry, or as an active file in use. So, I force-closed the browser and rebooted. After logging in again, the problem was fixed. Files in use people...

There is another way to update Flash without rebooting, which I applied to my XP computer, on a hunch. I simply uninstalled Adobe Flash with my browsers closed. This is done via Control Panel, Add/Remove Programs. Once Flash was uninstalled, I opened Firefox, went to Adobe.com and downloaded a new copy of Flash Player. When the download completed, I opened the download location, closed the browser, then ran the Flash installer. After the installation completed I opened my browser and everything worked normally. So, you can use this method to flush out an old version of a browser plug-in, rather than rebooting.

By the way, Adobe provides a Flash uninstaller, as a stand alone Windows executable that you can run from your downloads folder. It gets rid of both the Firefox and Internet Exploder versions of Flash at the same time.

Continue reading "It's time to update Adobe Flash and Microsoft Windows!" »

Posted by Wiz at 11:50 PM | Permalink

back to top ^

July 6, 2012

On July 2, 2012, I published an article detailing a vulnerability in Microsoft's XML Core Services that is being exploited in the wild. A Fix It Tool link was given to use as a workaround until an official patch can be released. That patch is to be released through Windows Update Services on Patch Tuesday, July 10, 2012.

The exact details are yet to be announced, as to any additional files or Registry settings that will be changed when the official patch is released, compared to the Fit It Tool modifications. If you have applied the Fix It Tool, continue to use it until Tuesday afternoon at the equivalent of about 2 PM Eastern Time, July 10. If you downloaded the second, unFix It Tool, run it on the 10th to reverse the changes. If you did not download the unFix It tool, go to the Microsoft Advisory KB2719615 page and see if they left the two Fix It buttons on the page. If so, use the button on the right, under "Disable" (#50898), to download and run the Fix It Tool that reverses the changes.

Note: The Fix It Tools are .msi files which require Administrator level credentials. You will have to answer a UAC challenge (under Windows 7, Server 2008+ and Vista) to proceed and you may need to provide an Administrator password, depending on what type of user account you are logged into. XP users will need to log into an Administrator level account, because "Run As" doesn't usually appear for .msi file types (unless you have hacked your Registry).

After running the aforementioned unFix Tool, go directly to Windows Updates and download all applicable patches for your Windows computers. Doing this immediately minimizes your exposure to an attacks targeting the XML Core Services. This is especially so because many people use Internet Explorer to visit the Windows Update site and Internet Explorer is the main conduit for the XML vulnerability being exploited in the BlackHole Exploit Kit.

Posted by Wiz at 9:52 AM | Permalink

back to top ^

June 12, 2012 was a huge Patch Tuesday, with Adobe, Microsoft and Oracle all releasing patches to fix critical vulnerabilities in their software. The affected programs include Adobe Flash, Oracle Java and Microsoft's Windows Kernel, Internet Explorer, .NET and Remote Desktop software.

I have already published a blog article today about the Java update on 6/12/2012. You need to update Java now, if you have it installed. The BlackHole Exploit Kit is targeting vulnerabilities just patched.

If you have Windows computers, running on XP (w/SP 3), Vista, 7 or Server 2003 or 2008, you need to use your Windows Update link on the Start Menu, or in Control Panel, to check for and install between 7 to 11 or more patches, rated from Important to Critical. The actual number of patches you receive depends on what, if any, Office and .NET programs you have installed, You will need to restart the computer to complete the updates. If you use Internet Explorer, you can go to Windows Updates via a link in the Safety menu item.

Adobe Flash was simultaneously updated on the 12th, to version 11.3.300.257 for most users. An Adobe Security Advisory describes how previous versions are being exploited and how this new version plugs those holes. It also lists the affected versions for other operating systems and devices, like Mac and Android. If you use Flash at all, it needs to be updated NOW. Malware exploit kits have been updated to target the vulnerabilities that were just patched.

To update Flash, go to www.adobe.com, click the link for Flash, then download the version for your browser. If you use Internet Explorer and Firefox, Safari, Opera or Chrome, there are separate downloads. IE uses an ActiveX version, while Firefox, Safari and Opera use another plug-in version and Google Chrome uses a special, bundled version, requiring you to update Chrome itself ( go to Tools > About Google Chrome and it will begin checking and updating if necessary).

After you update Flash in all of your browsers, they need to be closed for the upgrade to take. You may even need to reboot the computer to flush out a previous version if it was in use during the update process.

I believe it is a good thing that these major software vendors have released critical updates on the same day and time period. This allows users to perform multiple security updates sequentially or simultaneously, restart once, then get back to work.

All of the above updates require Administrator privileges. While you can perform these updates as a Standard User, via "Run As Administrator" it is really best to log into an actual Administrator level account first, since you will have to reboot after installing these updates.

Posted by Wiz at 12:08 PM | Permalink

back to top ^

Adobe Systems has published an advisory announcing that they will be releasing an "out-of-band" patch, sometime during the week starting on December 12, 2011, for their Acrobat and Reader programs for Windows, version 9.4.6. This is in response to cyber criminals exploiting a critical vulnerability discovered in the code used by those related programs.

The same vulnerability being exploited in Reader 9.4.6 also exists in the newer version 10.1.1 of Adobe Reader X and Acrobat X. However, those programs operate by default in protected mode, which nullifies the exploit vector being target in the ongoing attacks. Nonetheless, Adobe has scheduled a security update for these newer versions, to be released on January 10, 2012. That update will apply to all supported platforms of Adobe Reader.

If you use the Foxit PDF reader, they have released a new version to respond to the same vulnerability as exists in Adobe's Reader (see Foxit security notice here). You can download the latest version (5.1.3) of Foxit from their website.

Microsoft is going to be releasing 14 patches on December 13, 2011. Be sure you check for these Windows Udates during the afternoon of this coming Patch Tuesday. You may or may not need all 14 patches, depending on your Windows operating system and installed Microsoft Office programs. If you use Windows XP, with SP 3, you are definitely going to get a lot of patches! If you haven't upgraded to SP 3, your PC is in extreme danger of takeover by numerous vulnerabilities that were patched, but require SP 3 to receive them.

Other software vulnerabilities being exploited in the wild this week include a critical flaw in Yahoo Messenger 11.5.0.152 and older. This happens to include the current version! The World waits with bated breath for Yahoo to respond with a patched update. The flaw allows hostile status update messages to be placed by hackers and criminals, with links to malware servers. The victims are unaware that their status message system is being used to trick other people on their Yahoo Messenger contact lists.

To protect themselves until a patch is released, Yahoo users should set their Yahoo Messenger to "ignore anyone who is not in your Yahoo! Contacts." That should keep you safe from being exploited by strangers, but you could still be tricked if one of your existing contacts gets hacked. Keep this in mind and check for updates regularly, via the Yahoo Messenger Help menu item.

Continue reading "Adobe and Windows critical patches coming in mid-December and January" »

Posted by Wiz at 3:10 PM | Permalink

back to top ^

On Patch Tuesday, January 11, 2011, Microsoft re-released an update that fixes the three issues identified in the December 14, 2010 Office Update for Microsoft Outlook 2007 (see my extended content for details). The original December update was withdrawn three days later, following numerous complaints about problems caused by that update. The new update released on January 11 was distributed by Microsoft Update and referenced as updated KB article KB2412171.

If you did not uninstall the December Update for Outlook 2007, then the update released on Tuesday, January 11, will fix the three known issues which you may be experiencing. It can be installed over the previous patch; thus, patching the patch.

If you did uninstall the December Update for Outlook 2007, then you can benefit from the new January update. To receive the January 11 update you can either run Windows Update on your computer; or download and install the update directly from the Microsoft Download Center. If you have automatic updates enabled, you will receive this update automatically.

Coincidentally, This re-released Office 2007 update has also patched a long standing vulnerability in the allowable Dynamic Link Library path; which was being targeted in published exploit kits used by hackers and criminals. The list of known applications affected by that particular Dll path vulnerability are listed on the Insecure Library Loading advisories page, on Secunia.com. Microsoft had 20 of its programs listed as being exploitable. Now, half have been patched; and it took five months to fix those 10. The list first appeared on August 24, 2010.

Continue reading "Microsoft re-releases previously canceled update for Outlook 2007" »

Posted by Wiz at 5:59 PM | Permalink

back to top ^

It has been reported that one of the Microsoft Updates of December 14, 2010 is causing serious trouble for many users of Microsoft Outlook; a popular desktop email client. According to a blog article just published on the MSDN, the three major issues have been reported by a significant number of people who applied patch number KB2412171.

These three issues were identified in the December 2010 update for Outlook 2007:

1. Outlook fails to connect if Secure Password Authentication (SPA) is configured for an account and the mail server does not support SPA. This is important for Google Gmail users because Gmail does not support SPA. Outlook customers using Gmail who have the SPA option turned on cannot connect to Gmail.


2. Noticeable performance issues are experienced when switching between folders if you do not have a Microsoft Exchange Server account configured in Outlook. Switching folders might take several seconds depending on the performance of your computer. This issue only applies when you use an IMAP, POP3, or Outlook Live Connector account, such as Windows Live Hotmail, and do not have an Exchange Server account configured in the same Outlook profile. To determine if you are using an Exchange Server account, see the help article What is an Exchange account?


3. AutoArchive cannot be configured for IMAP, POP3, or Outlook Live Connector accounts if there is no Exchange Server account configured in the same Outlook profile. If you previously configured AutoArchive, no additional items are archived.

If, after applying the December 2010 Microsoft/Windows Updates you are experiencing any of the listed issues with Outlook 2007, it is recommended that you uninstall December 2010 update KB2412171 by doing the following:

Uninstalling KB2412171 on Windows 7 or Windows Vista

1. Click Start, and then click Control Panel.


2. Click Programs, and then under Programs and Features, click View installed updates.


3. Click the entry for KB2412171, and then click Uninstall.

Uninstalling KB2412171 on Windows XP

1. Click Start, and then click Control Panel.


2. Click Add or Remove Programs, and then make sure that the Show Updates check box is selected.
3. Click the entry for KB2412171, and then click Remove.

If you have deleted the files that remove Windows Updates (by running Ccleaner, etc), you can run System Restore to the time prior to the December 14 updates being installed. Afterward, go back to Microsoft/Windows Updates and download everything but the flawed Outlook patch (KB2412171), which was pulled off the Updates service.

Once Microsoft sorts out the cause of these problems they will re-release KB2412171 for MS Outlook. It will be pushed out via Automatic Windows Updates, or once again, via manual updates.

Posted by Wiz at 11:16 AM | Permalink

back to top ^

There have been some very important security updates issued over the last 3 weeks, for commonly used and exploitable programs. Also, critical patches are due to be released by Microsoft, on Dec 14, via Windows Updates. Patching vulnerable software will help you protect your computers from hostile takeover, and/or having them drafted into spam botnets.

Here's the rundown of the latest updates that affect millions of computer users, the World over.

Update!
Google Releases Chrome 8.0.552.224
added December 14, 2010

Google has released Chrome 8.0.552.224 to address multiple vulnerabilities, just 11 days after their previous security update. Apparently, they missed fixing something on Dec 3. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Google Chrome 8.0.552.215
On December 3, 2010, Google released an updated Chrome browser,version 8.0.552.215, to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. Use the built-in updater to download the latest version of Chrome. Alternately, visit the Chrome download page and get the newest version there.

Apple QuickTime 7.6.9
On December 8, 2010, Apple released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. You can use the updater in the Windows Control Panel icon, or your start menu Apple Softeare Updates shortcuts to download the latest version of QuickTime, or the previous link. Mac users can use the Apple Software Updater.

WordPress Version 3.0.3
On December 9, 2010, WordPress has released WordPress 3.0.3 to address a critical vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. You can review the information about this update, and get the latest version for your websites, on the Wordpress v3.03 details page.

Firefox 3.6.13
On December 10, 2010, the Mozilla Foundation released Firefox 3.6.13 to address 11 vulnerabilities, 9 of which were rated as Critical. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released Firefox 3.5.16 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.

Firefox users should receive this update automatically. If you didn't, you can download the current version of Firefox here. You can also use the Help menu Check for Updates link in Firefox browsers.

Microsoft Releases Advance Notification for December 2010 Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins, covering about 40 vulnerabilities. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rating of important and will be for Microsoft Windows, Office, and SharePoint. The remaining bulletin will have a severity rating of moderate and will be for Microsoft Exchange. Release of these bulletins is scheduled for Tuesday, December 14, 2010.

A simple step you can take to keep your exploitable software up to date.

You can use the Secunia Online Software Inspector to check for any out-dated software you may be running, along with links to get the newest versions of same. The report also shows any missing Windows Updates. I run it once a week and recommend you all do the same. They also have a downloadable version, called the PSI, that lives on your PC and checks for a much larger number of out-dated or end-of-life software programs.

Finally, the Windows Applications Insecure Library Loading list has now grown to 337 applications, including 19 from the Microsoft Mothership itself. In all, 97 different vendors have at least one, if not many more programs that could be exploited by a hostile script taking advantage of the dll path vulnerability described in the Microsoft Advisory of August 23, 2010.

With many of the threats targeting the vulnerabilities that were recently patched in these programs, it is imperative that you have up to date anti malware programs running on your PCs. I recommend Trend Micro Internet Security, with its in-the-cloud Smart Protection Network and instant definitions, and also Malwarebytes' Anti-Malware (licensed version for active protection and auto-updating). You may have to install Trend Micro first, then MBAM. That's because TM doesn't like competing products to be already running where it is installed.

Posted by Wiz at 3:43 PM | Permalink

back to top ^

On Monday, November 2, 2009, Microsoft began using Automatic Windows Updates to forcibly push out a re-release of a critical patch for its Internet Explorer browsers. Monday's hotfix, named KB976749, targeted MS09-054, originally released on October 13, 2009. That update patched four vulnerabilities, all "critical," in Internet Explorer. It was the third fix released for last month's Windows Updates! Whew!

Microsoft Knowledge base article KB976749 outlines the two issues, one that scrambles Web page elements, while the other spawns a "Type Mismatch" script error on sites that use VBScript, or a mix of VBScript and JavaScript. That article is titled: "An update is available for Internet Explorer that resolves issues that occur after you apply security update 974455 (MS09-054)."

The following warning appears on the aforementioned page:

Important Do not install this update if you have not installed security update 974455. If you install this update without first installing security update 974455, Internet Explorer may not work correctly. If this occurs, uninstall this update, install security update 974455, and then reinstall this update.

This update affects all versions of Internet Explorer, from 5.01 through 8.x. So, if you applied last month's Windows Updates (Oct 13, 2009) and allowed the IE patch to be installed, you will need to install this patched patch.

Many people will have already received this update automatically by the time I published this blog article. It requires a reboot to install the patch and you will be logged off and your PC will restart automatically, unless you intercept the pop-under notice giving you a 15 minute warning before shutdown (Maybe it was 20 minutes to start. When I first noticed it the timer said 15 minutes). Even Power Users and probably Limited Users are affected by the automatic installation and reboot process, if your PC is set to install Windows Updates automatically.

BTW: The "Restart later" button was grayed out for me, so I was forced to save all work in progress, close open applications to avoid data loss, then use "Restart Now" to let the inevitable update complete. The aggravating part of this process was that I don't browse at all with Internet Explorer! I only open it to obtain Windows Updates, after logging into a Administrator level account, or to check layouts of websites I design and maintain. I do all daily browsing on Mozilla's Firefox, using latest version. I operate as a Power User and was forced to allow the installation and forced reboot. Not much finesse on Microsoft's part.

Note, that if this patch causes you more problems that it solves, you can uninstall it via Control Panel > Add/Remove Programs, with the Show Updates option checked. After rebooting you will be rolled back to the previous state of "patchedness."

Note also that one can only avoid these forced installation/reboot routines by disabling Automatic Windows Updates. Anything less will allow critical patches to be downloaded and installed if you are browsing on a less privileged account type. People who (foolishly, in my opinion) insist on using Administrator level accounts will at least see the gold shield tray icon notification that an update is available. or has been downloaded. By the time a Power User sees the shield, the countdown timer has starting its countdown to a forced restart.

Posted by Wiz at 5:38 PM | Permalink

back to top ^

July 25, 2009

There are some new vulnerabilities to be alerted to that are being exploited in the wild right now and may impact you. Some affect Windows computers, while others are cross platform (Linux, Mac, Solaris). Foremost among the vulnerable software are Internet Explorer, Visual Studio components and three Adobe programs.

First off, Microsoft just announced that they will be releasing two out-of-cycle security patches on Tuesday, July 28, 2009. This is very rare for Microsoft, who mainly stick to a Patch Tuesday happening just once a month schedule. The two vulnerabilities are being actively exploited in the wild and cannot wait until August 11 to be fixed. Too many PCs would be compromised by then.

If you have followed Microsoft's recommendation and set your Windows PCs to download and install Windows Updates Automatically, you will receive them sometime during the day of July 28, 2009, depending on where you are located. For folks living in the Eastern US time zone these updates will probably show up around 2 PM. If you are going to be away from your PC during that afternoon you should save any work in progress, because Windows Update will reboot your computer without interaction, if required to install those updates, after popping up a pending shutdown alert. If you aren't there to dismiss that alert your PC will be automatically rebooted to finish installing these critical patches.

Adobe has three products being exploited by cyber criminals this week. They are Adobe's Acrobat, Reader and Flash Player. This time the exploit lies in the way in which Adobe Reader and Acrobat are set to automatically run embedded Flash code whern a person opens a .pdf document (pdf = Portable Document Format) in any current version of Reader or Acrobat. In case you were wondering, Acrobat is an expensive program used to create pdf documents. Reader opens them for reading and printing. Flash is active content for interactive forms and video presentations on web pages, or for embedding into pdf files. YouTube videos are encoded using Adobe Flash and are viewed in Flash Player.

Adobe will be releasing patches on two days this month. An update for Flash Player v9 and v10 for Windows, Macintosh, and Linux will be available by July 30, 2009. They expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. While you patiently wait for those patches you can protect you computers from getting hacked from hostile pdf documents by applying two officially recommended workarounds.

UPDATE:
August 2, 2009

Both Microsoft and Adobe did release the promised, out-of-band, critical updates, fixing the reported vulnerabilities in Microsoft's Internet Explorer and Visual Studio ATL and in Adobe's Flash, Reader and Acrobat. If you have not already done so, please run the Secunia Online Software Inspector, to see what insecure software is installed on your computers. Download links are provided in its report.

Note: If you are a programmer and have written any code that utilizes the Microsoft Visual Studio ATL, you may need to make changes to get those controls working again. See this MSDN page for more information about how the security update of 7/28/09 will impact your code.

Details about the Adobe vulnerabilities and their workarounds are in my extended content.

Continue reading "Microsoft and Adobe to release out-of-band patches" »

Posted by Wiz at 6:29 PM | Permalink

back to top ^

This article is in regard to Microsoft Security Advisory 961051: Vulnerability in Internet Explorer Could Allow Remote Code Execution, which was published on December 10, 2008 and last updated on December 15, 2008.

In the above Security Advisory Microsoft revealed that a critical vulnerability was reported in all versions of Internet Explorer, from versions 5 through 8 beta. There are already exploits in the wild compromising computers around the World, but it seems to have begun in China. In fact, these exploits began occurring the same day the last Windows Updates were pushed out, making this a zero-day exploit. The exploit code is being hosted mostly on exploited Windows IIS web servers and is installed by exploiting SQL Injection vulnerabilities that have not been patched by system administrators. From what I've been reading there are a lot of Windows-based servers that are not keeping up with critical patches!

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

Users who operate from less privileged accounts will be less impacted than those operating as computer administrators. Also, using "Protected Mode" in Internet Explorer 7 and Internet Explorer 8 Beta 2 in Windows Vista limits the impact of the vulnerability.

Microsoft and other security sources have recommended several temporary workarounds to mitigate this vulnerability, including disabling automatic processing of ActiveX Controls in the Internet and Intranet zones. If you have ever changed the settings for ActiveX to "Prompt" you know that the browser will literally drive you nuts with pop-ups asking for permission to run an ActiveX Control. In these cases it is best to just disable ActiveX completely and wait for a patch to be released, then re-enable it. In any case, if you have applied any of the temporary workarounds listed in kb961051, you should undo them after applying the upcoming patch.

In response to the urgency of this vulnerability, Microsoft is releasing an "out-of-band" patch on December 17, 2008. This is the second unscheduled patch released this calendar year and both are in regards to zero-day exploits in the wild. If your computer is set to download and install Windows Updates automatically this will happen sometime on December 17. If you perform your Windows Updates manually, begin checking for "Express"updates during the afternoon (USA) of December 17, 2008. The official release time for the USA and Canada is 1 PM Eastern Standard Time, which is 6:00 PM or 18:00 Hours GMT.

This patch may require you to restart your computer, but definitely Internet Explorer.

Computers that are protected with Trend Micro Internet Security or Security Pro are already protected against this "web threat." This is because those products include constantly updated protection from hostile codes in compromised (or purposely hostile) web pages.

Posted by Wiz at 7:30 PM | Permalink

back to top ^

Today, July 8, 2008, is Patch Tuesday for supported Microsoft operating systems, so I dutifully visited Microsoft Updates manually and installed the DNS patch referred to in this bulletin: Microsoft Security Bulletin MS08-037 – Important: Vulnerabilities in DNS Could Allow Spoofing (953230). This is rated as an "important" patch by Microsoft. Applying this patch is supposed to protect one's PC from DNS spoofing attacks.

However, the patch appears to be overzealous in its implementation. After restarting Windows I was unable to access the Internet whatsoever! I had to use System Restore to rollback to just before I installed this patch, then I was able to get back online and write this article.

I recommend that my readers use caution before installing this patch today. First, be sure you have System Restore turned on. Even then you could wait until tomorrow in case Microsoft discovers the problem and patches the patch!

I don't know if this loss of connectivity was caused by the patch itself, or by a bad interaction with one of my security applications. Therefore, I am going to list my operating system and security program details, in case any of you have a similar setup. This might save you from having to run System Restore, or reinstalling Windows if you have System Restore turned off.

My setup:
OS: Windows XP Professional with Service Pack 3
All previous Windows Updates were installed; I am fully up to date.
No viruses, no spyware, no hostile LSPs are present after multiple scans.
I operate as a Power User, not an Administrator, except to run Windows Updates, install drivers, or uninstall applications requiring administrator privileges.

My security is provided by the following applications:
Avira AntiVir Free current version and up to date (no problems)
Trend Micro Web Protection Add-on v 1.2 (90 day trial - works perfectly)
>> ZoneAlarm Personal Firewall Causes this problem! (See extended comments)
Spybot Search and Destroy 1.5.2, without Tea Timer (no resident module)

Everything returned to normal as soon as I restored my PC to just before I installed Windows Update MS08-037, a.k.a: Kb953230. Knowledge Base article Kb953230 is found here and has a list of known problems that users are experiencing after installing this flawed update. They need to go back to the drawing board with this patch. I recommend that you read the aforementioned article before installing the patch on your computer.

I'll add information as a follow-up, once I learn the exact cause of my loss of Internet connectivity, as relates to patch #MS08-037.

The cause and solution for my loss of Internet connectivity after applying MS patch MS08-037 has been found and is detailed in my extended comments.

Wiz

Continue reading "Windows Update MS08-037 broke my Internet connectivity today" »

Posted by Wiz at 2:12 PM | Permalink

back to top ^

On March 20, 2008, I published an article on my blog about the release of Windows Vista Service Pack 1 and problems it was causing for some customers. Today, I learned some specifics about one of the pieces of hardware which is especially problematic for SP1 upgraders. That hardware is the Intel 945G Express series chipset that is found in thousands of computers that are being distributed and have been for the last year or so. I was building computers with Intel motherboards containing the 945G chipsets last summer. Most of these computers were loaded with XP Professional, but many were getting Vista Business installed. They all worked fine with the initial release of Vista, but that has come to a sudden halt, with the release of Vista SP1, for those machines.

The 945G Express chipset driver versions between numbers 7.14.10.1322 and 7.14.10.1403 won't work with Vista SP1, according to Microsoft. These chipsets are found in Asus and Intel OEM motherboards, and major name brands, like Gateway, Lenovo, Hewlett-Packard and others. The 945G Express chipset includes Intel's GMA 950 graphics core, which also won't work with Vista SP1 if those drivers are used. Intel has released updated drivers for the 945G Express chipsets, to the manufacturers of the motherboards and computer builders using them. You should visit the support website for your computer builder, or motherboard, to update all of your hardware to the latest drivers before even attempting to install SP1. Note, that in the case of certain drivers, Microsoft itself may release updated versions that are compatible with Vista SP1, via Automatic Windows Updates, or manual Microsoft Updates. If all else fails and your motherboard is made by Intel, go to their website, input your motherboard part number and look for the latest Vista drivers. The Intel 945G chipset information page is here.

Admittedly, this is a bunch of techno-babble to most people, but, if you attempted to upgrade to Vista SP1 and your motherboard hardware has all yellow exclamation marks next to each chipset, in Device Manager, you will want to understand what is causing it and where to start looking for solutions.

Posted by Wiz at 10:33 PM | Permalink

back to top ^

On Tuesday, March 18, 2008, Microsoft released the first service pack, SP-1, for general dispersion, via Windows Updates. Microsoft describes the improvements contained in this service pack, as follows:

"In addition to all previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. SP1 also continues to make it easier for IT administrators to deploy and manage Windows Vista. Service Packs are not intended to be a vehicle for releasing significant new features or functionality; however some existing components do gain slightly enhanced functionality in SP1 to support industry standards and new requirements."

For most users the update to Vista SP-1 has been going smoothly, but there are others who are not so fortunate. Those folks are experiencing driver failures after rebooting from the upgrade process. Let's look into what is going wrong and what can be done to either prevent, or correct this problem.

Microsoft has been testing SP-1 for quite a while now and already knows about which hardware device drivers will experience trouble after the upgrade. For this reason Microsoft has been releasing its own driver updates for some of the most widely deployed chipsets which are at risk of failing during the upgrade to SP-1. Among those chipsets and drivers is the widely used Realtek AC97 audio device. Also listed as needing updated drivers are the following: SigmaTel, Creative Audigy and Conexant HD Audio. An Intel display driver also needs to be updated. I recommend visiting the Microsoft Support page describing these affected devices. On that page you are urged to visit the manufacturer's websites to search for updated drivers. This is always your best first option regarding device drivers. However, in the case of the Realtek drivers, Microsoft has written and made available its own upgraded driver and is making it available via Microsoft Updates.

When you run Microsoft Updates it will first check your installed hardware to see if any devices are on the list of affected hardware. If so, you will be offered an optional hardware update to fix that driver, in preparation for the installation of SP-1. Note, that these devices may be functionally perfectly under the initial release of Windows Vista. However, until you update the affected drivers you will not be offered the update to service pack 1. This is to protect your computer from device failures upon installing SP-1 and rebooting. Some of you may be tempted to go to the Microsoft download site and install the service pack manually. If you haven't taken care of the driver compatibility issues you will experience problems, such as are described on this Microsoft Support page. The following is a quote from the Microsoft Vista SP-1 Support page titled "Things to know before you download."

"Some Windows Vista users may encounter an issue with a small set of hardware devices that may not function properly after updating a Windows Vista PC to Windows Vista SP1. This is an issue with the way the device drivers were re-installed during the Windows Vista SP1 update process, not with the drivers themselves—these drivers worked on Windows Vista RTM and they work on Windows Vista SP1. This problem is typically corrected by simply uninstalling and reinstalling the driver. We are working with the manufacturers of these devices to get the known problematic drivers and their install programs updated, and also on other solutions we can use to ensure a smooth customer experience when updating to Windows Vista SP1 using Windows Update. For new PCs provisioned with Windows Vista SP1, this is not an issue."

Continue reading "Windows Vista SP-1 released - some driver problems reported" »

Posted by Wiz at 4:00 PM | Permalink

back to top ^

Yesterday, in an unusual move, Microsoft issued an out-of-cycle patch through it's automatic Windows Updates service. This update fixes issues caused by the US changes to Daylight Saving Time.

In a very long Microsoft support article titled "August 2007 cumulative time zone update for Microsoft Windows operating systems" (kb933360), the company explains the reason for this re-release of the DST patch originally issued in January 2007.

This update supersedes and replaces update KB931836, released in January 2007. This update also includes additional time zone changes that were signed in to law after update KB931836 was created.

In a deja vu moment the new information includes the following caveat:

Important Before you apply the update that is described by this article, be aware of potential issues that may affect Microsoft Office Outlook.

See this Microsoft article; kb931667, for details about how to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook.

Kb931667 APPLIES TO:
• Microsoft Office Outlook 2007
• Microsoft Office Outlook 2003
• Microsoft Outlook 2002 Standard Edition
• Microsoft Outlook 2000 Standard Edition

If you want a complete white paper describing these issues just read the new knowledgebase article. Otherwise, just download the patch manually, if you haven't already received it via Automatic Windows Updates.

Interesting note to Limited Users and Power Users
As a Windows XP Professional "Power User" I am not accustomed to seeing Windows Updates unless I have logged into an Administrator level account. But, last night, as I was turning off my computer I saw a notice that an important Windows Update was waiting to be installed and to "Click Turn Off to continue installing it." In a few moments my DST patch was installed and my 'puter shut itself off for the night. This is good news for it provides a means to deliver system level patches to users operating with reduced user privileges, for their own protection. It's actually the second time this year that I have received a Windows Update while signing off for the night.

For those who are curious about why I would run with less than administrator privileges, read my blog article titled "Limited User Privileges Protect Against Malware Infections."

Continue reading "Microsoft Issues Out-Of-Cycle Time Zone Patch via Windows Updates" »

Posted by Wiz at 9:35 PM | Permalink

back to top ^

Attention Microsoft Windows 2000, XP, Vista and Server 2003 users! Patch Tuesday is coming on May 8, 2007. Here are the details about the patches being released through Windows Update Services.

On Tuesday 8 May 2007 Microsoft is planning to release:

Security Updates

. Two Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).

. Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

If you have set your computer to download and install updates automatically they will do so. Otherwise, be sure you check manually throughout the afternoon of May 8, 2007.

Note for Mac computer users:
Apple released major patches and updates last week for numerous Apple programs, including QuickTime Player. It is extremely important that you apply these updates if your computer is on the Internet. Use the built-in Software Update utility to obtain these fixes.

As sometimes happens there may be software incompatibility problems that arise after these updates are released and applied. If I learn of any significant issues I will post about them here.

Posted by Wiz at 12:50 PM | Permalink

back to top ^

Original posting date: 04/03/2007 - Updated on 04/19/2007

If you installed the KB925902 Windows Update patch, released on April 3, 2007, and rebooted to see the following error message, I have solutions for you.

Rthdcpl.exe (or other file) - Illegal System DLL Relocation
"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."

This problem occurs when the Realtek HD Audio Control Panel (Rthdcpl.exe) by Realtek Semiconductor Corporation, or AVG 7.5, or certain other applications are installed, which use Hhctrl.ocx. The name of the file causing the conflict will be related to the application it belongs to. The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if a program loads the Hhctrl.ocx file before the program loads the User32.dll file. A list of the applications known to be affected are in my extended comments.

If this happened to your Windows computer, please read this Microsoft Knowledge Base article:

935448 Certain programs may not start, and you receive an error message on a computer that is running Windows XP Service Pack 2: "Illegal System DLL Relocation"

You can read the details about the cause of the problem and download a Hotfix from that page which addresses the issue with the Realtek and other listed device drivers and applications. Alternately, install update 935448 by using Automatic Updates or by using Microsoft Update. To use Microsoft Update, visit the following Microsoft Web site: http://update.microsoft.com/microsoftupdate

Or, better yet, go directly to the manufacturer - Realtek drivers download page and download the newest audio driver (Realtek has released version 1.64 to address this problem), which corrects the above mentioned problems and also works with Windows Vista operating systems.

If you are using another program that is on the affected list, such as AVG Anti Virus Control Center 7.5, check for updates from the manufacturer, which will correct the underlying problem. Most of these updates may require a reboot to install completely, If no updates are available yet, apply the hotfix listed above (for validated copies of Windows XP SP-2 only).

A list of applications known to be affected is below, in the extended comments...

Continue reading "Hotfix for User32.dll error caused by April 3 Windows Update" »

Posted by Wiz at 7:16 PM | Permalink

back to top ^

October 10, 2006

Today is Patch Tuesday as Microsoft rolls out it's newest critical patches and security updates. If you have turned on Automatic Windows Updates you will receive some or all of the available updates, pertaining to your particular computer, sometime today. If you do not have Automatic Updates turned on you should manually visit the Windows or Microsoft Updates website to download and install all available patches. Some of these patches will require a reboot to install them.

Keeping your computer up to date with Windows Updates is critical for keeping your computer safe from the latest threats that are being exploited in the wild.

However, this is not the end of securing you computer. You also need to run up-to-date anti virus and anti spyware applications. There are links to various security programs in the right sidebar and in my ads on these pages.

You should also consider reducing your permissions to that of a Limited User, for your daily browsing and emailing user account. See my blog article about running as a Limited User and how this can protect you against most malware threats.

Posted by Wiz at 2:26 PM | Permalink

back to top ^

On 8 August 2006 Microsoft is planning to release:

Security Updates

. Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.

. Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

. Microsoft will release twoNON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:
. TechNet Webcast: Information about Microsoft's Security Bulletins
. Wednesday, August 09, 2006 11:00 AM Pacific Time (US & Canada)
WebCast Link

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 8 August 2006.

Posted by Wiz at 7:14 PM | Permalink

back to top ^

Microsoft Security Bulletin Advanced Notification

On 11 July 2006 Microsoft is planning to release:

Security Updates

. Four Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer and the Enterprise Scan Tool. Some of these updates will
require a restart.

. Three Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS).

. Microsoft will release one NON-SECURITY High-Priority Updates
on Microsoft Update (MU) and Windows Server Update Services (WSUS).

End of support for Windows 98, 98 Second Edition and Millenium Edition.

There will be no further updates or patches released for the aforementioned operating systems, as support for them ends on the morning of July 11, 2006. Anybody who is still using Windows 9x or ME is at increasing risk from Internet threats that are no longer going to be patched by Microsoft. You are strongly advised to obtain a newer, supported operating system, such as Windows XP.

You can obtain a legal, license-able copy of current Windows operating systems from Tiger Direct, at a much lower price than Microsoft charges for just a license. View all versions of Windows Operating Systems available from TigerDirect

Posted by Wiz at 9:56 PM | Permalink

back to top ^

Support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006. Microsoft will end public and technical support by this date. This also includes security updates. Microsoft is providing final notifications to customers to end the extended security update support for these products.

Microsoft is ending support for these products because they are
outdated and these older operating systems can expose customers to security risks. We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP, as soon as possible.

Continue reading "Final notification about the end of Win98, Win98SE and WinME support" »

Posted by Wiz at 9:42 AM | Permalink

back to top ^

Microsoft Security Bulletin MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Affected Software:
< snip >...
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Frequently asked questions (FAQ) related to this security update

If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139. Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall, as discussed in the workarounds section below.

Will Microsoft issue security updates for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) sometime in the future?
Microsoft has extensively investigated an engineering solution for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). We have found that these architectures will not support a fix for this issue now or in the future.

If you connect to the Internet with a Windows 98 or ME computer you will be at risk from past, present and future threats, with no help coming from Microsoft after July 11. Microsoft is discontinuing ALL support and patches for Windows 98, Windows 98 S.E. and Windows M.E., effective on the evening of July 11, 2006.

"Critical security updates will be provided on the Windows Update site through July 11, 2006. Microsoft will not publicly release non-critical security hotfixes for Windows 98, Windows 98 Second Edition, or Windows Millennium Edition."

If you are still using one of those operating systems on a computer that connects to the Internet, you are strongly advised to scrap it and get something up to date, with an operating system that is still supported by Microsoft, or get a new Mac instead. In the meantime, add as much anti-virus, anti-spyware and firewall protection as you can find, that will work on your OS, and download as many Windows updates as you can, then buy a disk imaging program and make a copy of the fresh OS, with all patches and security programs in place. Burn that to a CD for use if your OS crashes or gets invaded by a virus, backdoor, trojan, worm or spyware.

Posted by Wiz at 10:33 PM | Permalink

back to top ^

On 13 June 2006 Microsoft is planning to release:

Security Updates

. Nine Microsoft Security Bulletins affecting Microsoft Windows. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer and
the Enterprise Scan Tool. Some of these updates will require a
restart.

Note that, as discussed in Microsoft Security Bulletin MS06-013, with
the release of one of these bulletins, support for the compatibility
patch discussed in Microsoft Knowledge Base Article 917425 will
cease.

This means that all users who apply this security update will receive
the ActiveX update discussed in Microsoft Knowledge Base Article
912945 regardless of whether or not they have applied the
compatibility patch discussed in Microsoft Knowledge Base Article
917425.

Administrators are encouraged to review the following articles prior
to release and take appropriate steps for their environment:

- Microsoft Security Advisory 912945 - Non-Security Update for
Internet Explorer:
http://www.microsoft.com/technet/security/advisory/912945.mspx

- Microsoft Knowledge Base Article 912945:
http://support.microsoft.com/kb/912945

- Microsoft Knowledge Base Article 917425:
http://support.microsoft.com/kb/917425

- Information for Developers about Internet Explorer:
http://msdn.microsoft.com/ieupdate

. One Microsoft Security Bulletin affecting Microsoft Exchange. The
highest Maximum Severity rating for this is Important. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.

Note that this update will include the functionality change discussed
in Microsoft Knowledge Base Article 912918. Administrators are urged
to review this Knowledge Base article prior to release and take steps
appropriate for their environment.

. Two Microsoft Security Bulletins affecting Microsoft Office. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Continue reading "Microsoft Security Bulletin Advanced Notification" »

Posted by Wiz at 4:11 PM | Permalink

back to top ^

Final customer notification about the end of Windows 98, Windows 98
Second Edition, and Windows Millennium Edition Extended Support

Support for Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition (Me) ends on July 11, 2006. Microsoft will end
public and technical support by this date. This also includes security
updates. Microsoft is providing final notifications to customers to
end the extended security update support for these products.

Microsoft is ending support for these products because they are
outdated and these older operating systems can expose customers to
security risks. We recommend that customers who are still running
Windows 98 or Windows Me upgrade to a newer, more secure Microsoft
operating system, such as Windows XP, as soon as possible.

Continue reading "End of Support: Windows 98, 98SE and ME" »

Posted by Wiz at 5:19 PM | Permalink

back to top ^

Source:
Microsoft Security Bulletin MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

You've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.

Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action.

When released, what changes will the revised security update include?
The revised security update will contain no changes to the binaries included in the initial security update. The revised security update will place the following entries in the allow list as indicated in Microsoft Knowledgebase Article 918165.

HP Share-to-Web
• {A4DF5659-0801-4A60-96071C48695EFDA9}

NVIDIA Graphics Driver
• {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
• {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
• {1CDB2949-8F65-4355-8456-263E7C208A5D}

How do I deploy this revised update?
For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled The re-release will not be distributed to non-affected computers.

Microsoft Baseline Security Analyzer (MBSA) 2.0 will also determine if one of the identified third-party COM controls has been installed and will offer the revised security update.

For Microsoft Baseline Security Analyzer (MBSA) 1.2.1, the detection logic has been updated to offer the revised package only to machines that do not have the initial security update installed. MBSA 1.2.1 cannot be used to determine if the identified third-party COM controls have been installed. In this situation, we recommend either a manual or Group Policy install of the revised security update.

What are the known issues that customers may experience when they install this security update?
Microsoft Knowledge Base Article 918165 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918165.

Posted by Wiz at 11:22 AM | Permalink

back to top ^

On April 11, 2006, Microsoft released a critical patch, MS06-015 (KB908531), to plug a vulnerability in how COM objects interact with the Windows Explorer Desktop. It was called a Desktop drag and drop vulnerability. Fine, it was exploitable and was patched. Well, not so fast!

I am the moderator of a computers forum and a lot of members who applied that patch as part of the April 11 Windows Updates are reporting all kinds of system instability and freeze-ups. It turns out that they aren't the only ones having trouble because of the COM patch. Forums all over the World are talking about problems people are experiencing after applying this patch, and various solutions have been put forth by individuals and by Microsoft.

Many people first became aware of the effects of the patch when their desktop applications began hanging, and when they used Task Manager to see what processes were running they all found a file named VERCLSID.EXE was running as a process, not an application. Terminating that process restores normal Windows Desktop operation. Verclsid.exe is part of the MS06-015 patch.

You can read about just some of the applications that are having problems because of this patch, in Microsoft Knowledgebase Article 918165. The list of affected products is growing all the time.

Some people have decided to rename or delete the file that is causing the problems - verclsid.exe, which is located in your %Windir\System32 directory. Others have uninstalled the Update via Control Panel > Add/Remove Programs. The Microsoft artlcle linked to above even suggests some solutions for certain 3rd party products.

If your computer is now suffering unexplainable hangs they might be due to bad interactions with this patch. You can rename the verclsid.exe file, uninstall the patch, or look for spyware on your computer. Why did I say that, you ask? Read my extended comments to find out what I learned last weekend...

Continue reading "Latest Microsoft Patch needs Patching" »

Posted by Wiz at 4:38 PM | Permalink

back to top ^

Notice to all Windows users, Microsoft has released critical patches today for all supported versions of the Windows OS. At least 6 patches and hotfixes apply to Windows XP and 2000, and all of them require a hard reboot to completely install. If you run as an Administrator and have turned on Automatic Windows Updates, check the golden shield in your Systray to see if it contains an exclamation mark down the middle. If so you have downloaded the patches but need to reboot as soon as possible to install them.

If you downloaded and installed the eEye temporary patch for the CreateTextRange vulnerability, you should uninstall it (the patch will prompt you to uninstall it).

You must be running an Administrator level account to remove the patch or obtain any Windows Updates. If you run as a limited or power user you will have to either switch users to an Admin account, or log off, and log onto an Administrator level account to do these updates, then reboot into the same account, then log off and onto your daily browsing account.

Continue reading "Windows Updates Today - 4/11/06" »

Posted by Wiz at 2:20 PM | Permalink

back to top ^