Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    A slew of Valentine's Day security updates




    PATCH WATCH


    A slew of Valentine Day security updates


    By Susan Bradley

    Aside from a brief hiccup with a Silverlight patch, our February Patch Tuesday settles down with the usual suspects: Internet Explorer, DLL preloading, and .NET.

    If you failed to buy your loved one a present on Valentine's Day, perhaps you can convince them that updating Windows took priority. Okay — even I, a confirmed geek, know that won't fly.

    The full text of this column is posted at windowssecrets.com/patch-watch/a-slew-of-valentines-day-security-updates/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2012-02-15 at 19:40.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Susan Bradley wrote:

    "If the workaround for our next update sounds a bit familiar, it’s because we’ve been telling people for years not to view e-mails in the preview pane."


    Have we? Not during this decade or the last, I don't think:

    Outlook's attachment blocking features, added to Outlook beginning with an Outlook 2000 post-SP1 patch released in June 2000, means the preview pane in the later versions is very safe. Coupled with Internet Explorer's iFrame vulnerability patch released in 2001, Outlook's preview is very secure. How Safe is the Preview pane?

    Preview pane security is much improved in Outlook 2000, especially with the attachment security and iFrame patches installed. Outlook 2000 doesn't run active content in the native preview pane, meaning it's at least as safe to read messages in preview as it is to open them. Preview Pane security by version

    And this just patched vulnerability MS12-008 still required a link to be clicked in an email before any exploit, so no particular danger from the preview pane even before the patch.

    Bruce
    Last edited by BruceR; 2012-11-18 at 19:31. Reason: Restoring links to what was posted originally!

  3. #3
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Suffolk, UK
    Posts
    122
    Thanks
    54
    Thanked 2 Times in 2 Posts
    Susan, you tell us to ensure that we have the latest version of Google Chrome 17.0.963.46 but mine is 17.0.963.56 so I think you made a typo.

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by sylviesinc View Post
    Susan, you tell us to ensure that we have the latest version of Google Chrome 17.0.963.46 but mine is 17.0.963.56 so I think you made a typo.
    Google releases new versions of Chrome quicker than anyone can type the numbers!

    17.0.963.56 was Wednesday's update, JUST before the last Windows Secrets newsletter was published:

    Google Chrome update fixes high-severity vulnerabilities and patches Flash Player
    Google Chrome 17.0.963.56 fixes 12 security flaws and updates the bundled Flash Player plug-in to a new version


    Bruce

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Mobile, Alabama
    Posts
    13
    Thanks
    30
    Thanked 7 Times in 4 Posts
    Following Susan Bradley's suggestions, I have held off installing .NET updates. Now, I am uncertain how to proceed. I now have nine .NET updates listed on my Windows Update panel, but Susan suggests skipping only two of the nine. I may have missed her suggestion to install the others. I am running Windows Vista Home Premium SP2. What do I do with the following:

    2487367 2011-08-09 Skip suggested
    2533523 2011-09-13 Skip suggested

    2468871 2011-09-13
    2656351 2011-12-29
    2656353 2011-12-29
    2656362 2011-12-29
    2657424 2011-12-29
    2633870 2012-02-14
    2633874 2012-02-14

    Thanks for any input. Neil

  6. #6
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    It is often difficult to figure out when an update drops off the Patch Watch chart what its status is. In addition to Patch Watch, I also follow Ask Woody's MS-Defcon recommendations and when he gives the go ahead to install everything prior to a new batch coming out, I do so, including the .net updates and so far he has not steered me wrong. Last week prior to the 2/14 updates, he said this
    MS-DEFCON 2: Lock Windows down
    so I made sure everything was installed prior to the 2/14 updates. No problems [yet].

  7. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by sylviesinc View Post
    Susan, you tell us to ensure that we have the latest version of Google Chrome 17.0.963.46 but mine is 17.0.963.56 so I think you made a typo.
    Nope. There was a rapid release of a bug-fix. Specifically, a Flash-Player vulnerability. It's hard to keep up with all the Chrome and Firefox changes lately. Same is true of Flash Player updates. They come along so frequently that I have resorted to using the Secunia PSI Automatic Updates for Flash Player. I don't let Firefox silently auto-update because of extensions issues. Chrome silent updates only cause me issues in one Guest Account, so I reinstall Chrome in that Account whenever there's been an update elsewhere on the computer.
    Last edited by bobprimak; 2012-02-19 at 05:41.
    -- Bob Primak --

  8. #8
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by midnight View Post
    It is often difficult to figure out when an update drops off the Patch Watch chart what its status is. In addition to Patch Watch, I also follow Ask Woody's MS-Defcon recommendations and when he gives the go ahead to install everything prior to a new batch coming out, I do so, including the .net updates and so far he has not steered me wrong. Last week prior to the 2/14 updates, he said this
    MS-DEFCON 2: Lock Windows down
    so I made sure everything was installed prior to the 2/14 updates. No problems [yet].
    Woody's MS-DEFCON levels are aimed at ordinary home users. Susan's recommendations are aimed more at small business network administrators. Hence the different patching recommendations.
    -- Bob Primak --

  9. #9
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    That validates what I said in another topic.

  10. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by midnight View Post
    That validates what I said in another topic.
    It's an important distinction here in The Lounge. It bears repeating in threads once in awhile, I think.
    -- Bob Primak --

  11. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by bobprimak View Post
    Woody's MS-DEFCON levels are aimed at ordinary home users. Susan's recommendations are aimed more at small business network administrators. Hence the different patching recommendations.
    Has Susan Bradley ever made it obvious that her recommendations are only intended for small business network administrators, or is that just your interpretation?

    There's no indication at the top of her Patch Watch columns that she's only addressing a small subset of the readership. Perhaps there should be?

    Bruce

  12. #12
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    Don't know the answer to your question, Bruce, but that is what Woody told me in response to my question of why they differed on some updates.

  13. #13
    New Lounger
    Join Date
    Feb 2012
    Posts
    3
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Some requests from Susan Bradley

    Susan,

    First of all, I very much enjoy the Patch Watch column.

    I used to maintain a list for myself regarding MS patches - date they were issued and known problems, but since I find it hard to find the time to update it monthly, I have begun to mostly rely on your chart instead.

    I copy the chart into Excel and sort it by patch number, for easy reference. I hold off on installing patches that you recommend waiting on or skipping, and I also let 2 months pass before I install certain patches to make sure that there are no problems discovered.

    Therefore, I would like to request that you include the full date in this format mm-dd-yyyy, to make it easier to copy into Excel.

    Thanks,
    -Michael

  14. #14
    New Lounger
    Join Date
    Oct 2010
    Location
    South Australia
    Posts
    1
    Thanks
    0
    Thanked 1 Time in 1 Post
    or even better, in yyyy-mm-dd format so it works under all regional settings options!

  15. The Following User Says Thank You to DrasticAction For This Useful Post:

    Mlerner (2012-02-22)

  16. #15
    New Lounger
    Join Date
    Feb 2012
    Posts
    3
    Thanks
    3
    Thanked 0 Times in 0 Posts

    I agree - yyyy-mm-dd is best.

    I agree - yyyy-mm-dd is best.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •