Results 1 to 14 of 14
  1. #1
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts

    What does Patch Watch cover and not cover?

    For several days now, I've been told that three "Important" updates are available for me to install on my Windows 7 64-bit desktop computer. I went to my spreadsheet of PatchWatch info, and found none of them listed. One was a Silverlight update from 5/22/2012. Perhaps that's too recent for the May 23 issue, but the other two updates are much older. One is KB2538243, which carries a 1/24/2012 date. The other is KB973685, which according to the Updates description carries a 7/12/2011 date, which is before I started to make my spreadsheet. I did searches on the Windows Secrets site for all three updates. Two searches came up completely empty, while the third, for KB973685, returned a hit from a PatchWatch column dated Dec. 10, 2009, a year and a half BEFORE the date given by Windows Updates! Ultimately this hit failed to give me any useful information.

    I'm confused. I had thought that Patch Watch covered all Critical and Important updates, but that seems not to be the case. I might add that this is not the first time that I've received Important or Critical Windows updates for which I could find no mention on Windows Secrets. How am I supposed to know what to do about such updates? Are there other reliable places where people turn for information? What determines whether an update is covered on Patch Watch?

    I'd be most grateful for any information people care to share. Thanks in advance.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    I don't think it's ever been clearly defined, and I doubt whether it ever will be, which makes the whole concept totally useless as far as I'm concerned.

    Bruce

  3. #3
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Thanks, Bruce, for your response. Though I don't think I'd agree that the whole concept is "totally useless," it may be a lot less useful than I'd hoped, and probably a lot less useful than it was intended to be.

    I might add that I'm puzzled as to why a question about the Patch Watch column was moved from the Windows Secrets Columns section to one about Windows 7. This makes very little sense to me.

  4. #4
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    Download Secunia's free Personal Software Inspector which checks for missing patches and updates your system automatically.

  5. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I prefer the manual scans and upgrades from Update Checker at FileHippo.com. I do not like updates taking place automatically. I want to choose what to upgrade and what to leave alone.

    I did use Secunia for quite some time but dropped them when they switched from manual scans to auto scans. Plus I found that FileHippo seemed to find more with less effort and less time involved.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. #6
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    I thinks it's useful in so much as giving the user a heads up with potentially troublesome updates that others have experienced, especially
    computer knowledgable folks.
    I don't think there is much harm in waiting a week or two before downloading and installing such updates if any information is forthcoming.
    Updates are usually quite large and their reconciliation into the os should be planned for, after all, they are major updates into the os code.

    The trouble with Susan Bradley's column is probably more to do with her success, people tend to rely on it too much, then generate so much [false] expectation. [imo]

    I moved the thread out of the Windows Secrets Columns area because we like to keep the Windows Secrets Columns confined to just the writers.
    If you want to express a concern or voice an opinion, I suggest you post in the appropriate writer's thread. Susan Bradley does and has been known to
    reply there. I probably should have moved this thread to the General Windows section or merged it into one of Susan's columns, my mistake.

    Windows Update is a useful and refined service, one does not need to have it download and install anything. Merely
    configuring it to advise the user that a update is available for download is sufficient. This would give one the time needed to plan and research whatever is on offer.
    Last edited by CLiNT; 2012-05-28 at 14:39.

  7. #7
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Thanks Xircal, Ted, and Clint, for your responses. However, I am NOT concerned with whether I have missed an update. What I'm concerned about is whether the updates that I am offered are worthwhile or likely to cause problems. Like many people, I have depended on Susan Bradley's Patch Watch to advise me about when/whether to install an update and when to wait or forget about it. I had been under the impression that she covers all Critical and Important updates, but I keep coming upon updates for which I can find no information in her column. This is true both for updates designed for Windows 98 and for updates designed for Windows 7. When that happens, I'm not sure how to proceed. Occasionally I google the KB number and find some negative feedback, so then I don't install it. But sometimes I can't find much information except the announcements from Microsoft, and they don't tell me whether the update has proved reliable or problematic. So I sent my message to the Windows Secrets Lounge to get answers to the following questions:

    1) Does Patch Watch cover all Important or Critical updates or not?
    2) If it does not, where do people turn for advice about how to proceed with the updates offered?
    3) Does anyone have any information about any of the three updates I was offered this week, none of which seems to have been covered by Patch Watch?

    Clint, I had no idea that the Windows Secrets Columns section is reserved for the writers. I strongly suggest that you change the description, which currently reads "Add info to our newsletter articles," which I took to be an invitation to the Lounge readers to contribute additional information or commentary about the articles that had appeared in the newsletter. When you suggest that I post in Susan Bradley's thread, where is that thread?

    I'd still welcome suggestions about alternatives to Patch Watch for advice about Windows Updates, and also any information anyone may have about the specific updates I mentioned in my initial message in this thread.
    Last edited by cyberdiva; 2012-05-28 at 21:56.

  8. #8
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    Quote Originally Posted by cyberdiva View Post
    I'd still welcome suggestions about alternatives to Patch Watch for advice about Windows Updates, and also any information anyone may have about the specific updates I mentioned in my initial message in this thread.
    Critical updates aren't named that way for fun and should be installed forthwith to protect your system from exploits. As for causing problems, Windows creates a System Restore point automatically before installing an update so that in the event of a crash, you can use System Restore to wind back the clock to that point in time.

    But any patch with a CVE identifier should be installed without question. Not installing it opens your system to the exploits the update was designed to address.

    Add this site to your bookmarks so that you can check which patches meet the CVE criteria: https://isc.sans.edu/tag.html?tag=black tuesday
    Click a link to see an overview of the patches and then if you want to research them for yourself, click the CVE links for each of the critical updates to see what they'll do.

    For example, clicking CVE-2012-0168 in last month's Patch Tuesday takes you to this site: http://www.cve.mitre.org/cgi-bin/cve...=CVE-2012-0168 Click the link to "Learn more at the National Vulnerability Database" to see what that particular patch addresses.

    Hope this helps.

  9. The Following User Says Thank You to Xircal For This Useful Post:

    cyberdiva (2012-05-29)

  10. #9
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by Xircal View Post
    Critical updates aren't named that way for fun and should be installed forthwith to protect your system from exploits. As for causing problems, Windows creates a System Restore point automatically before installing an update so that in the event of a crash, you can use System Restore to wind back the clock to that point in time.

    But any patch with a CVE identifier should be installed without question. Not installing it opens your system to the exploits the update was designed to address.
    Thanks very much, Xircal, for this information. I had not heard of the CVE identifier, and I'm happy to know about it.

    I'm not sure, though, that I agree with your blanket acceptance of "critical" updates. I'm pretty sure that there have been some so-called critical updates that have caused substantial problems when people tried to install them, and apparently System Restore didn't always come to the rescue. That's one reason I've tended to trust Susan Bradley more than I've trusted Microsoft. I confess, though, that I'm starting to rethink my reliance on Susan Bradley, not because her advice isn't very useful but simply because she seems to have covered fewer Critical and Important updates than I had thought. I clicked on the most recent entry on the isc.sans.edu link you kindly provided, dated 5-08-2012. Of the six KB numbers listed there, only two of them are in my table, which suggests that the other four have not been covered by Susan Bradley.

    Again, many thanks.
    Last edited by cyberdiva; 2012-05-29 at 09:48.

  11. #10
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    Quote Originally Posted by cyberdiva View Post
    Thanks very much, Xircal, for this information. I had not heard of the CVE identifier, and I'm happy to know about it.

    I'm not sure, though, that I agree with your blanket acceptance of "critical" updates. I'm pretty sure that there have been some so-called critical updates that have caused substantial problems when people tried to install them, and apparently System Restore didn't always come to the rescue. That's one reason I've tended to trust Susan Bradley more than I've trusted Microsoft. I confess, though, that I'm starting to rethink my reliance on Susan Bradley, not because her advice isn't very useful but simply because she seems to have covered fewer Critical and Important updates than I had thought. I clicked on the most recent entry on the isc.sans.edu link you kindly provided, dated 5-08-2012. Of the six KB numbers listed there, only two of them are in my table, which suggests that the other four have not been covered by Susan Bradley.

    Again, many thanks.
    Just a quickie concerning the May edition of Microsoft's Patch Tuesday.

    For some unknown reason, three patches, one of which dates back to June 2011 were inadvertently recycled by Microsoft and reappeared both on the Windows Update site and via Automatic Updates if the user has that option enabled. The respective KB numbers are these:

    • KB2633880
    • KB2572073
    • KB2518864

    All three were replaced in the last round on May 8 with KB2683777 which updates the respective files to a higher version number.

    This caused confusion for many users because the older versions cannot be reinstalled since Windows File Protection prevents newer files from being overwritten by older versions. Consequently, some versions of Windows got caught in a download loop when the patches which had supposedly been installed already reappeared once more. Microsoft seems to have taken action now to remove them, but hasn't explained why they reappeared yet.

    Up to you how you treat critical updates of course, but unless you know what you're doing and can deal with an infection which a patch was released to address, you could find yourself with a compromised system. Worse still, you might not be aware of it even.

    If you are going to be discerning about what you install and what you don't, I'd suggest spending an hour or two a day reading security sites like Heisse Security so that you're more aware of what threats are lurking out there. Here's their analysis of the last Patch Tuesday round: Microsoft Patch Tuesday more extensive than anticipated

  12. #11
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Thanks, Xircal, for the added information. I haven't seen any of those updates being offered to me, nor the one that replaced them.

    As for being selective about Windows updates, if I spent even an hour a day reading security sites, as you've suggested, I'd be spending immensely more time trying to prevent infection than I've spent dealing with infections the patches were designed to address. That's why I'd rather let Susan Bradley or others sift through all the information and help me decide which updates should be installed and which can or should be put on hold.

  13. #12
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    The problem with that philosphy is these people don't know what software you have installed on your machine.

    But to reiterate, security updates rated as critical means that not installing it potentially exposes your system to attack.

    It might be worth your while downloading Microsoft's Baseline Security Analyzer to check whether there are any outstanding security vulnerabilities on your machine in its current state: http://technet.microsoft.com/en-us/s.../cc184923.aspx

  14. #13
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Thanks, Xircal, for the suggestion. I might give it a try, though the software claims it's designed to help "small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance." I'm not sure my needs are the same as those of a business. But I might give it a try at some point. Of course, it's not that I have my computer unprotected. I do install most of the Critical and Important updates MS sends my way, and I do have anti-virus software, a software firewall and a firewall on the router, Malwarebytes Anti-Malware Pro, and WinPatrol Plus. I run scans moderately often. I'm moderately savvy about what I click on and what I download. Obviously, I don't feel that I'm invulnerable, but I do think that what I've been doing has been working for me. Knock on wood.

  15. #14
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,571
    Thanks
    5
    Thanked 1,056 Times in 925 Posts
    IMO, if you can't or don't want to take the time to investigate the patch information you should just install the updates and be done with them. For over a decade, I've installed updates regularly on dozens on PCs (both home & work) with the number of problems being counted on one hand. It is just not worth my time or effort to try to discern whether or not I need a particular patch. If WU or a couple of other Microsoft tools for small businesses recommends a patch I just install it.

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •