Everyone gets a small holiday — from patching

Susan bradley By Susan Bradley

Those of us in a holiday state of mind are lucky to have a light patching week.

If you’re feeling especially thankful — or you need a break from watching endless football — donate a little time to ensuring PCs of friends and family are up to date.

2641690
Root certificates get another revocation

On Nov. 10, we had an out-of-cycle update that revoked Digisign Server ID (Enrich) root certificates issued by Entrust.NET Certification Authority and GTE CyberTrust Global Root. The update placed these certificates in the revoked certificate store on all supported Windows operating systems.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



Six days later, Microsoft rereleased KB 2641690 (via its Windows Software Update Server) to fix deployment problems on Windows XP x64 and Windows Server 2003 systems.

We’ll likely see many more of these updates — removing and blocking certificates from our systems — in the future.

What to do: If you haven’t already installed KB 2641690, do so now.

931125
Adjusting root certificates for Windows XP

Ironically, the only official update released this week adds more root certificates to Windows XP machines.

As I’ve mentioned before, Vista and Windows 7 add certificates automatically via Windows Update; Windows XP, however, does not. Based on KB 2641690’s history (discussed above), it’s clear that updating root certificates is not always a good thing.

What to do: Hold off installing KB 931125 on Windows XP systems until it’s proven safe.

2553181, 2553310, 2553455, 2553290
MS Office patches include SkyDrive updates

Earlier this month, Microsoft released several nonsecurity Office updates alongside the usual round of security patches. In my Nov. 10 Patch Watch column, I recommended you not install them until I could determine what they were for and what they might adversely affect.

It turns out these updates improve data synching between SkyDrive and OneNote — Microsoft’s excellent free-form, note-taking application that runs on PCs and mobile devices such as the iPhone.

What to do: If you use OneNote and SkyDrive, go ahead and install KBs 2553181, 2553310, 2553455, and 2553290; otherwise, skip these updates.


A few holiday patching season tips

It’s that time of the year when many Windows Secrets readers are visiting friends and family, including those wacky distant relatives. And some of those folks will undoubtedly take the opportunity to request a bit of free, personal IT support. It usually starts with a seemingly innocent question: “While we’re waiting for dinner, could you just take a quick look at my computer?”

Of course you can’t say no. And since you’re a Patch Watch reader, one of the first steps you’ll likely take is to review their Windows updates. In which case, here’s my advice:

I’m sticking to my stance on installing .NET Framework 4 — don’t — unless you’re running an application that needs it. There are currently few personal apps that do (Intuit’s Quicken, for example), but the number is slowly growing. (.NET 3 is installed by default with Vista, but in Win7 .NET 4 is typically installed by the application that needs it.)

Say no also to Office 2010 SP1 — at least until December. At that time, Microsoft should release a hotfix for an annoying problem: when you reply to an e-mail, the recipient’s address is converted to an improper format and your sent mail bounces back. Discussed in a Microsoft Exchange Server forum, the flaw showed up first in Outlook 2007, then appeared in Outlook 2010 after users installed Service Pack 1.

What to do: If you’re pressed into an unexpected computer-troubleshooter situation, keep it simple — and make sure you’re well fortified with proper food and drink!

Regularly updated problem-patch chart

This table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Patch
Released
Description
Status
2487367
08-09
August .NET updates; see MS11-066 for complete patch list
Skip
2533523
08-09
.NET 4 Reliability Update 1
Skip
2539631
08-09
August .NET updates; see MS11-069 for complete patch list
Skip
2553065
09-13
Office File Validation update
Skip
931125
10-25
Root-certificate update for XP
Skip
2639658
11-03
Microsoft Fix it for zero-day Word attacks
Skip
2510690
06-28
Office 2010 SP1 — will revisit in December when needed hotfix is released
Wait
2528583
07-12
Cumulative update for SQL Server 2008 R2
Wait
2526086
10-25
Office 2007 SP3
Wait
2603229
10-25
Registry fix for 32-bit apps on 64-bit PCs
Wait
931125
11-22
Root certificate update for XP
Wait
2607576
10-25
Jump-list fix
Optional
2544893
11-08
Re-release of MS11-037 update for XP systems
Install
2553181
11-08
Nonsecurity Office 2010 updates — including KB 2553181, KB 2553310, KB 2553455, KB 2553290, and KB 2553323
Install
2588516
11-08
TCP/IP update attacking closed UDP ports — Vista/Win7 only
Install
2617657
11-08
TrueType fonts denial-of-service threat
Install
2620704
11-08
Windows Mail/Meeting Space DLL-preloading threat — Vista/Win7 only
Install
2641690
11-18
Root-certificate revocation update
Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
= Paid content

All Windows Secrets articles posted on 2011-11-23:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.