| By Susan Bradley |
Those of us in a holiday state of mind are lucky to have a light patching week.
If you’re feeling especially thankful — or you need a break from watching endless football — donate a little time to ensuring PCs of friends and family are up to date.
Root certificates get another revocation
On Nov. 10, we had an out-of-cycle update that revoked Digisign Server ID (Enrich) root certificates issued by Entrust.NET Certification Authority and GTE CyberTrust Global Root. The update placed these certificates in the revoked certificate store on all supported Windows operating systems.
Subscribe to our Windows Secrets Newsletter - It's Free!
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!
Six days later, Microsoft rereleased KB 2641690 (via its Windows Software Update Server) to fix deployment problems on Windows XP x64 and Windows Server 2003 systems.
We’ll likely see many more of these updates — removing and blocking certificates from our systems — in the future.
► What to do: If you haven’t already installed KB 2641690, do so now.
Adjusting root certificates for Windows XP
Ironically, the only official update released this week adds more root certificates to Windows XP machines.
As I’ve mentioned before, Vista and Windows 7 add certificates automatically via Windows Update; Windows XP, however, does not. Based on KB 2641690′s history (discussed above), it’s clear that updating root certificates is not always a good thing.
► What to do: Hold off installing KB 931125 on Windows XP systems until it’s proven safe.
2553181, 2553310, 2553455, 2553290
MS Office patches include SkyDrive updates
Earlier this month, Microsoft released several nonsecurity Office updates alongside the usual round of security patches. In my Nov. 10 Patch Watch column, I recommended you not install them until I could determine what they were for and what they might adversely affect.
It turns out these updates improve data synching between SkyDrive and OneNote — Microsoft’s excellent free-form, note-taking application that runs on PCs and mobile devices such as the iPhone.
► What to do: If you use OneNote and SkyDrive, go ahead and install KBs 2553181, 2553310, 2553455, and 2553290; otherwise, skip these updates.
A few holiday patching season tips
It’s that time of the year when many Windows Secrets readers are visiting friends and family, including those wacky distant relatives. And some of those folks will undoubtedly take the opportunity to request a bit of free, personal IT support. It usually starts with a seemingly innocent question: “While we’re waiting for dinner, could you just take a quick look at my computer?”
Of course you can’t say no. And since you’re a Patch Watch reader, one of the first steps you’ll likely take is to review their Windows updates. In which case, here’s my advice:
I’m sticking to my stance on installing .NET Framework 4 — don’t — unless you’re running an application that needs it. There are currently few personal apps that do (Intuit’s Quicken, for example), but the number is slowly growing. (.NET 3 is installed by default with Vista, but in Win7 .NET 4 is typically installed by the application that needs it.)
Say no also to Office 2010 SP1 — at least until December. At that time, Microsoft should release a hotfix for an annoying problem: when you reply to an e-mail, the recipient’s address is converted to an improper format and your sent mail bounces back. Discussed in a Microsoft Exchange Server forum, the flaw showed up first in Outlook 2007, then appeared in Outlook 2010 after users installed Service Pack 1.
► What to do: If you’re pressed into an unexpected computer-troubleshooter situation, keep it simple — and make sure you’re well fortified with proper food and drink!
Regularly updated problem-patch chart
This table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.
| Patch || Released || Description || Status|
| 2487367 || 08-09 || August .NET updates; see MS11-066 for complete patch list || Skip|
| 2533523 || 08-09 || .NET 4 Reliability Update 1 || Skip|
| 2539631 || 08-09 || August .NET updates; see MS11-069 for complete patch list || Skip|
| 2553065 || 09-13 || Office File Validation update || Skip|
| 931125 || 10-25 || Root-certificate update for XP || Skip|
| 2639658 || 11-03 || Microsoft Fix it for zero-day Word attacks || Skip|
| 2510690 || 06-28 || Office 2010 SP1 — will revisit in December when needed hotfix is released || Wait|
| 2528583 || 07-12 || Cumulative update for SQL Server 2008 R2 || Wait|
| 2526086 || 10-25 || Office 2007 SP3 || Wait|
| 2603229 || 10-25 || Registry fix for 32-bit apps on 64-bit PCs || Wait|
| 931125 || 11-22 || Root certificate update for XP || Wait|
| 2607576 || 10-25 || Jump-list fix || Optional|
| 2544893 || 11-08 || Re-release of MS11-037 update for XP systems || Install|
| 2553181 || 11-08 || Nonsecurity Office 2010 updates — including KB 2553181, KB 2553310, KB 2553455, KB 2553290, and KB 2553323 || Install|
| 2588516 || 11-08 || TCP/IP update attacking closed UDP ports — Vista/Win7 only || Install|
| 2617657 || 11-08 || TrueType fonts denial-of-service threat || Install|
| 2620704 || 11-08 || Windows Mail/Meeting Space DLL-preloading threat — Vista/Win7 only || Install|
| 2641690 || 11-18 || Root-certificate revocation update || Install|
Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.
| Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.|
The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.