Microsoft calls IE 8 an important security patch

Susan bradley By Susan Bradley

You may already have been offered version 8 of Microsoft’s Internet Explorer browser via Windows’ built-in Automatic Updates routine, but you should be aware that some Web sites don’t work with the new release.

In my testing, IE 8′s security and compatibility settings cause problems with some sites in my testing, and XP users must first uninstall SP3 in order to remove the latest build of IE.

IE 8 is prechecked in XP and Vista updates

If you use XP, you’ll see Internet Explorer 8 listed as a “high-priority update” in Windows’ Automatic Update tool. (See Figure 1.) In Vista, IE 8 is included among the updates rated “Important” by Microsoft. The Redmond company is implying that IE 8 is a security patch, not just a revised version of its Web browser.

Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

Windows 8.1: Out of the box

Subscribe and get our monthly bonuses - free!

Get a real feel for Windows 8.1 with a wealth of tips in this step-by-step guide. This month, Windows Secrets subscribers can download the first 2 chapters for free: Using Windows 8.1 and Using Email and the Internet. Get this excerpt and other 5 bonuses if you subscribe now!



Surprisingly, if you’ve configured Automatic Update to “download but do not install,” as I recommend, or if you use Windows Update to scan manually for patches, you’ll notice that IE 8 is prechecked to download automatically. Yikes!

The Microsoft Update blog states that IE 8 won’t install automatically. On one of my test machines, I turned off Automatic Updates and left the machine running for several days to see whether IE 8 would be installed automatically. It never happened. This will be good news to users who wish to control the changes made to their PCs.

Windows' automatic updates offers ie 8
Figure 1. Windows XP’s Automatic Updates function categorizes IE 8 as a “high-priority update.”

In my tests of Internet Explorer 8, I found that a few Web sites choked on the browser’s new security and compatibility settings. For example, while I was traveling, one airline’s boarding-pass application wouldn’t print properly. Some folks also report that third-party firewalls are causing IE 8 slowdowns.

Microsoft periodically sends out automated updates to its so-called IE 8 Compatibility View List. By tracking which sites IE 8 users choose to open in Compatibility View, Microsoft adds sites that break in IE 8 to this list. The process is described in Knowledge Base article 969497.

Sites on the latest list downloaded by IE 8 will open in the browser’s Compatibility View automatically. But you can also choose this setting manually when you encounter a site that doesn’t work well in IE 8. To do so, select Compatibility View Settings on the Tools menu, enter the site’s URL, click Add, choose Close, and reload the page.

If you encounter sites that conflict with IE 8, you can also run the Fix it routine described in KB article 957700 to roll back to IE 7.

Service Pack 2 for Vista, Server 2008 on tap

While the tech world has been enthralled with Windows 7 recently, Vista has been quietly winning new converts. On April 28, Service Pack 2 for Vista and Windows Server 2008 was released to manufacturing. This service pack will soon be available via Windows Update and Windows Software Update Services (WSUS), as was announced last week on the Microsoft Update blog.

A few prerequisites must be installed before applying the service pack, as described in KB article 955430. However, you presumably already installed these patches on your systems in late April.

My tests revealed no problems installing or running the service pack on Vista, Windows Server 2008, and Small Business Server 2008. However, some programs (described in KB article 969707) won’t run after you install the service pack. These include WebRoot’s Spy Sweeper, Eusing’s Free Registry Cleaner, and Microsoft’s own Application Virtualization program.

905474
Follow-up on steps to avoid WGA Notifications

After seeing my May 21 Top Story on updating Windows without WGA, several readers told me about other ways to avoid WGA if you accidentally start to download the notification patch. (The WGA Notifications app is described in KB article 905474.)

If you accidentally started the installation of WGA Notifications, you can avoid completing it by clicking Next and then “I Do Not Agree” when asked whether you accept the EULA. Finally, click Cancel, which terminates the installation of the program and prevents the update from being installed. (See Figure 2.)

Decline wga notifications installation
Figure 2. Select “I Do Not Agree” to avoid installing WGA Notifications if you started the process accidentally.

That doesn’t mean that the WGA update won’t be back, however. Be prepared to avoid it all over again the next time you see it listed among the Windows patches.

Keep in mind that Windows activation is not the same as WGA validation. There still may be times when your system needs to be reactivated, such as when you make significant hardware changes. In my case, a new hard drive caused Vista to request a reactivation.

Vista SP2 reportedly improves the accuracy of the reactivation process, as documented in KB article 971656. For example, under previous versions of Windows, if you docked a laptop and recently updated a storage driver, you might have triggered reactivation. The new service pack deletes “removable hardware” from its out-of-tolerance algorithm.

The reactivation procedure looks for changes in such items as the motherboard, hard drive, video card, and others. If enough of these items change, the system will need to be reactivated. Normally, a phone call to Microsoft and an explanation of what happened is all that’s required to receive a new activation key.

See this week’s Known Issues column for more on WGA workarounds.

Create a do-it-yourself Windows update CD

Several readers asked for a way to slipstream XP Service Pack 3 into their installation media or for an easier way to fully patch a rebuilt system.

The most obvious method is to build your own SP3 slipstream media. The Lifehacker site offers a good how-to page that describes the process step by step.

An alternative is to create a patch CD. There are several options for doing this, one of which is presented on the PatchMate site. The Windows Updates Downloader site and AutoPatcher — a resource that many Windows Secrets readers have suggested — provide alternative approaches to the same end.

Any of these sites will help you do what Microsoft is failing to do: give us a way to update our Windows installation media so we can legally and easily reinstall our operating systems on the same hardware when the machines become sluggish or need a refresh.

Keep these Windows fixes on the shelf for now

I’m frequently asked which Windows patches I think you should pass on. The following is my current list of XP patches to which I continue to say, “No, thanks.” Most of these patches are listed in the Optional section of Windows Update:

  • 926139 offers up PowerShell but is not needed for standalone, nonbusiness workstations (unless, of course, you’re actually learning to write scripts in PowerShell). Since the vast majority of PC users don’t even know what PowerShell is — a new command language for administrators — they can skip this update.

  • 940157 adds Windows Search 4 to XP machines. Install this update only on high-performance systems. If you have a low-powered XP PC, Windows Search 4 may cause it to drag a bit.

  • 909520 is an update for smart cards. Since most home PCs don’t use smart cards, this is another skip-it patch.

  • 943729 adds Group Policy preferences to XP. In its defense, let me say that I consider this update to be mandatory on my Small Business Server network. The patch gives me new ways to map drives, add printers, and perform all sorts of magical controls on the server from my office workstations. However, I absolutely don’t install this update on home systems, which have no need for Group Policy settings. Home PC users can pass on this patch.

By contrast, 931125 is one patch that some home users actually may want to install. It updates Windows’ list of the Secure Sockets Layer (SSL) root certificates used on many e-commerce sites. I recommend that online shoppers install this update because it helps you remain secure when making purchases on various sites.

963032
Home Server screen resolution gets an update

I recently saw an early warning for the Windows Home Server patch that’s described in KB article 963032. But the document said only that a patch to fix a high-priority, nonsecurity problem would come out on Tuesday, May 26. I thought the update might address a backup problem or some other serious issue.

When I finally received the update, I realized that it merely addresses a display problem that causes the character-mode console to display incorrectly on computers with screen resolutions lower than 1024 by 768. That’s not exactly a high-priority, life-or-death situation to me.

I suppose this might be a big deal for you if your home network consists entirely of netbooks. But it strikes me as odd that such a large patch would be released for what seems to be a trivial matter for most users.

971620
Microsoft Office Server’s service-pack oopsie

Regular readers of this column know that I advocate waiting a few weeks or months before applying service packs. Recent problems with SharePoint Server 2007, Project Server 2007, Form Server 2007, Search Server 2008, and Search Server 2008 Express showcase why it rarely pays to be among the first “service-pack guinea pigs.”

In the SharePoint blog, Microsoft corporate vice president Jeff Teper apologizes for a big blunder. If you applied 2007 Office Server Service Pack 2, the Office Server programs were downgraded to trial versions. (Note: Microsoft says this error doesn’t affect Windows SharePoint Services 3.0.)

A hotfix will be released for the Office Server glitch. Alternatively, re-entering the product key resolves the issue, as described in KB article 971620.

Always remember: You’ll rarely need to rush to install a service pack, which is often a rollup of previously released updates.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
= Paid content

All Windows Secrets articles posted on 2009-05-28:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.