A Windows-patching December to remember

Susan Bradley

Despite how it might seem at times, flawed security updates are relatively rare. When there is a problem, Microsoft typically releases an update for the update.

For example, this past December there was a bug in the patch Microsoft released to fix a font vulnerability. In this special New Year’s edition of Patch Watch, I review three problem updates released in December.

MS12-078 (2753842)

Some side effects from fixing vulnerable fonts

For every Patch Watch edition, I install offered updates on my systemsand look for any problems the patches might cause. However, if a patch works on my PCs, there is no guarantee it’ll be problem-free on every PC — there’s a huge variety of PC configurations. The patches in MS12-078, for example, were intended to fix a vulnerability in TrueType and OpenType font files. Unfortunately, installing KB 2753842 had the unforeseen side effect of making fonts disappear in a few major applications such as PowerPoint, CorelDRAW, and other apps commonly used in the printing industry.

A Dec. 14, 2012, Graphics Unleashed blog post gives more details on the problem. Windows Secrets Lounge member Doug.S was also quick to note a discussion of the problem in a CorelDRAW forum

- What to do: Microsoft rereleased KB 2753842 on Dec. 20, 2012. Install the new version — and if you are still having issues with this update, please post that information in the related Windows Secrets Lounge thread. I’ll do some more investigation.


Root certificates causing headaches for admins

Microsoft’s Windows root-certificate updating process is confusing and often makes me nervous. Too often, we must trust that a root-cert update won’t have long-term consequences to our systems and networks. KB 931125, the December 2012 root-cert update for Windows XP, is a recent example of some unintended consequences — especially for server admins using Network Policy Server (NPS) to protect their systems.

NPS is a technology that lets admins set minimum standards for PCs that connect to a network. These standards can include installed patch levels, browsers, antivirus software, and more. You’ll find NPS typically deployed on larger networks.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2013-01-03:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.