Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help w/ a few remaining MS security updates


  • Please log in to reply
15 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 17 August 2009 - 05:31 PM

Hi,

I did the majority of the MS Windows XP updates for the month, but the following three I didn't do yet because the first didn't have any info on it, and the other two weren't listed in the "main list" you see posted around the internet for "Update Tuesday".

High-priority updates
Microsoft Windows XP

Update for Windows XP (KB968389)
Typical download size: 798 KB , less than 1 minute
Install this update to help strengthen authentication credentials in specific scenarios. After you install this item, you may have to restart your computer.
Me: Did anybody here install this? Any reason to? When I read about it on the MS site, it sounded like it doesn't really do anything unless you go in and change some other settings in your system (and I wouldn't think most laymen like myself would mess with that, or even realize you need to do that). Or am I missing something? Or can this just be ignored?

Security Update for Windows XP (KB958470)
Download size: 1.3 MB , less than 1 minute
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Me: This has to do with Remote desktop client -- which I don't use and have turned off. Not sure why this came up for me (but wasn't part of the main Tuesday updates listed elsewhere). Skip this?

Security Update for Windows XP (KB960859)
Typical download size: 266 KB , less than 1 minute
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Me: This has something to do with Telnet -- and, again, it wasn't part of the main "Tuesday updates" list, so I'm not sure why it suddenly came up for me. The link here: http://support.microsoft.com/kb/960859 ...says:

This security update addresses reflection protection in the Telnet protocol.


and

This security update contains a defense in-depth fix to allow for the Telnet client and server to opt in to extended protection. By default, this functionality is disabled. Please review this security update and the following security advisory closely which describe Extended Protection in more detail to make sure that you know the affect of these changes:
973811 (http://support.microsoft.com/kb/973811/ ) Microsoft Security Advisory: Extended protection for authentication


...then goes on to some complex thing about enabling the extended protection, that I can't imagine the laymen would do or even know to look up. I'm guessing/hoping this isn't something I need to mess with and I can just ignore the update. Thoughts?

Thanks for the help! :thumbsup:

(Moderator edit: thread moved to more appropriate forum. jgw)

Edited by jgweed, 21 August 2009 - 08:44 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


#2 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 21 August 2009 - 08:04 AM

Any chance anyone could help me with this? Thanks again! :thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#3 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 11 September 2009 - 11:59 AM

Hi -- I'm still hoping someone can help me with my original post?

I also have some additions to this from this month's MS "critical" updates that came up for me:

Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
http://www.microsoft.com/technet/security/...n/MS09-047.mspx

Me: This is supposedly critical for everyone -- but you have to actually run a bad file for something bad to happen, right? Should I install this anyways? Are there any known issues with it?

Security Update for Windows XP (KB956844)
http://www.microsoft.com/technet/security/...n/MS09-046.mspx

Me: I have ActiveX disabled in IE and it doesn't exist in Firefox (right?), so is this actually needed? Should I install anyways? Are there any known issues with it?

Security Update for Jscript 5.8 for Windows XP (KB971961)
http://www.microsoft.com/technet/security/...n/MS09-045.mspx

Me: I saw posted on TechRepublic: This corrects a critical flaw in the JavaScript engine. The IE rendering engine is embedded in Mozilla/ Firefox; that probably includes the Windows JScript engine. The Firefox IE Tab extension allows you to use the embedded IE engine to display webpages as they would look if you were running IE happy. I would install this update, if only because I use the IE Tab add-on fairly often, but you might need this fix even if you don't use that extension.

I don't use that plugin in Firefox. Do I need this update? I am concerned because of this known issue:

http://support.microsoft.com/kb/971961
You may be unable to uninstall this security update in some scenarios. For example, this issue may occur in the following scenario:
1. You install this update for JScript 5.6 on a computer that is running Internet Explorer 6 and one of the following operating systems:
* Windows XP Service Pack 2


I only use IE for Windows Updates. I have IE 6.0 (and don't want to install 7 or 8), so that means if I install this and there is a problem, then I can't uninstall it, right? Should I still install this? Any known issues? Or just turn off Javascript in Firefox? (It's already off in IE, as far as I know.)

Daylight Savings Update (KB970653)

Me: I swear I've had similar updates about 2-4 times over the past year. Why does this still come up now and then? Install it anyways? Is it even needed?

Please note, I have Windows XP, SP2 and use Firefox (only use IE for Windows Updates -- IE 6.0).

So to sum up, I'm asking about:

1. Update for Windows XP (KB968389)
2. Security Update for Windows XP (KB958470)
3. Security Update for Windows XP (KB960859)
4. Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
5. Security Update for Windows XP (KB956844)
6. Security Update for Jscript 5.8 for Windows XP (KB971961)
7. Daylight Savings Update (KB970653)


Thanks! :thumbsup:

Edited by bloomcounty, 11 September 2009 - 11:59 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#4 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:03:39 PM

Posted 11 September 2009 - 02:23 PM

To be honest, and to help you get more answers, I dont understand what you are doing. You want to debate updates for operating system on a forum about security? Have too much time and very bored? ;) Ive seen some "security" freaks highly recommend to turn off autocheck/updates, but I would say that is highly stupid. Argument will be based on old or new stories of flawed updates, even including servicepacks, hence MS can not be trusted and user must take control. Hmm, yeah. But just you asking here kind of tell why that approach is meaningless. Cool if you feel like diagnosing every update but dont expect many to share that hobby - or have a clue, or care. There is an obvious difference between a mighty service pack update and normal ones but nm that. Those who highly suggest to disable autoupdate will find other slips. I dont trust MS 100% for sure but a lot more than peoples stories - and way more than the general state of peoples computers. Im not surprised some screw up or have done nothing wrong and still get problems. But you need stay calm and think about relationship between benefit/impact and risk/potential problems. Your posts here show why that is relevant to mention. You would not be one of those sys-admins who could not be bothered to implement fix stopping Conficker crap? Long before it ended up in headlines.

May be those thinking updates are nasty show backside of being so knowledgeable or whatever term is correct, forgetting who audience is, how people with no particular interest for these matters use computer. Only a minority will be able to understand arguments which are pretty weak to begin with... so easy to disable but then what? Takes a split second to figure out what will happen. Im positive some will agree with you about this though. Anti-MS people who use Windows (legit or not) are great in numbers, heh. They will help you diagnosing and evaluating, no questions left at all. Solution to pc problems is to be selective with updates, let user be the judge. A breakthrough in pc-security. And you have just received 10000000$.

XP without any service packs and updates works just great. And more to the point so does Linux or Macs. If you dont trust updates from Microsoft then dont use their stuff, find something better.

An interesting signature you have btw. "IE 6.5 (used only for monthly Windows Critical Updates);" You really own your Windows dont you? or Oh God :thumbsup:

#5 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 11 September 2009 - 05:47 PM

You're new here. He always does that.

#6 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:03:39 PM

Posted 11 September 2009 - 06:11 PM

If you are right my doubt in virtual badges is at red alert instead of the usual yellow - clearly say "Distinguished Member" losing faith by the day on this internet.

Still think some will agree with him, avoid as much as possible from MS. Installing whatever with no knowledge of content is safe? If alternative is to read, wonder, google about KB-articles I vote safe enough :thumbsup:

#7 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 11 September 2009 - 07:14 PM

I don't really understand the point of your posts, except to insult me. If you disagree with my questions, why post at all?

My topic was moved to this forum by jgweed. I asked him if I had done anything wrong in this post or past posts, and he said not at all and that he would try to help me as soon as he was back to the board if no one else had.

I realize that there is a type of person on message boards that doesn't like to be questioned -- that considers himself/herself an "expert" to such a degree that no one should ever question their opinion. You should just do what they say -- and if it screws things up, then, well, it's not their problem, right? And when they're wrong, then they just ignore you. IMO, these are the people that are best avoided in life. (I'm not saying you are this type of person, but I have run into this type A LOT on message boards. The internet seems to attract them.)

There is also the type of person who says "install anything that Microsoft tells you to". That's all fine and good until a supposed "critical update" screws up your computer (which is why I research the updates first and ask about them if I have a question before installing). I've been told in the past that certain updates you're better off not installing. And I was told that by other "experts". I've seen updates that were later "fixed" my MS because they had problems. I'm a better safe than sorry person. You all may not be. But, to be honest, I don't care that you're not -- and I don't see how any of these posts are beneficial to the questions at hand. And I never asked for a debate about MS updates -- I merely asked some specific questions.

If you look at my first post, there are specific issues with each update that I was asking about. I installed half the updates that came up, but those in particular I had questions about. I merely added the new once from this time around because I hadn't got a reply yet. Technically, I should have only asked about KB971961 this time, since that one has an actual "known issue" for my particular set-up.

And I don't see why it's such a big deal that I only have IE 6.5 and only use it for Windows critical updates. I'm pretty sure there are a lot of people who do the same thing -- and like the keep things bare bones, etc. So I didn't really get your comment about that.

I've never been anything but polite, inquisitive, and *very* thankful on this board. And I've even helped out a time or two when I could (because I'm no expert). Yet I get treated to replies like this, or ignored. I prefer to be ignored. And it's not my fault it shows me as a "distinguished member" -- but thanks for that needless insult as well.

I was originally just going to ignore this stuff, but I'm just sick of this crap and felt the need to defend myself. I don't plan on wasting time responding to this kind of thing any more. (And I agree with your comment about "losing faith by the day on this internet" -- but not for the reason you stated, but because of this type of thing.)

But I guess I "do this all the time", and if it's so hated, then please continue to ignore me instead of posting a pointless reply. And I mean that not as a "snotty comeback" but as a sincere response.

Thank you.

Edited by bloomcounty, 11 September 2009 - 07:15 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#8 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:03:39 PM

Posted 11 September 2009 - 08:26 PM

Why reply? Why does car accidents attract viewers? See name of this sub-forum, if you dont beg for replies I dont know what.

Well you are all ???? about updates for your operating system but still you reject them. Where is the logic in that? You find doing whatever you are told on forums safer? What random people say you follow? If MS did screw up and one should be avoided it will be on frontpage and all over internet in 5 min. And I dont mean screw up on badly tweaked Windows but a universal screw up. Until that happen be a sheep and try not to mess up.

Questioning value of updates is debating them. You dont seem to have issues btw, only strange questions: Do I need this?, Does critical really mean critical?

As said someone in sync with your ideas will hopefully reply with precise analysis of the relationship between recent MS updates and your particular system. You need someone with acceptable answers.

#9 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 12 September 2009 - 08:09 AM

Well you are all ???? about updates for your operating system but still you reject them. Where is the logic in that?


I'm not rejecting anything. If I was rejecting, I wouldn't be asking questions -- I'd just not install them and forget about it. Simple logic.

Questioning value of updates is debating them. You dont seem to have issues btw, only strange questions: Do I need this?, Does critical really mean critical?


I already said those particular questions weren't really issues -- but if you reread my original post, there are specific reason I asked (mainly because most of those updates were not listed in the "list" that MS put out of updates for the month, yet they came up for me; also that some of them seemed to rely on doing some other fancy stuff to even implement them, which didn't make sense to me; and as I also said, there was one this month that you can't uninstall in my situation if installed, so I wanted to ask about that).

As said someone in sync with your ideas will hopefully reply with precise analysis of the relationship between recent MS updates and your particular system. You need someone with acceptable answers.


I agree.

Thanks.
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#10 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 21 September 2009 - 03:33 PM

Okay, I went ahead and did these updates: KB958470, KB968816, KB956844

But I am still wondering about the others for the valid reasons stated. Thanks!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#11 wguru

wguru

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 08 December 2009 - 11:29 PM

Whether or not this site needs more moderation, less moderators or simply a 'remove or report offending posts' link, I'm not sure, but there are far too many forums that clearly are allowing unhelpful replies which basically only rag/flame/express an opinion about a post, as opposed to contributing to a forum, ie; the whole point of a forum.

I too question a lot of updates, my Googling one, led me to this exacerbated string. I suppose someone will bar me from the forum now?

As for answering the initial and/or follow up question's, here' are my own takes on these matters.

Ref. KB968389 & 973811, personally I don't see anything there I need, even more I've been suspicious of anything MS says 'contributes to helping them', especially after my one time installing 'their' SDS 2.0 utility (a real 'can of worms') which was next to impossible to uninstall, wasn't disclosed that no uninstaller was afforded, and reportedly was the only (then known) software ever 'purchased by MS' from an outside source, that source reportedly being some Russian techie in San Francisco, quite cooincidentally soon after 911 and Homeland 'in'Security's repercussions. But most of all, I believe it was SDS 2.0 that root-kitted itself (rootkits are well reported to afford a back door into one's OS because eventually people crack the software and use the back door for their own nefarious uses). I digress, but I think MS deserves it.

Ref. KB958470, my feeling is that with MS's lack of GUI and disclosure of it's software, updates, etc., in this case as far as I suspect, remote control utility software, regardless of whether or not you use it, can very well be dependant upon other remote handling utilities that you do use, so I installed it, even though I too avoid remote control (because I don't see that the insurance of installing this update, constitutes any potential issues).

Ref KBKB960859, my feeling is much the same as above. In that TelNet is reportedly a security risk, even though I don't enable or ever knowingly use it, I installed this patch.

Ref. KB956844, my feeling is much the same as above. In that IE is so connected to one's email and for all I know other utilities as well, even though I avoid using IE, I can't help but suspect that closing it's security risks is not a good thing. And yes there are known issues, the MS article on thos patch displays a link to the known issues. But as I recall, they're basically isolated and dependent on whether or not the user uses IE for out of the ordinary uses.

Ref. KB971961, I too don't use Firefox, but here again i installed the Java scripting patch simply because as far as i know all Windows browsers use java and again, I see no issues installing something that seems innocious and moreover quite possibly needed/useful.

As for deciding on what MS patches and updates to install, I can only recommend avoiding MS's auto updating at least to the extent that you never allow it to install 'blindly', try to assure KB's are always installed in chronological order, one at a time, always monitor the installs, check that they list in add-remove, if not find out why, and as distaseful and sometimes useless, read the articles that afford the sometimes rudimentary details necessary to make an informed decision about their being appropriate and beneficial about installing them.

Lastly, I found a useful freeware tool that lists updates (works on XP's & earlier), ref. WinUpdatesList, plus I find BelArc's freeware utility is an overall system helper which in this case, provides an independent recommended update feature, bit moreover provides hotlinks to all MS BelArc referenced SP's, patches and updates.

Edited by wguru, 09 December 2009 - 12:31 AM.


#12 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:39 AM

Posted 09 December 2009 - 12:15 AM

Well, I am one of the so called idiots who never updates at all. My system is sitting with very few updates past SP2 and I intend to keep it that way. The ones that were installed past SP2 were installed when I first got this system and hooked it up to the internet not realizing that updates were enabled. As soon as I saw that the auto update feature was enabled, I disabled it and it will stay that way. I will not update it until I can no longer get programs that will let me not update it and when that happens, I will manually update it to SP3 and no further. Often times updates cause problems and I do not want those problems. I would never let anything be updated any time it wants to be, it is my system, I am the one who decides what gets updated and when.

Btw, not having my system updated has not caused any problems whatsoever. I have an antivirus/firewall program that I trust and do not feel my system is at all compromised by not having it updated by Microsoft.

#13 wguru

wguru

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 09 December 2009 - 12:33 AM

I tend to agree with just that, but despite the apparent misconception, this is not a blog.

#14 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:39 AM

Posted 09 December 2009 - 02:08 AM

You are correct that this is not a blog but it is a place to give opinions on given subjects and since the op was asking for thoughts about the necessity of certain updates, I gave my opinion on updates. I do not believe I have broken any forum rules or etiquette by doing so, as I believe that is what this forum is for.

Even though the op did resolve the question about the specific updates, there will be further updates and the op, or others, might have questions about the necessity of those, which my opinion might be relevant on. It is an old topic, but still relevant to some, afterall, it was revived today.

#15 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 09 December 2009 - 06:55 PM

Wow, this topic went into a debate/argument kinda thingy. I think this should be closed, the topic was posted in August....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users