| Author |
Topic: Watch for Microsoft Updates This Coming Patch Tuesday |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Aug 2007 4:54 pm |
|
On Patch Tuesday, August 14, 2007, Microsoft plans to release 9 updates, 8 of which are rated as Critical and 1 of which is rated Important.
Here is the breakdown and details of these updates and patches.
· Six Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
· One Microsoft Security Bulletins affecting Microsoft Office with a Maximum Severity rating of Critical. These updates will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
· One Microsoft Security Bulletin affecting Microsoft Office and Microsoft Windows a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
· One Microsoft Security Bulletin affecting Microsoft Virtual PC and Microsoft Virtual Server with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
They are also planning to release an update to the Microsoft Windows Malicious Software Removal Tool.
Lastly, they are planning to release four high-priority non-security updates on Microsoft Update and two on Windows Update, depending on your OS and what other Microsoft applications you have installed.
It might be a good idea to delay accepting all of these updates until Tuesday night, or Wednesday afternoon, just in case one or more of them are found to cause major problems and gets updated. Yes, I said that an update might get updated before or after you update your computer with the available updates at the time you check for updates, but updates may be reissued to patch faulty updates or patches with less faulty updates or patches! 
Remember that this information is to help with your advance planning for the Tuesday release: this information can change between now and the release on Tuesday!
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
 |
Jack Stoner
From:
Kansas City, MO
|
Posted 13 Aug 2007 4:48 am
|
|
| It's patch "Thursday" for me. I usually get the automatic update on Thursday for some reason. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 13 Aug 2007 7:05 am
|
|
| Jack Stoner wrote: |
| It's patch "Thursday" for me. I usually get the automatic update on Thursday for some reason. |
Jack;
Your Windows Updates are delivered by Pony Express, that's why you don't get them until Thursday!
Seriously, they are rolled out from different servers to different IP regions at different times, to balance the load.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
George Redmon
From:
Muskegon & Detroit Michigan.
|
Posted 14 Aug 2007 4:27 pm
|
|
Thanks for the heads up on the updates wiz. I did both my lap, and my PC. Did the restart, all is well.
George |
|
|
|
erik
|
Posted 15 Aug 2007 1:54 am
|
|
I regret not reading your heads-up and received my auto-update last night when I shut-down my computer. I started it up this morning and was forbidden by my zone-alarm from opening Explorer unless I click the "allow" button. What should I do next?
_________________
-johnson |
|
|
|
Bob Martin
From:
Madison Tn
|
Posted 15 Aug 2007 4:36 am
|
|
Well I got 10 updates yesterday and it did take a considerable amount of time to install of them. I'm glad it's over with for another month 
Bob
_________________
***Praise God From Whom All Blessings Flow*** |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Aug 2007 6:51 am
|
|
| erik wrote: |
| I regret not reading your heads-up and received my auto-update last night when I shut-down my computer. I started it up this morning and was forbidden by my zone-alarm from opening Explorer unless I click the "allow" button. What should I do next? |
Eric, and the rest of the members of the Free World;
All software firewalls that I have used, going back to AtGuard, share the same basic framework and that is they take a snapshot of every file that requests Internet access. This is true whether you allow or deny that application permission to connect out. This file signature information is contained within a database on your computer and every time a program seeks to connect out it's signature is compared to the database, to see if it was previously allowed or denied.
This is akin to a guard at the gate of a secure location who checks the names and ID cards of people trying to enter for an event. Your name may be on the list, but if you can't show ID you may not be allowed in until somebody else comes to verify that you really are the person on his list.
With all of the foregoing in mind, when the software manufacturer sends out an update for any reason, security or product improvement, the signature of that application will change. Yesterday, Microsoft updated Internet Explorer 7 with security patches, changing it's signature. Your ZoneAlarm firewall pops up a security notice when a proviously allowed application has changed it's signature and you must re-allow and check "remember my decision" before that updated executable will be allowed to connect to the Internet.
Your solution, in addition to getting to know your firewall buddy better, is to watch for the popup security alert from the firewall, after performing security or Windows Updates, and allow the program to connect and check the box to remember your decision.
Always keep in mind, when dealing with firewall challenges to changes in a program's signature, that if you initiated the change by updating it, there is a valid reason for the firewall notice, and you can allow the changed program to connect out again. Also, a lot of programs have auto-updaters and may simply popup a small notice that an update has been applied, which is easy to miss as it disappears after a few seconds. Next thing you know, without any explanation ZoneAlarm is blocking your previously approved program, asking if you want to allow it to connect to the Internet. This behavior can be turned off in ZoneAlarm, in the Preferences.
On the other hand, if you were too quick to react to a ZA popup, after rebooting from Windows Updates, and didn't understand how ZA responds to changes in program signatures, you might have denied it access and told it to remember your decision. This will require some software surgery to undo.
Let me know how this plays out for you Eric.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
erik
|
Posted 15 Aug 2007 7:21 am
|
|
Actually, the first denial was from Windows. It was a Windows pop-up that said something like, "you may not have permission.........". I restarted the computer an when I clicked Explorer I got the Zone-Alarm denial. I clicked "allow" and it worked. I never clicked "remember" but it doesn't interfere anymore. OTOH, Whenever I click Wal-Mart digital downloads I'm blocked twice and I must allow it every time I use it. So why did Explorer need only 1 allow and Wal-mart is continuous?
_________________
-johnson |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Aug 2007 9:48 am
|
|
| erik wrote: |
| Actually, the first denial was from Windows. It was a Windows pop-up that said something like, "you may not have permission.........". I restarted the computer an when I clicked Explorer I got the Zone-Alarm denial. I clicked "allow" and it worked. I never clicked "remember" but it doesn't interfere anymore. OTOH, Whenever I click Wal-Mart digital downloads I'm blocked twice and I must allow it every time I use it. So why did Explorer need only 1 allow and Wal-mart is continuous? |
If you receive repeat challenges to the same unchanged program, not only must you Allow it, you must also have ZA "remember" your decision. If you previously told ZA to remember your decision about allowing IE to access the Internet, and all that changed was the ID5 signature of the updated file, you do not need to go through the "remember" process again, just the acknowledgement that the changed file is ok and to continue to allow it.
OTOH, if you have never told your firewall to remember your decision to allow this WalMart download application to connect, it will always ask for permission. Why don't you just tell ZA to remember your decision? Then, if that program gets updated you will only have to allow the changed program to connect, in the challenge box, but not to remember it again, as that will already have been done.
The theory behind this behavior is that occasionally, a rogue piece of malware will impersonate a known program, to bypass your defenses. Of course, the rogue program cannot have the exact same signature as the program it is impersonating, or has replaced, without your knowing it. Signature based firewalls watch for this type of thing and they stop any changed application from connecting out, until you specifically allow it.
Firewalls are complex pieces of software, burdened with being the watchman to the Internet for your PC. Please read the documentation that comes with them (Help files or manuals, or online FAQs), so that you are more familiar with how they operate and what type of interaction you should expect to have to provide. All software firewalls I have used perform in the same manner regarding allowing or denying Internet access and remembering the decisions. Wrong decisions can be difficult to reverse, depending on the brand and version you are using.
Of course, if your firewall pops up a challenge to a program that you do not recognize, and you haven't just installed or updated anything, it could be a rogue, phone-home application trying to connect to it's hacker-owner. In this case deny it access temporarily and post a question here, naming the application and it's path, and the web URL it is trying to access. Gurus will decipher the report and advise you. If it is malware tell the firewall to block it and remember your decision, then download the latest updates to your anti virus and anti-spyware apps and run full scans as soon as possible, preferably from safe mode.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 15 Aug 2007 11:50 am
|
|
| The updates are here! The updates are here! I'm going down to the well to fetch Aunt Esther and then I'm calling Binky, Moe, Uncle Morty and cousin Mimi and they will all bring the rest of the family and the Slivovitz and we will sit around the computer tonight and watch the updates install. I'm so excited I could plotz! |
|
|
|
erik
|
Posted 15 Aug 2007 1:01 pm
|
|
Thanks Wiz.
_________________
-johnson |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Aug 2007 2:29 pm
|
|
| Jon Light wrote: |
| The updates are here! The updates are here! I'm going down to the well to fetch Aunt Esther and then I'm calling Binky, Moe, Uncle Morty and cousin Mimi and they will all bring the rest of the family and the Slivovitz and we will sit around the computer tonight and watch the updates install. I'm so excited I could plotz! |
At last, I have finally discovered an SGF member who suffers from the DTs more than I do.
Jon; we are brothers in madness!
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 15 Aug 2007 3:27 pm
|
|
| Hee hee. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Aug 2007 7:11 pm
|
|
So far I haven't learned of any negative affects from any of the patches released this week. Notably, this Tuesdays' Windows Updates were the second largest in total Microsoft products and components covered, since February this year. Most of the vulnerabilities would allow complete system takeover, if successfully exploited.
Don't forget about what Eric went through with his ZoneAlarm firewall. If you use a software firewall (of course you do) it should notice the changed file iexplore.exe and challenge it when you try to reconnect to the Internet. Be sure to grant permission to the changed application.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Gary Lee Gimble
From:
Fredericksburg, VA.
|
Posted 15 Aug 2007 11:26 pm
|
|
After 2 jiggers, are there any other choices? |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 16 Aug 2007 11:26 am
|
|
Au contraire, GLG, this batch of Sliv comes direct from Dongguan's Long March Happy Family Flavored Alcoholic Beverage and Toothpaste Industries factory. Fortified with diethylene glycol, I'm gonna start right up on a cold morning this winter while the rest of you are still huddled in your beds.
And it's a mouthwash, too! |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 16 Aug 2007 4:49 pm
|
|
| Jon Light wrote: |
Au contraire, GLG, this batch of Sliv comes direct from Dongguan's Long March Happy Family Flavored Alcoholic Beverage and Toothpaste Industries factory. Fortified with diethylene glycol, I'm gonna start right up on a cold morning this winter while the rest of you are still huddled in your beds.
And it's a mouthwash, too! |
He ain't right. I don't know! I don't know! I asked 'em to be on their best behavior! 
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Gary Lee Gimble
From:
Fredericksburg, VA.
|
Posted 16 Aug 2007 11:33 pm
|
|
So tell something I haven't already figured out! A heard at the kiddish last week some yentas talking about a 'yorker adding a liter of
Slivovitz to his tzimmes recipe. Yeah, his concoction yields only 6 portions too....I'm sure glad the WSSC doesn't have any affiliates up north, they'd go broke. |
|
|
|
Jack Stoner
From:
Kansas City, MO
|
Posted 17 Aug 2007 8:24 am
|
|
My "Tuesday" updates came in right on time. About 5Pm yesterday (Thursday)  |
|
|
|
Don Sulesky
From:
Citrus County, FL, Orig. from MA & NH
|
Posted 17 Aug 2007 11:57 am
|
|
My Tuesday updates come on Wednesday. Strange  |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 17 Aug 2007 2:41 pm
|
|
| Don Sulesky wrote: |
| My Tuesday updates come on Wednesday. Strange :? |
Did you not read my post about Windows Updates being delivered via pony Express?
Really, there are two reasons for the delays some of you experience. First, the updates are pushed out from different servers, covering different locals. Second, your own setting will determine at what time your computer, if it is turned on, will reach out for Automatic Updates. If it is set too early, it will not find any updates on Patch Tuesday. If it is turned on in advance of the next scheduled check it will get them the next day. If not, they will have to wait until your computer is on when it checks for new updates.
Or something like that.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
