Windows

It's Windows Patch Tuesday: October 2008

Justin James presents a rundown on the October batch of Microsoft Windows patches. He wades through the available resources and brings you the information you need to make the right decision on applying them in your organization.

Hello, and welcome to the October 2008 installment of TechRepublic's Windows Patch Tuesday updates. I would like to thank everyone who took the time to send their kind words and great suggestions last month; we are glad that you like it so much and find it valuable. This month's update is relatively tame, so let's get to it.

Security patches

MS08-058 - Critical: This is a monster-sized "cumulative security update" for Internet Explorer. It covers IE 5.01 SP4 through IE 7, Windows 2000 through Vista and Windows Server 2008, 32-bit and 64-bit versions. In others words, if you have a Windows computer made in the last eight years, this one applies to you, with the exception of Windows Server 2008 server core installations. You will want to install this immediately, particularly if you have been lax about patching IE lately, since it addresses a number of remote code execution attacks (in IE 5 and IE 6) and information disclosure bugs in IE 7. Note that the IE 5 and IE 6 bugs are "critical" while the IE 7 issues are "Important" and "Low" priority. MS08-060/KB956803 - Critical: This patch addresses a problem that could allow an attacker to execute a remote code execution attack using LDAP as the attack vector. The attacker needs to be within the network to execute the attack. This patch is for Windows 2000 Server only. If you have Windows 2000 servers, apply this patch immediately. MS08-061/KB954211 - Important: This patch for Windows 2000, Vista, Server 2003 and 2008 (including server core) fixes three escalation of privilege vulnerabilities. One of the vulnerabilities was public, two were not. The designated importance is only "Important," probably because the attacker needs to be local to begin with; anonymous and remote users could not take advantage of them (small relief there). For a number of systems with XP SP3, who had failed SP3 installations, they may end up having this patch offered to them twice; don't worry about it, and go ahead and install it twice. This patch is not a "right now!" patch, but you should get it installed when you have the opportunity. MS08-062/KB953155 - Important: This is an update that closes a remote code execution hole in Windows 2000, XP, 2003, and 2008 (including server core). Note that Vista is unaffected by this vulnerability. The bug is in the Windows Internet Printing Service and requires that the user be logged in with local administrative rights. You should install this patch when you are installing others, but don't rush to do updates just for this one item. MS08-063/KB957095 - Important: There's a previously undisclosed bug in SMB (used for Windows File Sharing) that allows a remote attacker to execute code on your computer. Luckily, this would require someone to be in your network, so at least anonymous Internet attackers can't exploit it. This problem and the patch affect Windows 2000, XP, Vista, and 2008 (including server core), 32-bit and 64-bit. Microsoft may call this patch "important," but I would plan on installing this sooner rather than later. MS08-064/KB956841 - Important: Yup, another "escalation of privileges" vulnerability that can be exploited through a carefully crafted executable package, this time in the "virtual address descriptor." This patch closes the bug on XP, Vista, Server 2003 and 2008 (including server core), both 32-bit and 64-bit editions. This one is not quite as important since it requires the user to deliberately run something, but we know how users click "Yes" to everything. You will want to install this as part of your normal patch process. MS08-065/KB951071 - Important: This update is only for Windows 2000, and only needed if MSMQ is installed and enabled. It fixes a remote code execution problem. Go ahead and get it installed if your system meets the criteria. MS08-066/KB956803 - Important: The patch corrects an escalation of privileges issue in XP and Server 2003, 32-bit and 64-bit. The problem is that a local attacker can gain control of the system. It is not a high-priority problem, and you should not make a special effort to install this patch. One important thing to keep in mind with this one: if you are using a number of versions of Zone Alarm products (including EndPoint Security), you may find yourself unable to connect to the Internet after applying the patch. The Knowledge Base article contains a list of the problematic Zone Alarm products. At the same time, you will want to make sure that it does get installed during your normal update cycle, unless you are using one of the Zone Alarm products that it conflicts with.

KB956391: The usual ActiveX killbits update. Windows 2000, XP, Vista, Server 2003 and Server 2008 all get this. Install it during your normal update cycle.

Other updates

KB950193: This update for Windows Server SP1 came out a few weeks ago and fixes problems caused by improperly dismounted or removed hard drives.

KB955519: A cumulative update for Vista's Media Center, 32-bit and 64-bit. This fixes a number of minor annoyances in Media Center. No need to install this, unless you use Media Center and have been having problems.

KB956147: This update for Vista's Media Center TV Pack fixes a few minor issues. Like the previous item, you don't need to bother with it unless you are a Media Center user who has been having problems.

KB957000: In case you were worried that Microsoft wasn't properly collecting information from your PC as part of the "Customer Experience Improvement Program" (CEIP), you can apply this patch to ensure that your system is updated to the "latest and greatest" CEIP bits. Hooray.

Ultimate Extras: These were actually released a few weeks ago, but you'll be seeing them now for sure. More DreamScene content and, even better, a new game! I can tell you from personal experience that "Tinker" is a ton of fun; it's a steampunk-ish puzzle game. You'll want to install this ahead of your normal patch cycle; just don't tell the boss! You'll also get a new set of sounds from the game to use in Windows.

"The Usual Suspects": Updates to the Malicious Software Removal Tool, Junk Email filters, Defender, Genuine Advantage updates, root certificates, etc.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!

About

Justin James is the Lead Architect for Conigent.

29 comments
geoff
geoff

ActiveX kill bits patch kills the print control from SQL Reporting Services. An update has not been made available through Windows UPdate for the SQL Server. So effectively it disables printing. Great Job Microosft! As a workaround, drop down the export format and choose PDF, click export, and then print from the Adobe Acrobat Reater. Can't wait until this one is fixed. Arrrggggg.

whdjr
whdjr

I am new to all of this, But I'm "slowly" LEARNING ! Although, It's very confusing at times. Especially if ADD plays a role in everything I ask,say,& do. I've been trying like H*** to keep up with every up- date that comes out all the time. I have my pc. to automatically to download all the "critical updates"(very conveniate)! I only have one question, I'm just figuring out how to send & recieve emails. But yesterday I made a mistake and deleted all of them at one time. And their was a few of them I really needed. Is there a way to retrieve them again ? I was told that they are somewhere in the "C" files someplace. (true or false)? Anyone willing to try and help me ? By the way, Please don't be sarcastic because of the ADD ! I'm also a disabled vet. I'm running a program called Incredimail, For my email service. Does that make a differance ? My email address is; whdjr@atlanticbb.net

donaldgagnon1
donaldgagnon1

All of the updates are great and it is really appreciated, but nowhere could I locate the link for the new game 'Tinker'. Can anybody help out? Thanks,

Justin James
Justin James

Tinker is a Vista Ultimate Extra. If you have Ultimate Edition, it will be listed in your available updates. If you don't have Ultimate, you can't get it. :( Personally, I do not feel that the Extras that have been released for Ultimate justify the upcharge, which is sad. They could/should be doing a lot more things like Tinker, but they aren't. J.Ja

donaldgagnon1
donaldgagnon1

Thanks for the tip, Justin. We have gone with Vista on a couple of our systems here, but it has not been well received, especially in the area of backwards compatibility. Too much of what we can develop quickly with XP based tools just create havoc in the Vista platform. The learning curve and costs to migrate are not justified for us.

Photogenic Memory
Photogenic Memory

Good Ol' Windows 2000. Just make sure your automatic updates turned off or you might be surprised by automatic updates that reboot your system, hehe.

Justin James
Justin James

I had actually thought that W2K had entered that status where if a patch for something else applied to it too, it would get it, otherwise, no way. I guess I was mistaken! J.Ja

Old Tech Guy
Old Tech Guy

I'm running a few old W2k machines and after the patch the graphics look smeared like they were run through a printer with a sticky rubber roller. They colors are off, and there is a gray pallor over the screen. It is not the monitor. I downloaded the current Nvidia drivers and installed them. No change. Windows 2000 up to date service pack NVidia GeForce2 GTS Anyone else hear of the Oct 14 2008 patch breaking the graphics display? UPDATE: I've been removing the patches one by one and I still have the problem. Interestingly I can't find some of the patches listed as installed in the add/remove programs section. I don't know where they are so I can't remove them. KB957095 removed- still bad graphics KB956390 removed- still bad graphics KB956391 removed- still bad graphics KB954211 removed- still bad graphics I couldn't find these to remove KB955936 Office 2007 KB890830 Malicious software KB956464 Office 2002 KB955464 Excel 2002 Maybe they were part of the earlier ones. Could this be a hardware problem? It was fine until the patchs were installed.

Old Tech Guy
Old Tech Guy

Thanks Justin. I'm going to try what you suggested. I've got another monitor hanging around anyway. What is interesting to me is that Microsoft HAS declared that the Tueday patch caused problems for older NVidia products! http://support.microsoft.com/kb/918165/en-us The symptoms aren't the same as mine, but I wonder if my configuration is unique.

Justin James
Justin James

That symptom is nearly always the result of bad hardware, in my experience... usually on the plug itself, which is why it seemed to get worse when you took it off of the KVM. Try swapping monitors (although that doesn't sound like it would be the problem, since I'm sure you checked other machines on the KVM and they looked fine) and give the video port on the server a careful inspection for things like a broken pin stuck in the hole, a loose connection on the circuit board, etc. J.Ja

Old Tech Guy
Old Tech Guy

This is a tough nut to crack. Thank you for your suggestions. I'm thinking it has to be a software problem because it was working fine before. Here is an interesting observation. When I use logmein to access the computer from another computer with a working monitor, the colors look fine. I don't know what that means if anything. The NVidia GeForce drivers I reinstalled were off by one decimal point so I don't think that is it. I'm hoping someone else will also have this problem and a solution. If I figure it out I'll share it with the great people here. Well I tried to reinstall the drivers and I also took the box off a KVM switch, still no good. In fact it seems to be getting worse. I really don't appreciate Microsoft breaking my computer graphics card.

Photogenic Memory
Photogenic Memory

If they weren't; then try reinstalling the older drivers if you can get ahold of them. Check through the desktop screen properties? Maybe it's a matter re-detecting screen resolution? Unsure. How about reinstalling chipset or video drivers. Perhaps that may help you? Also maybe try sfc /scannow in the run command option and see if it attempts to correct some problems( have a Win2000 CD ready in a drive so it can access the older files to make a repair)? I'm really unsure where to start if the OS has been borked! Hopefully this'll give you somewhere to start. Good luck.

swcamper
swcamper

This post is very helpful. Many thanks!

Justin James
Justin James

Glad you liked it, and sorry about the various issues we had over the last day with it (a mix up on the content, and then a problem publishing it past the first paragraph). J.Ja

shinerwright50
shinerwright50

Disappointing that there was no warning about the security update causing Zone alarm to crash and prevent access to the internet!!!!

Justin James
Justin James

Argh, sorry about that! In the Microsoft bulletins that I got, there was a bad link for one of the items, the post originally had MS08-066 listed twice (instead of 060 and 066) with a slightly different writeup, and when we made the correction, the information I had provided about Zone Alarm and MS08-066 was left out. We'll get that fixed immediately! J.Ja

Tharbad
Tharbad

I thought there were one or two patches that address Active Directory this month

Justin James
Justin James

I know what you are thinking of... in mid-September, there were a few updates for Vista regarding Group Policy objects (http://support.microsoft.com/kb/943729/). I didn't include these because they were labelled as changes to existing non-security content, not new patches. :) J.Ja

JCitizen
JCitizen

documents patches. Thanks for the article Justin! I will be looking forward to the next ont. This is badly needed. And thanks to all the comments from fellow members!

Justin James
Justin James

... the summary page I linked to has the initial "stub" information correct... but the link is what is wrong and pointed me to the wrong information. :( J.Ja

Justin James
Justin James

Sorry guys, I see exactly what happened. Microsoft's bulletin (http://support.microsoft.com/kb/894199) that I used for this had some bad information posted on it. It *had* MS08-066 listed twice, once in the slot where MS08-060 was supposed to have been, but this is no longer the case. In fact, it had it listed as a "Critial" item and then re-listed as an "Important" item. I have sent a correction in that will hopefully be posted ASAP! On the plus side, the correct item only affect Windows 2000. :) J.Ja

Marty-7
Marty-7

MS08-60 was even listed in Microsoft's advanced notification email on 10/9. Disappointing that a significant patch was missed... :-(

Justin James
Justin James

How does October's patch lineup look to you? Anything that you need more information on? J.Ja

barriosl
barriosl

After the patches, I have no internet access, either wireless or wired. Other computers running xp can access the network. normally use firefox, tried ie-neither one works. i tried to restore, and system detects an antivirus running-disabled defender and avg-same thing. ?

billyknit
billyknit

I awoke this morning to find my laptop frozen in time at 3:05, so I'm pretty sure patching caused this issue... After a reboot, my laptop blue-screens then reboots. I can't read the blue-screen 'cause it flashes by too fast. All safe modes and last-known-good all do not work. I can't give any more info than this 'cause I had to leave for work. I know this is too little info, but any thoughts you have would be great. I run an older Alienware Area51 m7700 laptop. All patches are up to date.

Editor's Picks