If your software garbles this newsletter, read this issue at WindowsSecrets.com.
| || |
YOUR NEWSLETTER PREFERENCES Change
Delivery address: firstname.lastname@example.org
Alternate address: email@example.com
Locale: Canada L3B 5N5
Reader number: 35034-18272
Windows Secrets Newsletter • Issue 173 • 2008-10-30 • Circulation: over 400,000
Table of contents
INTRODUCTION: First, a news update, now a special newsletter
TOP STORY: Expect attacks via latest Windows security hole
WACKY WEB WEEK: Watch this video ... before it's too late!
LANGALIST PLUS: Work around XP SP3 glitches with CmSNXeye.exe
BEST SOFTWARE: Free productivity suite challenges MS Office
BEST SOFTWARE 2: Two great tools help manage small networks
| You're receiving only our free content. Use the following link to upgrade and get our paid content immediately: |
First, a news update, now a special newsletter
By Brian Livingston
We don't usually publish articles on the 5th Thursday of the month, thinking that that would be a chance to take a much-needed break from our weekly schedule.
A newly announced vulnerability in Windows, however, impelled us to publish a rare news update on Oct. 24, and we're following with today's special content to bring you contributing editor Susan Bradley's latest findings on protecting yourself.
Susan's regular column, Patch Watch, ordinarily appears in Windows Secrets' paid content. We opened up her Oct. 24 call-to-arms to all readers, however. It garnered the third-highest poll rating of any article this year: 4.43 out of 5, as you can see on our poll results page.
The only articles scoring higher were editor-at-large Fred Langa's May 1 recap of 30 years of computer writing and contributing editor Woody Leonhard's Oct. 23 exposé of the risks of Flash cookies (paid content).
Microsoft's unexpected patch release, and our news update less than 12 hours later, elicited this response from a subscriber named Will Cool, which was typical of our readers' reactions:
While Susan's poll numbers were setting records, our esteemed associate editor Scott Dunn flamed out with his Oct. 23 top story. That article, "The best way to merge your contacts with iPhone," received the lowest rating in history: a "fair" 2.32.
Apparently, not all of our readers who own a BlackBerry, Windows Mobile, or other handheld were able to figure out from the article how to solve merge problems on their non-iPhone device. Hey, that's why we ask for feedback!
We'll publish an update to that article, with instructions for every major kind of handheld, on Nov. 6.
As long as we were bringing out Susan's new info today, we thought we'd publish an entire newsletter's worth of new, paid content, too. This week, you'll find Fred recommending fixes for XP SP3, Scott Spanbauer testing the leading replacement for MS Office, and Becky Waring reporting on the best software for a home or small-business network.
It's easy to get the premium content that's written every week by Susan, Fred, Woody, Gizmo Richards, and our other columnists — with no fixed fee. We accept any contribution, whatever it's worth to you. Please use the following link for details:
Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
Expect attacks via latest Windows security hole
Microsoft monitors remote-access exploits
As I reported in last Friday's special bulletin, everyone who uses Windows XP, Vista, Server 2003 or later should download and install MS08-067 (patch 958644), which is a critical corrective for the OS.
The good news is that, so far, Window Secrets readers report few problems installing the patch. The small number of glitches they have encountered can be cleared up by uninstalling and then reinstalling the update.
In the meantime, the Microsoft Security Response Center blog reports that the company has detected malware authors discussing online how to take advantage of this vulnerability. However, at this writing, Microsoft says it hasn't discovered any new threats that use this exploit to drop a Trojan on targeted systems.
There may not yet be any fast-moving worm built specifically to exploit this weakness. But the vulnerability is similar to the hole that was used by the MSBlaster worm, which surfaced on the Internet in 2003. So don't let down your guard. Patch your PC if you haven't already done so, because this exploit is sure to be the focus of malware authors before long.
Since it's only a matter of time until such attacks become widespread, I urge you to reach out to other Windows users you know to ensure that they're protected from this vulnerability — once you've patched your own systems, that is.
Reboot to complete application of the fix
One question that often comes up when patching Windows is whether you need to reboot the system to ensure that it's fully patched. Some Microsoft patches are able to temporarily suspend a system, add the patch, and then restart only the service or services that are involved.
The file that's being patched by this out-of-cycle update, however — netapi32.dll — is used by so many different Windows functions that it's impossible to apply the patch without rebooting your machine.
I installed the patch on a PC that's running Small Business Server 2003 to determine the number of services that need to be shut off and restarted to ensure that the system is truly protected. This post on my blog includes a screen shot listing the many different processes that use the file.
Always reboot before installing patches, so you know in advance whether your system is having any boot-up problems you should resolve. Equally important — and I cannot stress this enough — whenever you install a patch, if the system indicates afterward that you need to reboot it, do so right away. If you wait, you leave your system vulnerable. Also, whenever two versions of the same file are stored in your PC's memory, they're likely to conflict, which makes the machine unstable.
Responses to reader questions about the patch
Over the past week, I've fielded some interesting questions from Windows Secrets readers regarding this rare, out-of-cycle patch from Microsoft. Here are two of the most common queries:
However, as was reported on the Patch Management blog by Eric Schultze of patch-management vendor Shavlik.com, Microsoft has provided a fix for this problem to customers who pay for NT patches.
I'm still investigating whether Windows 98 is vulnerable to this problem. Until I determine this, I urge users of Windows versions prior to XP to have a full complement of up-to-date security software on their machines, including both an antivirus app and a software firewall.
Vista gets two expected patches from MS
Vista machines were offered two new, out-of-cycle patches beginning on Oct. 28, two weeks after this month's Patch Tuesday.
One of the patches was MS08-062 (953155). This upgrade is for the Windows Internet Printing Service and only affects you if you're using Vista as a Web server. Microsoft stated on Oct. 14 that this fix was being offered for Windows Server as part of its regular Patch Tuesday release, but that a version for Vista would be coming out later.
Vista is also now receiving its monthly dose of compatibility upgrades in patch 957200. However, at this writing, the Microsoft Knowledge Base article that would ordinarily detail what's in the patch is missing in action.
If you'd like to read up before deploying the patch, as I plan to do, feel free to look for KB article 957200 in the next few days. (It'll probably be posted on this page at Microsoft.com.) I don't believe you need to install this patch until Microsoft explains what it does.
Virtual computers need to be patched with TLC
In a recent blog post, Microsoft employee Tony Soper provides specific instructions for applying this patch on servers that use the company's HyperV virtualization platform. Soper indicates that the virtualized server platform's default setting doesn't even check for patches, let alone install them.
Follow these steps to patch a virtualized server:
• Step 1. Open a command line. Type hvconfig and press Enter.
• Step 2. Type 6 and press Enter to search for updates.
• Step 3. Type Y and press Enter to download and install all updates.
After a few minutes, you'll be prompted to restart the system. Click Yes to initiate a restart.
Don't forget to patch any virtualized operating system that you may have as well. Personally, I patched several test operating systems last Friday that I have running in VMware to ensure that they're also protected.
AVG antivirus is causing patching headaches
As if we didn't have enough patching emergencies to deal with this week, a recent update of AVG's antivirus software knocked out some people's Internet connection. AVG's support page indicates that after upgrading to AVG version 8.0.196, your network link may fail.
If rebooting your PC doesn't fix the problem, follow the instructions on AVG's support page to download the fixfiles.zip file to your computer. Double-click the .zip file to open it, and then double-click fixfiles.exe in the resulting folder to run the utility.
If the glitch persists, the company recommends that you run a repair installation of your AVG app. If reinstalling your antivirus software doesn't get you back online, AVG advises that you contact the company's support desk for further instructions.
I became aware of the AVG update glitch when the program began to interfere with the collection and distribution of e-mail on my Small Business Server 2003 test system.
Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm. Her regular column, Patch Watch, appears twice a month in the paid content of Windows Secrets.
WACKY WEB WEEK
Watch this video ... before it's too late!
Use these permalinks to share info with friends
We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)
Use the following URL for all articles this week: http://WindowsSecrets.com/comp/081030
Free content posted on Oct. 30, 2008:
You get all of the following in our paid content:
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.
Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).
Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Chenoweth Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.
YOUR SUBSCRIPTION PREFERENCES (change your preferences):
Delivery address: firstname.lastname@example.org
Alternate address: email@example.com
ZIP or postal code: L3B 5N5
Reader number: 35034-18272
Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.
To change your preferences: Please visit your preferences page.
To access all past issues: Please visit our past issues page.
To upgrade your free subscription to paid: Please visit our upgrade page.
To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link.
To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours).
HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.
WE GUARANTEE YOUR PRIVACY:
1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
HOW TO UNSUBSCRIBE: To unsubscribe firstname.lastname@example.org from the Windows Secrets Newsletter,