Thursday, October 30, 2008

Expect attacks via latest Windows security hole [Newsletter Comp Version]

If your software garbles this newsletter, read this issue at

    Windows Secrets logo

Delivery address:
Alternate address:
Locale: Canada L3B 5N5
Reader number: 35034-18272

Windows Secrets Newsletter • Issue 173 • 2008-10-30 • Circulation: over 400,000

No Job? No Prob!

Readers can now download TWO helpful e-books

No Job? No Prob! is a tongue-in-cheek guide to what to do if you suddenly find yourself without gainful employment. The printed book will soon appear in stores, but for a limited time, all Windows Secrets subscribers are eligible to download an e-book excerpt with four full chapters free of charge. You may not need it today, but this light-hearted how-to will be nice to have if the global economy gives you a bit of a surprise.

Through Nov. 5, all subscribers can also download a second bonus: Jake Ludington's useful e-book, Converting Vinyl LPs and Cassette Tapes to CDs and MP3s. To get one or both PDF e-books, simply visit your preferences page, update your information, click Save, and you'll see download links. Thanks for your support! —BL

All subscribers: Check your prefs page and download your bonuses
Info on the printed book: United States / Canada / Elsewhere

    You're receiving only our free content. Use the following link to upgrade and get our paid content immediately:

More info on how to upgrade


Is your next e-mail a trick or a treat?   Is your next e-mail a trick or a treat?
Keep your computer safe from hacker ghouls on the Internet this Halloween season with VIPRE Antivirus + Antispyware. Get a free, 15-day, fully functional trial of VIPRE today!
VIPRE Antivirus + Antispyware

Breathe new life into your PC   Breathe new life into your PC
The more you use your computer, the slower it gets. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now, and in just minutes receive a free custom report showing you how to keep your PC running at peak performance.
PC Pitstop

See your ad here


First, a news update, now a special newsletter

Brian Livingston By Brian Livingston

We don't usually publish articles on the 5th Thursday of the month, thinking that that would be a chance to take a much-needed break from our weekly schedule.

A newly announced vulnerability in Windows, however, impelled us to publish a rare news update on Oct. 24, and we're following with today's special content to bring you contributing editor Susan Bradley's latest findings on protecting yourself.

Susan's regular column, Patch Watch, ordinarily appears in Windows Secrets' paid content. We opened up her Oct. 24 call-to-arms to all readers, however. It garnered the third-highest poll rating of any article this year: 4.43 out of 5, as you can see on our poll results page.

The only articles scoring higher were editor-at-large Fred Langa's May 1 recap of 30 years of computer writing and contributing editor Woody Leonhard's Oct. 23 exposé of the risks of Flash cookies (paid content).

Microsoft's unexpected patch release, and our news update less than 12 hours later, elicited this response from a subscriber named Will Cool, which was typical of our readers' reactions:
  • "Wow! My system had restarted itself overnight and I was informed that it had just installed updates (?), but even a closer inspection of the updates told me little about why. Then I open my inbox, and — What'd'y'know? — question answered! You guys are impressive."
Today, Susan brings you more good advice. Now's the time to defend your PC against the possibility that a nasty, never-before-seen worm will scream across the Internet, exploiting the newfound Windows weakness. The official Microsoft patch isn't difficult to install, but Susan answers a few questions that we've received from readers.

While Susan's poll numbers were setting records, our esteemed associate editor Scott Dunn flamed out with his Oct. 23 top story. That article, "The best way to merge your contacts with iPhone," received the lowest rating in history: a "fair" 2.32.

Apparently, not all of our readers who own a BlackBerry, Windows Mobile, or other handheld were able to figure out from the article how to solve merge problems on their non-iPhone device. Hey, that's why we ask for feedback!

We'll publish an update to that article, with instructions for every major kind of handheld, on Nov. 6.

As long as we were bringing out Susan's new info today, we thought we'd publish an entire newsletter's worth of new, paid content, too. This week, you'll find Fred recommending fixes for XP SP3, Scott Spanbauer testing the leading replacement for MS Office, and Becky Waring reporting on the best software for a home or small-business network.

It's easy to get the premium content that's written every week by Susan, Fred, Woody, Gizmo Richards, and our other columnists — with no fixed fee. We accept any contribution, whatever it's worth to you. Please use the following link for details:

More info

Thanks for your support!

Brian Livingston is editorial director of and co-author of Windows Vista Secrets and 10 other books.

Table of contents


Are your computer's drivers up-to-date?   Are your computer's drivers up-to-date?
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

Never waste time with software installs   Never waste time with software installs
PCmover is the only migration utility that automatically moves installed programs and files to your new PC. It even transfers bookmarks and e-mail settings! Stop wasting time waiting for installs and updates. Let PCmover automate your upgrades.
Laplink PCMover

See your ad here


Expect attacks via latest Windows security hole

Susan Bradley By Susan Bradley

Following Microsoft's release last Friday of a critical, out-of-cycle patch, only sporadic reports of attacks based on this weakness have been received — but that may not last.

Apply the patch referred to in MS08-067 right away, because Trojan horses that take advantage of this security breach are sure to hit us soon.

MS08-067 (958644)
Microsoft monitors remote-access exploits

As I reported in last Friday's special bulletin, everyone who uses Windows XP, Vista, Server 2003 or later should download and install MS08-067 (patch 958644), which is a critical corrective for the OS.

The good news is that, so far, Window Secrets readers report few problems installing the patch. The small number of glitches they have encountered can be cleared up by uninstalling and then reinstalling the update.

In the meantime, the Microsoft Security Response Center blog reports that the company has detected malware authors discussing online how to take advantage of this vulnerability. However, at this writing, Microsoft says it hasn't discovered any new threats that use this exploit to drop a Trojan on targeted systems.

There may not yet be any fast-moving worm built specifically to exploit this weakness. But the vulnerability is similar to the hole that was used by the MSBlaster worm, which surfaced on the Internet in 2003. So don't let down your guard. Patch your PC if you haven't already done so, because this exploit is sure to be the focus of malware authors before long.

Since it's only a matter of time until such attacks become widespread, I urge you to reach out to other Windows users you know to ensure that they're protected from this vulnerability — once you've patched your own systems, that is.

Reboot to complete application of the fix

One question that often comes up when patching Windows is whether you need to reboot the system to ensure that it's fully patched. Some Microsoft patches are able to temporarily suspend a system, add the patch, and then restart only the service or services that are involved.

The file that's being patched by this out-of-cycle update, however — netapi32.dll — is used by so many different Windows functions that it's impossible to apply the patch without rebooting your machine.

I installed the patch on a PC that's running Small Business Server 2003 to determine the number of services that need to be shut off and restarted to ensure that the system is truly protected. This post on my blog includes a screen shot listing the many different processes that use the file.

Always reboot before installing patches, so you know in advance whether your system is having any boot-up problems you should resolve. Equally important — and I cannot stress this enough — whenever you install a patch, if the system indicates afterward that you need to reboot it, do so right away. If you wait, you leave your system vulnerable. Also, whenever two versions of the same file are stored in your PC's memory, they're likely to conflict, which makes the machine unstable.

Responses to reader questions about the patch

Over the past week, I've fielded some interesting questions from Windows Secrets readers regarding this rare, out-of-cycle patch from Microsoft. Here are two of the most common queries:
  • "If I'm running Microsoft software on a Mac, am I vulnerable?"
No. The vulnerability in question affects only Windows, not Microsoft Office or other applications running on a Mac or other non-Windows system. If you use a Mac, you don't have to install this patch.
  • "Are Windows NT and Windows 98 machines susceptible to the security hole?"
Windows NT, 95, 98, and Me are supported by Microsoft only for customers who pay a fee. As a result, Microsoft releases patches for these operating systems only to people who have Premier support contracts with the company.

However, as was reported on the Patch Management blog by Eric Schultze of patch-management vendor, Microsoft has provided a fix for this problem to customers who pay for NT patches.

I'm still investigating whether Windows 98 is vulnerable to this problem. Until I determine this, I urge users of Windows versions prior to XP to have a full complement of up-to-date security software on their machines, including both an antivirus app and a software firewall.

Vista gets two expected patches from MS

Vista machines were offered two new, out-of-cycle patches beginning on Oct. 28, two weeks after this month's Patch Tuesday.

One of the patches was MS08-062 (953155). This upgrade is for the Windows Internet Printing Service and only affects you if you're using Vista as a Web server. Microsoft stated on Oct. 14 that this fix was being offered for Windows Server as part of its regular Patch Tuesday release, but that a version for Vista would be coming out later.

Vista is also now receiving its monthly dose of compatibility upgrades in patch 957200. However, at this writing, the Microsoft Knowledge Base article that would ordinarily detail what's in the patch is missing in action.

If you'd like to read up before deploying the patch, as I plan to do, feel free to look for KB article 957200 in the next few days. (It'll probably be posted on this page at I don't believe you need to install this patch until Microsoft explains what it does.

Virtual computers need to be patched with TLC

In a recent blog post, Microsoft employee Tony Soper provides specific instructions for applying this patch on servers that use the company's HyperV virtualization platform. Soper indicates that the virtualized server platform's default setting doesn't even check for patches, let alone install them.

Follow these steps to patch a virtualized server:

Step 1. Open a command line. Type hvconfig and press Enter.
Step 2. Type 6 and press Enter to search for updates.
Step 3. Type Y and press Enter to download and install all updates.

After a few minutes, you'll be prompted to restart the system. Click Yes to initiate a restart.

Don't forget to patch any virtualized operating system that you may have as well. Personally, I patched several test operating systems last Friday that I have running in VMware to ensure that they're also protected.

AVG antivirus is causing patching headaches

As if we didn't have enough patching emergencies to deal with this week, a recent update of AVG's antivirus software knocked out some people's Internet connection. AVG's support page indicates that after upgrading to AVG version 8.0.196, your network link may fail.

If rebooting your PC doesn't fix the problem, follow the instructions on AVG's support page to download the file to your computer. Double-click the .zip file to open it, and then double-click fixfiles.exe in the resulting folder to run the utility.

If the glitch persists, the company recommends that you run a repair installation of your AVG app. If reinstalling your antivirus software doesn't get you back online, AVG advises that you contact the company's support desk for further instructions.

I became aware of the AVG update glitch when the program began to interfere with the collection and distribution of e-mail on my Small Business Server 2003 test system.

Please tell us how useful this article was to you:

1: Poor
2: Fair
3: Good
4: Great
5: Superb
Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm. Her regular column, Patch Watch, appears twice a month in the paid content of Windows Secrets.

Table of contents


Convert any audio file with ease   Convert any audio file with ease
Easily convert any music files to MP3, AAC, or WAV formats. 50x conversion speed. SoundTaxi Professional is simple to install and use. Enjoy all your music on your favorite device or computer without any annoying restrictions.

Recover Windows passwords   Recover Windows passwords
Did you forget your Windows administrator/user password? Want to find your PC's BIOS/CMOS password? Recover e-mail, MSN, IE, and Google Talk passwords with ease. Locate any software product key on your PC. Solve password problems with Password Genius.
Spotmau Password Genius

Get your message seen by 400,000 readers   Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here


Watch this video ... before it's too late!

escape from zombie By Katy Abby

Ghosts, goblins, and ghouls are poised to haunt your doorstep on Oct. 31 in the innocuous pursuit of candy. But beware! Some of those innocent-looking revelers might just be zombies in disguise, walking the streets on a quest for brains and human flesh. Oh, no! How to tell the difference?

Thankfully, we were able to dig up a classic instructional video, outlining exactly how to keep yourself and your loved ones safe from the living dead ... for now. Happy Halloween! Play the video

Help people find this article on the Web (explain):


Table of contents


Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)

Use the following URL for all articles this week:

Free content posted on Oct. 30, 2008:

You get all of the following in our paid content:

Get our paid content by making any contribution

12 months of paid content

There's no fixed fee! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount by Nov. 5, 2008, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.
Thabo in Zimbabwe

A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. Your contributions in October are helping us to sponsor Thabo Mpofu, a 5-year-old boy in Zimbabwe, a landlocked country in southern Africa. Plan USA channels development aid from donors to Thabo and his community. We also sponsor kids through Save the Children and other respected agencies. More info

Use the link below to learn more about the benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support!


Table of contents


The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Chenoweth Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter,, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of LLC. All other marks are the trademarks or service marks of their respective owners.

YOUR SUBSCRIPTION PREFERENCES (change your preferences):

Delivery address:
Alternate address:
Country: Canada
ZIP or postal code: L3B 5N5
Reader number: 35034-18272
Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.

To change your preferences: Please visit your preferences page.

To access all past issues: Please visit our past issues page.

To upgrade your free subscription to paid: Please visit our upgrade page.

To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link.

To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours).

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.


1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Use this 2-click Unsubscribe link; or
  • Send a blank e-mail to with leave as the Subject line; or
  • Visit our Unsubscribe page.
Copyright © 2008 by LLC. All rights reserved.

Table of contents


No comments:

Post a Comment

Thanks for understanding that we need to prevent the nasties.

Terms of Use

Personal & Educational Use Only This blog consists mainly of FREE newsletters from computer web gurus that I receive. I thought you might like to see them all in one place than try to discover them on your own. A moderate amount of editing may be done to eliminate unrelated repetitious ads or unnecessary text which bloat the post. However I have given the authors full credit and will not remove their site links because you deserve to see where it comes from and they deserve to get credit for what they have written. Your use of this site is simply for educational purposes. For more computer-related help go to: CPEDLEY.COM for free software, advice and tips on low cost products which are very helpful. If you want to contact the editor, please go CPEDLEY.COM and check the Contact page for email address.