Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Non-Security Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Non-Security Updates

As a number of readers have reported, Microsoft released a few non-security updates on Tuesday via Windows Update/Automatic Updates.  Most of our readers will recognize that the 4th Tuesday of the month is when Microsoft usually releases non-security updates.  From the results of a couple of computers here in my office, the updates involve the .NET Framework versions 3.x and 2.x.  As with all updates, please remember to test the update in your respective environment prior to wholesale deployment.  More information on the .NET Framework update available at KB982524.

 

Scott Fendley ISC Handler

ScottF

188 Posts
ISC Handler
Regarding the testing of updates, I always do my testing on my laptop. If it burns up then nothing lost but a lot gained. :-)

Cheers
Anonymous
To be honest, not sure if I'm fond of the new 4th Tuesday of every month practice. Is the advantage that I have 1/2 as many patches to figure out which new patch broke what?
Dean

135 Posts
To DSH - this actually isn't new. Updates have been released on the 4th Tuesday for many years.
Susan

34 Posts
You may be right, Susan. Just don't know how widely acknowledged this 2nd Tuesday is; maybe its just that its being used every month now. Digging around found this Storm Center posting from last November questioning the 2nd patch Tuesday - http://isc.sans.edu/diary.html?storyid=7645
Dean

135 Posts
On my laptop with XP Pro SP3, this .NET update broke Windows Security Center, which could no longer recognize that my non-Microsoft firewall software was running. Removing the update returned the system to normal, so it's definitely something with the update.
TonyH

8 Posts
The new .NET Framework affected apps like vSphere Client

If you try to use VI Client, will not work and you can see some errors:
Error parsing the server "<servername>" "clients.xml" file.
The type initializer for VirtualInfrastructure.Utils.HttpWebRequestProxy' threw an exception.
Read more on
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022611
Anonymous
An issue with MICROSOFT .NET security update has been discovered with the use of SMARTEAM.
The incident is currently under analysis but we advise you to NOT install the following Microsoft patch:
http://support.microsoft.com/kb/976576/en-us

If this update has been installed on a workstation the following issue appears:

1. open Smarteam, login as admin (if you use PLMDB)
2. close Smarteam
? error message appears:
error: DDE server Window: Smarteam.exe Application error
The exception unknown software exception (0x0eedfade) occurred in the application at location 0x7c81eb33.
3. Click OK
? Same error message appear again

Anonymous

Sign Up for Free or Log In to start participating in the conversation!