Windows Updates Today - three updates released

Wiz Feinberg · Post by **Wiz Feinberg** » 10 Feb 2009 12:35 pm

Microsoft has released two critical patches today and an updated version of the Microsoft Malicious Software Removal Tool. Please log into your Administrator Level accounts and check to see if Automatic Updates have installed these items, or check manually and install them yourself. You must restart the computer afterward, to complete installation of the two Critical updates.

The first update is kb960715: sets the "Killbit" in an ActiveX Control that is being exploited, preventing it from installing, or if already installed, from running in your MSIE browsers.

Target platforms: Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, and Microsoft Windows 2000

Description:
Security issues have been identified in ActiveX controls that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.
http://go.microsoft.com/fwlink/?LinkId=139076

The second update involves kb961260: Cumulative Security Update for Internet Explorer for Windows.

Target platforms: Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Description:
Security issues have been identified that could allow an attacker to compromise a computer that is running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
http://go.microsoft.com/fwlink/?LinkId=139814

The MSRT was updated to detect and remove the Srizbi Bot infection. Srizbi was one of the main Botnets until its loss of its Control and Command servers, in November, 2008. The Botnet is now inactive, yet the malware remains on a huge number of PCs. Remove this threat with the MSRT now, just in case Srizbi reawakens someday.

Brint Hannay · Post by **Brint Hannay** » 10 Feb 2009 10:42 pm

I was prompted to install these updates when I went to shut down my computer, and did so, and re-booted (automatically).

I then decided to check for Windows Updates via IE (I don't do this as often as I should--but I'm set to automatic update)--and it now says I should install this "High Priority Update":
Microsoft.NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)x86.
Download size: 248.8 MB, 44 minutes.

I don't see where you've posted about this. Sounds like a major Update. Thought I'd check before I go for it.

Wiz Feinberg · Post by **Wiz Feinberg** » 11 Feb 2009 12:52 am

If you have .NET installed at all it needs to be updated occasionally. Microsoft releases new service packs as well as patches for the .NET framework.

Sometimes a program you install will require ,NET version so and so and will install it. When you run Windows Updates the updater will also check for newer versions of .NET and offer to install them. They are big downloads, as you noticed.

If you never installed .NET framework manually, as an option update, assume a program you loaded did install it. It will keep getting updated and upgraded, from time to time.

If you figure out which programs installed .NET and uninstall them, you might not need .NET anymore and could uninstall it and its service packs, but this could lead to system instability. Better to let sleeping .NETs lie.