Comments on: Microsoft Pushes Two Security Patches

By: Bob D

Bob D — Sun, 16 Sep 2012 01:50:57 +0000

John, I just had that problem with GenuineCheck.exe saying it was out of date on a Vista SP2 system fully patched. Had to resort to using IE 7 to get the update, and IT wanted to install the ActiveX control for the genuine advantage checking. After the ActiveX control ran, I was able to d/l and install the update.
After the update ran, I got a prompt during the reboot process to shut down the stand alone WinUpdate installer that installs the patch but the prompt disappeared before I could take action to terminate the process. All in all, the update was smooth once I got the file. This makes one less update to install on October 9th.

By: Greg

Greg — Fri, 14 Sep 2012 18:41:50 +0000

I ran into a download corruption problem with KB2735855.

Several of our computers were experiencing downloads that were missing a few kilobytes here and there.

Once I uninstalled this patch, the problem disappeared.

By: skript++

skript++ — Thu, 13 Sep 2012 16:51:12 +0000

Very interesting article Brian .shame u didn’t include actual work here ( its freely available online ) , it is fascinating work .cyber criminals will be well happy

i wonder why they gone public about this so soon . flow is still there ? or they manage to get a patch to that

By: Phoenix

Phoenix — Wed, 12 Sep 2012 16:27:57 +0000

Not me, but a lot 0f others have. Try setting IE9 as your default browser.

By: John

John — Wed, 12 Sep 2012 16:00:59 +0000

When I try to download the Win7x64 version of the encryption key patch from http://support.microsoft.com/kb/2661254, it makes me download and run GenuineCheck.exe. However GenuineCheck says that it’s an old, unsupported version. Is anyone else having that problem?

By: Phoenix

Phoenix — Wed, 12 Sep 2012 15:17:25 +0000

Since I never saw an update I didn’t like I installed KB2661254 today rather than wait a month. So far no ill effects (running Windows 7-64).

By: GeorgeH

GeorgeH — Wed, 12 Sep 2012 04:54:55 +0000

It’s good to see M$ pushing out updates regularly. Better than nothing and better than sending out “quarterly” updates as oracle does.

By: BrianKrebs

BrianKrebs — Wed, 12 Sep 2012 02:31:31 +0000

er…I sort of mention that in the above post;

“Windows users who run Windows Update or Automatic Update may still find a few updates available, such as KB2736233, which disables certain potentially unsafe ActiveX components in Internet Explorer; or KB2735855, which is a stability hotfix for Windows 7 and Windows Server 2008 systems.”

By: Diogenes

Diogenes — Wed, 12 Sep 2012 02:09:53 +0000

We hope you are not misleading home users who do not use automatic updates; they still should check for updates and run the malicious software removal tool, which is new for this and every month.

Also, important to note from the SANS ISC post:

“Do not overlook KB2736233 Active-X Kill Bits update for 3 Cisco products. It is a Security update, but as it is ‘third-party’ to Microsoft, they do not rate it as such:”

https://technet.microsoft.com/en-us/security/advisory/2736233