09
Dec 14

Microsoft, Adobe Push Critical Security Fixes

If you use Microsoft or Adobe software products, chances are that software is now dangerously out of date. Microsoft today released seven update bundles to fix two dozen security vulnerabilities in Windows and supported software. Adobe pushed patches to correct critical flaws in Acrobat, Reader and Flash Player, including a bug in Flash that already is being exploited.

brokenwindowsFour of the seven updates from Microsoft earned a “critical” rating, which means the patches on fix vulnerabilities that can be exploited by malware or attackers to seize control over vulnerable systems without any help from users (save for perhaps visiting a hacked or malicious Web site). One of those critical patches — for Internet Explorer — plugs at least 14 holes in the default Windows browser.

Another critical patch plugs two vulnerabilities in Microsoft Word and Office Web Apps (including Office for Mac 2011). There are actually three patches this month that address Microsoft Office vulnerabilities, including MS14-082 and MS-14-083, both of which are rated “important.” A full breakdown of these and other patches released by Microsoft today is here.

Adobe’s Flash Player update brings the player to v. 16.0.0.235 for Windows and Mac users, and fixes at least six critical bugs in the software. Adobe said an exploit for one of the flaws, CVE-2014-9163, already exists in the wild.

“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system,” the company said in its advisory.

brokenflash-aTo see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash. If your version of Chrome doesn’t show the latest version of Flash, you may need to restart the browser or manually force Chrome to check for updates (click the three-bar icon to the right of the address bar, select “About Google Chrome” and it should check then).

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

Adobe Acrobat and Adobe Reader users will need to apply a critical update that fixes at least 20 critical security in these programs. See Adobe’s Reader advisory for more details on that. The latest updates live here.

Tags: , , , , , , , , ,

77 comments

  1. 20-some Windows updates today, and we’re getting Flash updates damn near every week now. It’s getting tiresome.

    • Then buy a Mac. Apple is slow to update his OS (That is, if they simply don’t ignore security issues).

      Check at Linux: They’re publishing updates way faster and in greater number.

      Just like in Auto Industry: It’s not because there’s no recall that there is not a problem.

      • +1 I’m constantly getting linux patches. I just hope flash, etc., are up to date. Linux is slow with flash.

      • Good luck with that advice. Today’s Adobe update (AdobeFlashPlayerInstaller_16au_ltrosxd_aaa_aih) entirely fails to install on the Mac, at least on Mavericks. The installer brings up a dark gray box aih progress bar saying “Retrieving Install…” that almost immediately blanks out, leaving just a dark gray box and nothing else happening. Meanwhile, Safari is reporting “Blocked Plug-In” and there’s nothing you can do about it. Hope Adobe get off its duff soon and fixes this.

      • brilliant. Once you talk my company into buying 300,000 Macs, quadrupoling our IT budget, and can insure all our VMWare VPN stuff still works…until then “Buy a Mac” isn’t much help. Oh no, are you dying of thirst in the desert? Just go get a drink! Lost at sea? No problem, just call someone on your cell to come get you.

    • So uninstall it – it is not needed on modern browsers anymore!

  2. Is there really no way to hold these companies (MS, Adobe, and Oracle for Java come to mind) accountable for the trash they produce? I understand Java, it doesn’t cost me anything, and I largely choose not to run it, but MS and Adobe… There must be some way to hold them accountable.

    • It’s the nature of complex software/operating systems – if Linux or OS X had 85% of the market, you’d be seeing constant security updates and compromises from them as well.

      Especially Windows, Flash (and Java) – if you are a bad guy, you want to target them as they cover most of the users you want to get (i.e. it where the money is). I’m no fan of Microsoft, but these updates and fixes are the nature of the beast when it comes to complex software.

      • If you run Linux (in my case Ubuntu, Kali and others) you will find that there are MANY updates there as well. Many security updates are included in the frequent updates.

        The biggest difference is that Ubuntu handles the updates through the package management system and everything comes down at once-One click will update everything.

        • My desktop is partitioned between Windows 7 and Ubuntu (LTS). The Ubuntu updates are efficient and quick. If a Microsoft user has the termerity to do his/her own updates instead of allowing the automatic updates, the folks up in Redmond punish said user with agonizingly slow downloads in an effort to make everyone update automatically. They’re a (heavy sarcasm) class act.

      • It also helps that Microsoft is the low hanging fruit in the security jungle.

    • Vote with your dollars.

      • The Phisher King

        That comment makes no sense.
        What exactly are you going to spend your money on that requires no updates?
        Unix maybe?
        Solaris?
        Because all popular operating systems require frequent updates to remain secure. The bad guys go after them all now.

    • They ARE accountable. This is why they pull out security updates instead of ignoring the problem. Of course, if by accountable, you mean you’d be able to sue them, then sure. Why not. But be prepared to pay much much more for your OS and to see less and less updates and more problems ignored.

  3. Any news on CVE-2014-8967 ? This ones has an exploit available (http://1337day.com/exploits/22970) but isn’t mentioned in MS14-080 or anywhere else.

  4. Mac users affected, too.

    There are security updates for both Adobe Flash Player and Microsoft Office for Mac. You can wait until the built-in Microsoft and Adobe update checkers do their thing this week or, if your a tin-foil hat type like me, you can do it manually now.

    Update Flash player (used by Safari and other browsers) by opening System Preferences, selecting the Flash icon (probably on your bottom row of icons, selecting the “Advanced” button (top bar) and clicking “Check now”. Follow the resulting prompts after that.

    Microsoft AutoUpdate can be run manually. On my Mac, it’s located in the top-level library in the Application Support folder. In that folder, look for the Microsoft folder then for a folder with a name like “MAU2.0”. Open the app and click “Check for updates”. I’m running Office 2011; if you have a different version, your AutoUpdate app may be located somewhere else.

    As long as you’ve opened the Adobe and Microsoft update apps, also check to make sure Adobe is set to auto-update and Microsoft is set to check daily.

    Yes, Macs seldom get viruses, but those represent only a small subset of the many threats out there! Mac (and Linux) users need tin-foil hats, too (they just don’t need double-layering like Windows hats).

  5. There may have been more Flash player 15.0 versions, but I saw at least 15.0.0.152, 15.0.0.189, 15.0.0.223, and 15.0.0.239.

    I’ve got little respect for the company anyway, but why can’t they even use simpler numbers like 15.0, 15.1, 15.2, and 15.3 for the end-user public?

    Now the 16.0 version series *begins* with 16.0.0.235? Go figure.

  6. There’s also a new release of Adobe Shockwave Player that takes it to v12.1.5.155.

  7. Microsoft has been easy to up-grade with fixes, patches or whatever has ben needed for some extended number of years. Today two or three mouse clicks started the process, which automatically completed without a hitch. Kudos to Microsoft and their engineers. A Pox upon the Hackers that made the changes necessary.

    Adobe, and their engineer and management teams should receive the same Pox Award I wished upon the Hackers in the above paragraph. Why can’t they implement a single program that up-dates all their precious Adobe software installed on a single computer? Such a program should include any multiple browsers, and be performed with a simple click or two.

    I am developing similar concerns over the sloppy work being recently done at Mozilla FireFox. Recent patches and up-grades have been less than stellar and have resulted in settings being changed and interaction with other previously installed software, add-ons, and even web pages reacting differently. Recent releases have felt more like an early Beta version rather something proven and de-bugged for public use. There is no excuse for this.

  8. This batch of updates went similarly to the prior two months’ batches for me. Namely, the Malicious Software Removal Tool stalled on several systems. After terminating the MSRT using Sysinternals Process Explorer, the remainder of the patches installed as expected. One exception: one computer stalled on a different patch (not sure which) and I finally hit Reset and took another run at it.

    For the near future, I think I’ll just opt out of MSRT, since these systems already do full scans daily with Microsoft’s AV.

    • I have seen a series of Windows Updates which may also contain a version of the Malicious Software Removal Tool stall on a machine which is concurrently installing (or running?) the same (or similar?) patch with Microsoft’s AntiVirus operating in the background. The easiest way around this is to do (or allow) a MS/AV morning up-grade and run, then once finished to run a new check for updates via Windows Updates, which should then run smoothly.

      • I actually have that automated with a Scheduled Task already. The systems turn themselves on in the morning and run an AV update automagically, then repeat the update task periodically throughout the day.

        Tangentially, for those using Microsoft’s AV (Defender on Win8, Security Essentials on 7 or Vista), you can use Task Scheduler to run scans and updates on your own timetable if you want. I recommend having the tasks run as SYSTEM, rather than a particular user. An Internet search for “Microsoft Security Essentials command-line options” will get you the details.

    • I got a werfault.exe message and then a popup about some explorer service or another stopping; but I imagine the update MSI has to shut down these services to do the update. I just ignored it and rebooted.

      All other application patches went well.

  9. Warning: Don’t install Windows Update KB3004394, the “December 2014 update for Windows Root Certificate Program in Windows” – it’s causing many problems, such as preventing many programs from being installed, showing UAC prompts for Windows files like cmd.exe that say “Publisher Unknown,” etc.

    Do a search for KB3004394 and you’ll see more. If you’re having a Windows problem right now, this update may be the cause.

    • Thanks for the info. I had a hell of a day at work, trying to build a new laptop. It was fresh out of the box from DELL, and after the first round of Windows updates, I could not longer install any other Windows Updates. I also couldn’t install my VPN client (complained about unsigned driver), and my USB stick was also prompting weird messages about drivers.

      I restored the laptop to factory settings, only to experience the same issues all over again. I built 2-3 other machine earlier this week, and had no such issues, with the same exact software. So I was pretty sure it was a Windows Update from yesterday, I just didn’t know which one. I will restore the laptop to factory settings once again, and install all Windows Updates *except* 3004394, and see if everything is normal.

      Thanks again for the tip on which update is causing havoc!

      • Some users here experienced printers they had installed reporting ‘driver not installed’.

        Fix was right click the printer, printer properties and then say yes when asked to reinstall (then choose your correct printer from the lists)

    • Microsoft have already pulled that patch (KB30004394) for Windows 7 and Windows Server 2008 R2. They’ve also pulled the Exchange 2010 Update Rollup 8 (KB2986475) and the Microsoft Silverlight and Update for Microsoft Silverlight (KB3011970) patches.

      Also issues have been reported with MS14-080 (IE9 crashing issues reported) http://marc.info/?l=patchmanagement&m=141823405324402&w=2

      And MS14-082 (KB2553154) people reporting Excel ActiveX controls disabled in Office 2010 and can’t be re-enabled without deleting specific files. http://stackoverflow.com/questions/27411399/microsoft-excel-activex-controls-disabled

  10. I can’t install the Firefox Flash plugin on one computer here. The ActiveX version installed on both, and the Firefox one on the Vista box, but on the Win7 box the Firefox one’s installer incorrectly claims this:

    “The version of Flash you are trying to install is older than the one already installed.”

    about:plugins confirms that that Firefox was not updated and still has version 15.something and not 16.something.

    What the hell is going on here? I didn’t do anything wrong, or even anything weird. Google turns up no results on searching for that message as a phrase, and nothing relevant with a “last week” search for just the message.

    Also, on *both* computers (attempting to) install the Flash plugin seems to have hijacked my default search from Google to Yahoo, which is rather rude behavior.

    • BTW, this is running the *exact same installer file* on both machines, so there’s zero chance that I accidentally double-clicked the wrong (an older) file on the Win7 box. I also tried three times, with the same results every time. I downloaded the file install_flash_player_16_plugin.msi, copied it to both machines, ran it on the Vista box and it worked, but on the Win7 box it claims Firefox has a *newer* version that 16, which is quite impossible (and which about:plugins disconfirms).

      It’s the same exact damned file. And the Firefoxen on both had the 15.something version from a week ago prior to the (attempted) installs today.

      Obviously it’s some sort of Vista vs. 7, or maybe 32 vs. 64 bit, issue, but you’d think Adobe would have tested these things thoroughly before posting them to their download site…

      • No problems here on this Vista x64 machine – do you really need it on Win7 or higher? I’ve never installed it on modern browsers.

      • Download and run Adobe Flash Player Uninstaller 16.0.0.235. Then try installing the new Flash update.

        • How about a solution that does not involve downloading yet another thingy from somewhere?

          • Wow. I’m really sorry I wasted my time replying. When I commented, I thought you were looking for a possible solution. But it never occurred to me that downloading an official uninstaller that removes all versions of Adobe Flash Player from all browsers on your machine would be such a tremendous burden. That being the case, perhaps you should just uninstall Flash altogether. Then you won’t be burdened with downloading and installing the new updates each month.

            Btw, I have no affiliation with Adobe.

            • I do occasionally watch Youtube videos, so I can’t get by without Flash. I do not want to have to do any more work than normal, which is 1) download two installers (really ought to be only one) and 2) run them.

              On top of that, you failed to provide a link to this official uninstaller, and the download page link I already have, https://www.adobe.com/products/flashplayer/distribution3.html, does not list any uninstallers, only installers.

              And now you’re claiming that this uninstaller would remove the ActiveX version as well, which I just successfully updated! I don’t want to mess with that once it’s done successfully.

              So, I will ask you all again, one more time: How do I make the plugin installer work on Win7, *without* messing with anything else that is already working properly and thereby risking screwing something *else* up, and preferably with either zero more downloads or just the download of a Flash-for-Firefox installer that will actually work correctly?

              • While you people were being useless, I figured it out on my own. You have to delete all FlashPlayerPlugin.* files from under Windows/System and all FlashPlayerPlugin.* registry keys, while leaving all other Flash (e.g. FlashPlayerActiveX) files and keys alone, then rerun the installer.

                I demand that nothing like this happen again; in the future, the Flash installers are to function correctly when run on any hardware that I own or for which I am sysadmin. There are to be zero exceptions. Is that understood? I have far more important uses for my time than working around other people’s a) bugs, mistakes, screwups, b) obstructionism and lack of being very helpful, c) failure to clearly document important things about software (e.g. Adobe *could* helpfully document how the version checking works and how to circumvent it if it isn’t working properly, but did not bother to do so), or d) assorted other stupidity.

                If anything remotely like this ever happens again, consequences will befall those of you at Adobe who are responsible for the situation, and anyone else who is complicit in any way with wasting my time. Those consequences will certainly include, and may not be limited to, adverse publicity in a wide variety of media, both traditional and online. I hope I have made myself perfectly clear. Get it right from now on. Or else.

                • Damn spam filter must be false positiving or something. I don’t know what could be setting it off. There weren’t any links in it, and there were in an item it didn’t bat an eye at earlier…

                • So instead of uninstalling it properly you just deleted some files at random? Yeah, good luck with that.

                  I’m curious: when your car breaks down, do you ask random people on the internet how to fix it? If they go to the trouble of answering to say that you need a new part, do you demand that they tell you how to fix it without needing “yet another thingy”?

                  Do you then demand (again, of random strangers with no relationship to the manufacturer!) that they make sure that “nothing remotely like this ever happens again” or “consequences will befall” them?

                  (What is it about computers that gives some people such an exaggerated sense of entitlement?)

                  • Because I didn’t want to uninstall the ActiveX one, and *you people* didn’t offer any other alternatives.

                    The car analogy I can barely be bothered to dignify with a response. Suffice it to say that this was less like a car breakdown than it was like having two Ford sedans, trading one in for the latest model year, and then trying to do that with the other one and Ford incorrectly insisting that either I already have the current model year of both, so they refuse to sell it me the other one, or else I have to give up the other one. If Ford ever actually did that there’d be no end to the laughter at Ford’s expense … it would be ringing in everyone’s ears long after the ink was dry on Ford’s bankruptcy papers.

                    Lastly, regarding a “sense of entitlement”, you’re damned right that as a sysadmin I feel entitled to full control over the operation and behavior of *my* machines and the software installed thereon.

                    • I like the idea of running the flash remover, but there are times I just have to whip out Revo Uninstaller. Typically I don’t let the factory uninstaller that it calls up, reboot, as I wan’t to remove all traces manually using the Revo GUI, which is pretty easy compared to putting up with problems. Believe me Herdubreid – I’m a pretty lazy sot, so if I can put up with Revo, I feel anyone can.

                      I must admit though, I would probably run the flash remover, and then the CCleaner registry tool; as I’ve found it better than any other I’ve tried, including JV-16 – which is one of the best in the industry. I will also admit I’m not doing this for you Herdubreid, but for others who may be reading this and need help – maybe you could give up a few secrets to help the community on KOS?

              • ​Herdubreid –

                I feel your pain, bro. 😉 Taking it from the top, here’s what I do to manage Flash updates:

                – I subscribe to Krebs on Security http://www.krebsonsecurity.com/ to get e-mail updates of new posts. Mr. Krebs always e-mails a timely notice whenever there’s ​a Flash update.
                – I DO NOT install updates the day they come out, usually waiting 2-3 days for bugs to get worked out by the general public (the same way the FDA tests drugs like acetaminophen) . Flash updates have not been anywhere as poorly crafted as Microsoft’s, but I like to be careful nonetheless.
                – I use the ​https://www.adobe.com/products/flashplayer/distribution3.html site to get downloads, as it avoids the crapware add-ons Adobe adds to their main update page to generate revenue.
                ​- I download the .MSI version installers for IE Active-X and ​Plugin-based browsers rather than the .EXE versions. I don’t fully understand why they have both .EXE and .MSI versions, but the .MSI installer requires fewer mouse clicks and seems to work reliably. 😉
                – Before commencing, I generate a fresh System Restore checkpoint, and name it “Before Adobe Updates [Month-Day]”
                – I EXIT ALL BROWSERS and other programs, and run each of the newly downloaded .MSI Flash installers. They appear to uninstall the old versions before installing the new.
                – After both installers finish successfully, I generate another fresh System Restore checkpoint, and name it “After Adobe Updates [Month-Day]” It’s redundant, as the .MSI installers each generate Restore Point checkpoints, but I prefer to do it myself, thank you very much.
                – I also have the Chrome browser, so I open Chrome, click on the 3 horizontal lines icon, pull down to and click the About Google Chrome, and let Chrome update its own internal Flash plugin. (You have to restart Chrome for the update to take effect.)
                – I open Firefox, click on the 3 horizontal lines icon, click on Add-ons, click on Plugins, click on “Check to see if your plugins are up to date” and verify the new Flash version number.
                – Finally, I go to Control Panel, doubleclick on Flash Player icon, click on the Advanced tab, and set Updates to “Never check for updates (not recommended)”. The box doesn’t have Apply or OK buttons (more shabby Adobe programming), so I just [X] close it. It’s one fewer process to run on Startup, and I get e-mail from Mr. Krebs in a more-than-timely manner, so what’s the point?

                It’s a pain-in-the-ass to have to do this so often, but at least this method has worked reliably for me. Your Mileage May Vary, especially depending on your Windows version. Good Luck! 😉

                • @Likes2LOL: the executable version of the Flash installers double as uninstallers, by the way. Just pass -uninstall on the command line. On the machines I look after, I use this to uninstall Flash before installing the new version, though I agree that it isn’t usually necessary. (I’m dealing with several hundred machines, though, so I do it via an automated script; in those circumstances you always want to take as many precautions as possible, since if something does go wrong you won’t necessarily notice.)

              • Hmm, this didn’t seem to work properly. I’ll try again.

                While you people were being useless, I figured it out on my own. You have to delete all FlashPlayerPlugin.* files from under Windows/System and all FlashPlayerPlugin.* registry keys, while leaving all other Flash (e.g. FlashPlayerActiveX) files and keys alone, then rerun the installer.

                I demand that nothing like this happen again; in the future, the Flash installers are to function correctly when run on any hardware that I own or for which I am sysadmin. There are to be zero exceptions. Is that understood? I have far more important uses for my time than working around other people’s a) bugs, mistakes, screwups, b) obstructionism and lack of being very helpful, c) failure to clearly document important things about software (e.g. Adobe *could* helpfully document how the version checking works and how to circumvent it if it isn’t working properly, but did not bother to do so), or d) assorted other stupidity.

                If anything remotely like this ever happens again, consequences will befall those of you at Adobe who are responsible for the situation, and anyone else who is complicit in any way with wasting my time. Those consequences will certainly include, and may not be limited to, adverse publicity in a wide variety of media, both traditional and online. I hope I have made myself perfectly clear. Get it right from now on. Or else.

                • Thanks, I needed a laugh today.
                  Not sure why but this really cracks me up.

                  Even if the article is dry reading the comments are ALWAYS worth it.

                  Cheers mates!

  11. Robert Scroggins

    Nothing is perfect–it never was and probably never will be. We are just finding that out now in computer software/hardware. Many of these exploits/vulns require a user to do something to activate it, so we users also have some responsibility–to use the software/hardware in a responsible/common sense manner and, given the environment today, to be mindful of security.

    Regards,

  12. I always wonder about the myriad iOS and Android app updates which are constantly sent out, most of which proclaim their reason for existence as “bug fixes and performance enhancements”. Exactly what bugs are being fixed, I wonder? At least with Microsoft and Adobe, everything is in one place and generally happens only once a month.

    Haven’t read anything about Java Runtime here recently for those corporate users which are shackled to Java for enterprise web apps. The most recent version is 8.0.25, and they have announced end of support next April for JRE 7.x. Naturally, one of our enterprise apps runs on JRE 6…. :>(

  13. No corresponding Adobe AIR update this month?

  14. Talking about updates – yesterday I received a very long ‘1 of 1’ from MS and I mean very long – in fact I shut down after a few hours and it resumed down loading when I next opened the machine.

    I am using Windows XP Pro and have done nothing to my Registry, etc., to circumvent MS’s intention not to support XP.

    Can someone please tell me how this can happen? I have asked most of the experts but none of them think this is of interest – me, being fussy, am very much interested; because, if I am still being supported, I can cancel my search for a Windows 7 machine.

    • I still support a few XP machines and it is not unusual to get update notices from MS updates, even though support has ended. It depends on what you install on the machine, especially if it is a still supported version of Office; or any support files of Office above 2003.

      You do need a well blended defense to protect you from compromise with such an installation. I can’t go into the details now, but it would be easier to upgrade if you are so fussy, and either get a modern version of Linux, or a new PC with a modern version of Windows.

      • Thank you JC – searched for MRT and found that I had removed it over a year ago. This is weird, have checked EVERY update since 2005 and nothing shown as a security fix or update since Feb this year. These updates when closing down are pretty regular and are identical to all until Feb this year. Looks as if MS’s computers are recognizing that I exist but do not want to complete the task and disobey their master by supporting my machine.

    • Microsoft is still sending out monthly “Malicious Software Removal Tool” updates to XP and if you don’t look closely you’d think they’re still doing system updates, but they aren’t that I have seen (have a machine for legacy support that has XP on it and watch each update coming in).

      Go for the Windows 7 machine while you can – they’ll become increasingly expensive as time goes on, if you want to avoid the Windows 8 touch based UI.

      • The Win8 GUI is easily avoided with a third-party add-on like Classic Shell, Start8 or Startisback, allowing you to keep the security advances while dodging the annoying UI.

        Points to ponder, from some Blackhat slides a while back:

        mechbgon.com/1.jpg
        mechbgon.com/2.jpg

        That’s memory protections. Win 8 also supports the Supervisor Mode Execution Prevention feature in the latest CPUs, SecureBoot to deter bootkits, Enhanced Protected Mode for IE, high-entropy ASLR… under that silly GUI, there’s a lot of new security enhancements. Bolt a Start Menu onto it and you’re cookin’ with gas :)

        • Hmm!? I’m not sure EMET 5.0 covers any of this? My clients that are on Win8 are having to reinstall the operating system every month or so – I’m not too crazy on the idea of migration myself. Part of the problem is probably that one of the clients is using Samsung All-in One hardware.

          • What kinds of problems are your clients having, JCitizen? My fleet is Win8.1 Pro x64 and is doing fine. Our hardware doesn’t include any Samsungs, though. Systems from three major brands, plus my own custom builds with various hardware.

            Anyway, the point is that Win8 actually made a lot of security progress, far more than Win7 did over Vista. People getting hung up on the UI is understandable, but that’s quite simple to fix. Have your cake and eat it too; I am :)

            Another reason I prefer Win8 (with an added Start Menu) over Win7, is that Win8 has its own native PDF reader, so I don’t have to install and maintain Adobe Reader or another alternative. And Win8 auto-patches the IE version of Flash Player via Windows Update, so that’s another chore automated for me.

            • I’m glad Win8 is working for you and yours; my clients are having stability problems, and very odd behaviors. I’d swear they are being taken over by malware, but this is probably not the case, because they have learned from me to operate in the limited user environment, and keep several real time protections active on their machines. Some of them may be turning on the new Windows Defender by mistake and not realizing you can’t have two anti-viruses running at the same time – but they seem happy to simply reinstall and start over – so I have no forensic path to follow to find out what is actually the problem.

              I personally had the same problem on Vista x64, and have had to reinstall it at least 10 times in the 1st three years I owned it. Mostly it was because of DRM errors, and the special cable ready hardware I had on board; but after service pack 2, and the new MSI from Microsoft came down the pike, my system finally stabilized and has been running like a top every since. In fact I’m hesitant to upgrade to Win 7, even though I have several licenses laying around. I think Win8 will be similar for them as well. with the exception of those owning tablets, as they are have far fewer problems.

      • Dear Sasparill – reply to JC above was really intended for you but covers both replies for which I am grateful.

  15. Another half-baked MS update went prime time Tuesday, and was recalled Wednesday evening:

    ​”Microsoft has removed update 2986475 and recommends that customers uninstall update 2986475 if they have already installed it.”

    ———- Forwarded message ———-
    From: Microsoft
    Date: Wed, Dec 10, 2014 at 5:33 PM
    Subject: Microsoft Security Bulletin Releases
    ********************************************************************
    Title: Microsoft Security Bulletin Releases
    Issued: December 10, 2014
    ********************************************************************
    Summary
    =======
    The following bulletins have undergone a major revision increment.
    * MS14-075 – Important
    Bulletin Information:
    =====================
    MS14-075 – Important
    – Title: Vulnerabilities in Microsoft Exchange Server Could Allow
    Elevation of Privilege
    https://technet.microsoft.com/library/security/ms14-075
    – Reason for Revision: V2.0 (December 10, 2014): Revised bulletin
    to remove Download Center link for Microsoft security update
    2986475 for Microsoft Exchange Server 2010 Service Pack 3 to
    address a known issue with the update. Microsoft is working
    to address the issue, and will update this bulletin when more
    information becomes available. Microsoft has removed update
    2986475 and recommends that customers uninstall update 2986475
    if they have already installed it.
    – Originally posted: December 9, 2014
    – Updated: December 10, 2014
    – Bulletin Severity Rating: Important

    Yet again, unbelievably poor MS QA. I’m glad I never install updates from MS the day they come out…… Sheeesh! 😉

    • Not installing on the day of release is probably a really smart idea, just to watch out for gotcha’s like this (doesn’t matter whether it’s Microsoft or some other vendor, mistakes slip through sometimes – remember that Apple iOS OTA update that disabled the phones a couple of months ago).

      Let other people be the beta testers….

      • I have to update because of MPAA sourced DRM requirements. I figure if the update hoses my system I can always do an image recovery or a system restore. Amazingly, I’ve had few problems yet.

    • They’ve pulled 2 other patches as well and issues are being reported with at least 2 more. See my comment above.

  16. I had a problem with KB3002339, which updates Visual Studio 2012. It was one of about 26 updates I selected to install yesterday (patch Tuesday). It was the 9th of 26 that WU tried install, but it seemed to hang (no progress after more than 30 min.). I tried killing WU and restarting it, but it merely resumed where it left off, and made no further progress.

    I tried running MicrosoftFixit.wu.MATSKB.Run.exe, but that did not help. Finally, on a hunch I killed WU, downloaded the KB3002339 installer separately, and was able to successfully install it. Upon restarting WU, I found that the hung session had been cleared, and I could now install the remaining 17 updates. I cannot recall ever having had a problem with WU. I wasted 2.5 h on this one before stumbling upon this work-around.

  17. But there are many programs that will only run under win xp. I have tried the same program in vista, win 7, Linux mint and on a hackintosh. Same problem. So I have 7 on my main setup, mint on my better laptop, a and a dual setup mint/xp with/hack on a old setup. Its a matter of using the right setup when I need it. But then again I like to play doom, and early single shooters, and not the mmgroup games. But that comes from being near 70 at the same time.

    • Doom engine games (Doom/Doom II/Heretic/Hexen/Strife) are all very runnable on Win7, OSX, and Linux. You just have to download an “engine” (computer code of the game) that runs on those OSes. Two of the popular engines are Chocolate Doom, which plays very close to the original DOS games but runs on new OSes, and GZDoom, which adds lots of new features and graphical effects. Quake, Quake II, and Duke Nukem 3D also have engines that run on newer OSes.

      Other shooters from around when Doom came out can probably run in DOSbox. Shooters that use OpenGL or DirectX might run in Linux with WINE. Other programs can be run in a Windows XP virtual machine that’s disconnected from the internet.

  18. Dr. Zackary Smith

    Microsoft today announced the recall of a security patch for Exchange Server published on Tuesday that was originally slated for release in the November edition of its monthly Patch Tuesday releases. This is the second straight month that Microsoft has had to pull a security bulletin after publication on patch Tuesday. It’s impossible to say whether or not broken patch releases have anything to do with the break-up of the Trustworthy Computing Group in September, but two of three patch releases have been subject to recall since. To be fair, Microsoft botched a patch Tuesday fix in August, a month before announcing the breakup of TWC. The October and September patches went off without a hitch. Related Posts Missing Exchange Patch Expected Among December Patch Tuesday Bulletins December 4, 2014 , 2:04 pm Adobe Patches 18 Vulnerabilities in Flash November 11, 2014 , 2:54 pm Microsoft Ready with 16 Patch Tuesday Bulletins; 5 Critical November 6, 2014 , 2:34 pm Adding to this comedy of errors is the reality that this particular Exchange fix was originally slated for release in November, but had to be pushed back to the December release for reasons that were never officially explained. The fix was announced in the November advanced notification and then never showed up with the official bulletins.

  19. Any idea what is going on with KB3024777? The update appeared today and the info link is bad:
    http://support.microsoft.com/kb/3024777

    Searching for add’l info yields only one other guy asking the same question… The patch is a whopping 29k.

    • Amusing to see that their patch designed to ensure future updates install properly (KB3024777), fails to download via Windows Update on my PC, and doesn’t install anything at all when downloaded and run manually with either regular or admin privileges. Nice one, Redmond. Please find a drawing board to return to…

  20. Today KB3024777 installed and worked just fine for me. Perhaps those experiencing failures are not installing the patch on computers with the proper prerequisites?

    I am running W 7 pro w/ Serv Pk 1, and has installed the KB 3004394 update that was dated December 10, 2014. This patch did remove it.

    • My issue wasn’t about the patch installing correctly, it was that the link was bad (at the time) so I couldn’t get any information on what the patch did.

      The link now works. Further indication these patches are getting pushed out without proper testing.

  21. For future reference, you could have tried using Add/Remove Programs to uninstall the faulty plugin. That usually works, in my experience, and it wouldn’t have required you to uninstall the ActiveX plugin.

    On the other hand, reinstalling the ActiveX plugin takes about 30 seconds, so it’s hard to see why the prospect was so offensive to you. Finding the right files to delete manually must have taken you much longer than that.

    Sure you’re entitled to control your own system to the best of your ability. You’re not entitled to demand that other people do your work for you. TJ gave you good advice; he didn’t need to, he’s not responsible for your technical problems; he was just being helpful. Instead of being grateful, you complain that he didn’t provide you with a link to the uninstaller and that you don’t want to have to reinstall the ActiveX version. How is that our problem, exactly?

    If you just want to rant, why not go rant at Adobe?

  22. Re KB3024777
    W7 Home premium, 64 based machine.

    Downloads fine, when I click Run nothing happens.
    Tried repeatedly.
    Checked installed updates, not installed.

  23. Since the upgrade to Adobe Flash v16.0.0.235, both Firefox and IE have experienced some odd behavior with repeated plugin crashes and/or restarts which involved subsequent reports back to Adobe, so despite their often-usual “mind of brick” attitude I suspect there will likely be another update replacement issued in relatively short order.

  24. Every time I install this update, Internet Explorer either quits working all together, or stops working after about 5 minutes. I have to remove the IE 11 update, but then they just send me another update for IE 10, which causes the same problem! I have seen where Microsoft says the fix is to ‘reset’ your Internet Explorer, but I do not want to do that. Give me another fix for my problem, please!