November 13, 2012

Microsoft today issued six software updates to fix at least 19 security holes in Windows and other Microsoft products. Thirteen of those vulnerabilities earned a “critical” rating, which means miscreants or malicious code could leverage them to break into vulnerable systems without any help from users.

Of note in these patches is a critical update for Internet Explorer 9 that fixes three flaws in IE (these bugs do not exist in older versions of IE, according to Microsoft). Other critical updates address extremely dangerous flaws in core Windows components, such as the Windows shell and Windows Kernel; these vulnerabilities are present in nearly all supported versions of Windows.

All of the critical updates earned the most dire marks on Microsoft’s “exploitability index,” which tries assess the likelihood that attackers will devise remote code execution attacks and denial of service exploits within 30 days of a security bulletin release.

Also included among the critical patches is an update for Microsoft’s .NET Framework. I mention this one separately because in the few times I’ve had troubles after applying Windows security updates, a .NET Framework patch has always been part of the mix. My update this time around went fine (albeit a tad slowly) on a Windows 7 system, but if you experience any issues applying these patches, please leave a note in the comments section below.

Other vulnerabilities addressed in today’s update batch include flaws in Microsoft Excel and Microsoft Internet Information Services (IIS). A summary of the bulletins released today is available at this link. Wolfgang Kandek, chief technology officer at Qualys, has put together a readable blog post with some additional thoughts on the severity and relative urgency of today’s patches.

Update, 8:34 p.m.. ET: Several readers have pointed my attention to problems with a non-security update released with today’s batch: KB2750841. According to this thread, KB2750841 seems to be causing issues for users of OpenDNS. This workaround from OpenDNS forum user “gotroot” appears to have worked for most users experiencing problems.


28 thoughts on “Microsoft Patches 19 Security Holes

  1. Paul

    Yeah, the .NET Framework 1.1 SP1 update KB2698023 refuses to install on my XP SP3 computer, even after a reboot.

    1. JimV

      That specific .NET 1.1 SP1 patch (KB 2698023) won’t install for me as well on 2 XP SP3 Pro machines, but does so successfully on a third with the same OS flavor (weird) — no problems with it on my Win7 x64, Win Vista Home Premium x86 or Vista Ultimate x86 machines, either. On the ones where it won’t install WU generates a failure code of 0x643.

      Downloading the direct patch and attempting to install it on those two machines still doesn’t succeed. It proceeds most of the way through (reports about 2 to 5 seconds remaining) to completion before stalling, then reversing the progress bar to zero and closing that box. At that point, a new Windows Error Report box pops up stating that file encountered a problem and needs to close, asking whether to submit an error report (which I have, but there’s no solution presented as of yet).

      FWIW, the information presented by toggling the option offered before the report is submitted shows this:

      EventType: visualstudio7x80update
      P1: msiexec.exe
      P2: 1.0.1713.5056
      P3: kb2698023
      P4: 1033
      P5: 643
      P6: f
      P7: install
      P8: x86
      P9: 5.1.2600.2.3.0.256
      P10: 0

      If anyone has a suggestion on how to resolve the issue, I’ll certainly welcome it.

      1. DF

        It could be the order that the patches are being installed. I had an issue with DotNet on Xp before and it was because DotNet 2 and 3 KB’s were installed before the DotNet 1 KB that failed. I think uninstalling the DotNet updates and reinstalling then in order, DotNet 1 KB’s first then DotNet 2 and so forth, might be worth a try.

    2. jdmurray

      That patch is only for .NET Framework 1.1 Service Pack 1. Make sure you actually have Microsoft .NET 1.1 installed on those machines.

  2. DC

    I also am running XP w/SP3. Ran Microsft Updates, reboots multiple times with no luck on the install phase of KB2698023.

    1. BrianKrebs Post author

      Try running the rest of the updates, excluding the .NET update. After installing them, reboot and retry installing the .NET update.

      1. 67GTV

        This is my exact routine when setting up a new system. I apply .NET updates after all other Critical/Important updates are installed.

  3. Debbie Kearns

    Thanks for the heads-up. I installed the Windows Updates and also installed KB2698023 just fine without any problems, so I’m all set. 🙂

  4. Lionel Modra

    Windows 8 Pro is my OS on all three units, a self built desktop (dual booting W8 & W7), a 3 year old Toshiba Satellite M300 & an Acer AO722 netbook.
    KB2770917 failed to install on both my desktop and my Toshiba laptop – after repeated tries. I suspect the Toshiba is near the end of its life, but the desktop is only a year old. The OS(s) are both installed on a 3 month old SSD. All the updates installed OK on the Acer netbook.

  5. Dave

    This has worked across the company network I manage:

    Provided there are no outdated driver problems or malware causing the problem, and you do not have corrupt .NET Framework files,these are common errors with .NET Framework update installs.

    Try updating the affected machines to Windows installer 4.5 from here – https://www.microsoft.com/en-us/download/details.aspx?id=8483

    Then try a manual download and installation of the .NET Framework update that was failing

    If this still fails, you may have a corrupt installation which means you have to uninstall all versions of .NET Framework on the machine and then reinstall them, followed by the necessary update patches.

    More resources –

    http://www.instant-registry-fixes.org/net-framework-update-error-code-0x643-error-code-1603/

    http://blogs.msdn.com/b/astebner/archive/2006/05/30/611355.aspx

  6. Old School

    After the post installation reboot and disk cleanup were complete I found there were some “souvenirs” left in the Windows Temp folder.

  7. Steve W

    For the 1st time in ages I just had to use System Restore to rid my Win7 Toshiba laptop of today’s update parade. Something got hold of my laptop’s network connection icon and kept repeating a message on the desktop about “additional login information may be required, click to open your browser”. Only way to stop it was to roll everything back to prior to the update install.

  8. george

    I wonder what makes installing those windows updates so tricky and prone to problems. I can’t remember last time I had problems after updating Linux Mint, FreeBSD or PuppyLinux (I had once problems after updating a motherboard bios with FreeBSD 7.X ACPI implementation which could be solved either downgrading the motherboard bios or upgrading FreeBSD to 8.0)
    This is not meant as a comment to disparage Microsoft and I realize they have to support so many configurations (hardware – and software-wise) but .NET should be pretty much hardware independent, so what is the Achilles heel in their update implementation ?

  9. Paul

    Thanks to Mark, above.
    I downloaded the file “dotnetfx.exe” from the link in the document that was referenced in his post.
    Then I used 7-Zip to open that file and extract the “netfx.msi” and “netfx1.cab” files.
    After running the downloaded copy of the KB2698023 update (“NDP1.1sp1-KB2698023-X86.exe”), and being asked for the location of netfx.msi, I browsed to the location where it was stored and the install completed successfully.

  10. Mick

    Brian,

    Many thanks for all the useful information that you provide nearly every day.

    No problems here with a five-year-old Dell desktop running WinXP SP3. Alerted this morning that there were 10 updates, hit the download then install buttons, and about 20 minutes got the notification to reboot. Did so and followed up with CCleaner which deleted 47+ MB of stuff.

    Running fine. Later today I’ll fire up the Dell notebook running Win7 and see how that goes.

    Thanks again,

    Mick

  11. Dave

    Regarding KB2750841 and Open DNS problems

    A few folks are commenting on this. One of the main issues with KB2750841 which readies the system properly for IPv6, but is also makes other changes.

    The Windows updates affects Open DNS and DNS Crypt on Windows 7 (32-bit and 64-bit) and also on Windows Server 2003 and Server 2008 & Server 2008 R@ machines (Don’t know about Vista – thankfully don’t have one of those), and can also prevent proper connectivity to Netgear routers

    On every machine I have looked at so far (over 30 of them) one of the problems with the updates is that many network adapters are reset to original DNS settings, meaning that the IP addresses are empty and the machine is supposed to automatically select a DNS server. This is a real big problem for users of DNS Crypt as they will show that they are connected, and can ping addresses, and connect to other computers on the local network, but a browser will fail to connect

    1- Open DNS made resolver changes on their end which fixes most of it for most folks, but DNS Crypt users will still have issues, and everyone should check all network settings

    2- After the Windows updates and especially KB2750841 are installed, you need to check your network adapter settings (both wired and WiFi) and be sure that open DNS server IP addresses are properly in place in the TCP/IP settings for both IPv4 and IPv6 under the ‘Use the following DNS server addresses’ section – set to 206.67.220.220 and 206.67.222.222

    3- DNS Crypt users – download and reinstall DNS Crypt (current version is 0.0.6), check the same TCP/IP settings for both wired and WiFi adapters, and for both IPv4 and IPv6 settings, but the DNS server IP address may need to be manually reset to 127.0.0.1 (localhost)

    You’re done – as of now this has worked on 33 workstations and 7 servers all running DNS Crypt or Open DNS, or both

    On Windows 7 & 2008 R2 Server only – if the above has not made the warning bubble alerts of “Additional login information may be required’ go away, a simple registry edit will be the final fix – be very careful here

    Open regedit and navigate as follows:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\NlaSvc\Parameters\Internet
    Double-click on EnableActiveProbing
    Change value to 0.

    BTW, I strongly recommend you do not install KB2750841 if you are using WSUS or you may be re-networking a lot of stuff in order to get it all working again

    1. 67GTV

      Nice work Dave! I haven’t even looked at November’s updates on our WSUS servers yet. We usually just apply Critical and Security updates. Brian wrote that KB2750841 is a “non-security update” so I do not think (hope) I will have to deal with resetting NIC adapters. I will check for and decline this KB nevertheless.

  12. sheen

    everything alright here on generic desktop running Windows 7 Ultimate 64bit after installing November updates.

  13. Lionel Modra

    Windows 8 issue with KB2770917. I used a workaround described on other fora. The procedure was :- disable all non- Microsoft services (using msconfig (noting the status so you can restore them to the same at the end of the process)), reboot, install KB2770917, reboot, re-enable all non- Microsoft services (again with msconfig), reboot, check status of services.
    This worked for me on both my desktop and my Toshiba laptop.

  14. Adam C

    I’m not sure exactly which update yet, but im fairly sure its one of these….
    KB2750841
    KB2761217
    KB2763523
    KB2468871

    is causing a sound crackling / popping problem for me. Each time I install these updates every game I have on the PC has massive sound crackling / popping. As soon as I remove the updates they work fine again.

    Not sure why this is happening. It happens with all 2 sound cards I have here to test with.

    Inbuilt Realtek HD on MB
    and a SB audigy.

    Just thought I would let some know, and maybe get some help with it……or find out if others are getting it also….

    Running Windows 7 Pro 64bit – P5Kpro MB.

  15. James

    After installing the updates and restarting, I get a persistent error after login to Windows XP:

    Explorer.EXE Entry Point Not Found
    The procedure entry point memcpy_s could not be located in the dynamic link library msvcrt.dll

    It will not continue to load Windows.

    I can get to a command prompt, but cannot do a system restore (%system%/restore/rstrui.exe). Yields same “entry point” error above.

    I called up the task manager and ran “control appwiz.cpl” to uninstall the updates, but it didn’t seem to remove them completely. Still get the above error on login, but also similar “entry point” errors when attempting other solutions.

    The XP is a machine used in a development environment. It may have had remnants of old configurations.

  16. Dave

    Regarding error message Explorer.exe Entry Point Not Found –

    Most likely cause and my best suggestion:

    That error message means you can’t load “explorer.exe” due to an error in the file named “KERNEL32.dll”. Use a bootable diskette or the “Windows” installation CD to boot your computer then, on your hard-drive locate the “KERNEL32.dll” file. Delete it and copy it from the “Windows” installation disk in the same location you deleted it from.
    Just to make sure everything will work fine, find, delete and copy again from the “Windows” installation disk the “explorer.exe” file too.

  17. Mick

    Brian,

    For a variety of reasons, I got delayed on installing the updates on my Dell notebook (Win7Pro, 64-bit, SP1) until this morning. When I finally turned it on, I was notified that there were 15 updates waiting (13 important, 2 optional).

    It took about 20 minutes to download (over a slow DSL) and install all 15 (about 107 Mb). Robooted as told — which took substantially longer than it did on my WinXP desktop mentioned above.

    No problems encountered, and everything works.

    Hope this information is useful to someone; if not, sorry for wasting anyone’s time.

    Mick

Comments are closed.