H
Hot-Text
J. P. Gilliver (John) said:
Yes Sir...................................................[G]
Yes Sir...................................................[G]
M
micky
In short, at Internet Options / Advanced / Lower half of the box,, I
reset IE settings, and I'm asking how to get back all the security
updates. I had figured that since I rarely use IE and I haven't
personallized it much if at all, there was little or nothing to reset.
Before resetting all it said was "Resets Intenet Explorer's settings to
their default condition. You should only use this if your browser is in
an unstable state. " But after I did it, I'm almost certain it
explicity said that it had removed updates (maybe even said security
updates, but I didn't copy over the message in the box.)
I think I went to this site, or another one you or someone suggested,
Anyhow, I went somewhere and it looked like it had info, but then I
turned my head for a couple minutes and when I looked back there were
big letters saying support for XP has ended!!!!
I guess everyone who considers using an OS after support ends should use
WSUSoffline, but I never heard of it before. ;-)
I looed at this page and iirc and if it was there to download, I dl'd
the program, but I got distracted and haven't run it yet. That's why
it's taken so long to get back to you and Vanguard.
But it was good to go slowly because in the intervening period, I've had
two ideas:
1) The computer in question runs winXP Pro SP3. I also have a laptop
that runs XP Home SP3. How about if I copy all the required files
dealing with IE from the laptop to the desktop. Will that work?
Problem: What *are* all the required files? (Some of them are in
C:\Windows\Program Files\IE.) But before worrying about this too much,
see 2.
2) Yesterday, I had a braincyclone. Doesn't Belarc keep track of this?
Indeed it does. It even includes a summary at the top right of the
report, with a count of how many security updates are missing and a link
to go to the part of the report that lists them.
a) I ran it on the laptop and it listed 4 problems, but none with IE.
Two with Adobe Flash, one with Adobe Reader iirc and one with Quicktime.
I've already fixed three of them, by googling the update name, dl'ing
and installing the update. If anyone wants, I can probably verify the
first 3, but it would be easier for everyone if they just ran Belarc on
their own computer and got info that pertains to it.
BTW, I never turned down an update for the laptop, so I'm not sure how
these four were missing.
b) I ran it on the desktop, the computer whose IE I reset, and I guess I
was impatient and clicked the icon about 4 times, because I got 4
reports in a row. The first 3 said Unknown with a question mark**,
but the 4th one said 6 problem with security updates. Only 6, even
after resetting.
**Looking at the same 3 reports again, "Unknown" has been changed to "6
missing". I should have copied part of it before it changed, because it
had a list of 50 or 100 security updates, almost all of which had green?
checkmarks next to them, meaning they were there, and maybe none of
which had red X's meaning they were not there. But some were blank in
that column meaning "not enough evidence". This was true for IE, but
they listed some other programs??, that I didnt recognize, and others
that I did recognize, including .net-framework (sp?) , I think two
entries for that with 7 or 8 total updates involved (none with
checkmarks) and almost none of the security updates for those programs
had check marks. But apparently Belarc later decided only 6 updates
were missing, so apparentely resetting doesn't reset updates even though
it said it did.
" Missing Microsoft Security Hotfixes
These required security hotfixes (using the 07/08/2014 Microsoft
Security Bulletin Summary) were not found installed. Note: CIS
benchmarks require that Critical and Important severity security
hotfixes must be installed.
Q931906 - Critical (details...)
Q936960 - Important (details...)
Q951550 - Important (details...)
Q969856 - Important (details...)
Q2538242 - Important (details...)
Q2565063 - Important (details...) "
BTW, I don't think I ever turned down an update for the desktop
computer, so I'm not sure how these six are missing.
I plan to open a new tab by clicking on each "details". So far, only
the firsr one, which is incomprehensible so far, but I have had only a
little time to look at it. BTW, this first one has been missing since
2007, so I've been vulnerable all that time, but it only relates to
CAPICOM whatever that is. (and Biztalk 2004, that I know I don't have.)
Wikip: CAPICOM is a discontinued ActiveX control created by Microsoft
to help expose a select set of Microsoft Cryptographic Application
Programming Interface (CryptoAPI) functions through Microsoft Component
Object Model (COM)...... So if CAPICOM is discontinued, do I
still neeed the security update?
The next one is for 2007 Microsoft Office, but I don't have MS Office.
Do I need the update?
The next one is for the 2007 MS Office suite, but I don't have that. Do
I need the update?
The next one if for Virtual PC and Virtual Server. I was going to
install Virtual PC but I never did. Do I need the update?
The next one is for Visual C++ 2005 SP1 Redistributable Package: June
14, 2011, but i don't think I have that. I'll check. Do I need the
update?
The last one is for Visual C++ 2010 Service Pack 1: August 9, 2011. Do
I need that.
You know, on second thought, I think I did turn down some updates, for
programs I didn't have. Was that bad? It' a bit confusing now. If I'd
taken everything I woudln't have to look up these 6 things.
reset IE settings, and I'm asking how to get back all the security
updates. I had figured that since I rarely use IE and I haven't
personallized it much if at all, there was little or nothing to reset.
Before resetting all it said was "Resets Intenet Explorer's settings to
their default condition. You should only use this if your browser is in
an unstable state. " But after I did it, I'm almost certain it
explicity said that it had removed updates (maybe even said security
updates, but I didn't copy over the message in the box.)
I think I went to this site, or another one you or someone suggested,
Anyhow, I went somewhere and it looked like it had info, but then I
turned my head for a couple minutes and when I looked back there were
big letters saying support for XP has ended!!!!
I guess everyone who considers using an OS after support ends should use
WSUSoffline, but I never heard of it before. ;-)
I looed at this page and iirc and if it was there to download, I dl'd
the program, but I got distracted and haven't run it yet. That's why
it's taken so long to get back to you and Vanguard.
But it was good to go slowly because in the intervening period, I've had
two ideas:
1) The computer in question runs winXP Pro SP3. I also have a laptop
that runs XP Home SP3. How about if I copy all the required files
dealing with IE from the laptop to the desktop. Will that work?
Problem: What *are* all the required files? (Some of them are in
C:\Windows\Program Files\IE.) But before worrying about this too much,
see 2.
2) Yesterday, I had a braincyclone. Doesn't Belarc keep track of this?
Indeed it does. It even includes a summary at the top right of the
report, with a count of how many security updates are missing and a link
to go to the part of the report that lists them.
a) I ran it on the laptop and it listed 4 problems, but none with IE.
Two with Adobe Flash, one with Adobe Reader iirc and one with Quicktime.
I've already fixed three of them, by googling the update name, dl'ing
and installing the update. If anyone wants, I can probably verify the
first 3, but it would be easier for everyone if they just ran Belarc on
their own computer and got info that pertains to it.
BTW, I never turned down an update for the laptop, so I'm not sure how
these four were missing.
b) I ran it on the desktop, the computer whose IE I reset, and I guess I
was impatient and clicked the icon about 4 times, because I got 4
reports in a row. The first 3 said Unknown with a question mark**,
but the 4th one said 6 problem with security updates. Only 6, even
after resetting.
**Looking at the same 3 reports again, "Unknown" has been changed to "6
missing". I should have copied part of it before it changed, because it
had a list of 50 or 100 security updates, almost all of which had green?
checkmarks next to them, meaning they were there, and maybe none of
which had red X's meaning they were not there. But some were blank in
that column meaning "not enough evidence". This was true for IE, but
they listed some other programs??, that I didnt recognize, and others
that I did recognize, including .net-framework (sp?) , I think two
entries for that with 7 or 8 total updates involved (none with
checkmarks) and almost none of the security updates for those programs
had check marks. But apparently Belarc later decided only 6 updates
were missing, so apparentely resetting doesn't reset updates even though
it said it did.
" Missing Microsoft Security Hotfixes
These required security hotfixes (using the 07/08/2014 Microsoft
Security Bulletin Summary) were not found installed. Note: CIS
benchmarks require that Critical and Important severity security
hotfixes must be installed.
Q931906 - Critical (details...)
Q936960 - Important (details...)
Q951550 - Important (details...)
Q969856 - Important (details...)
Q2538242 - Important (details...)
Q2565063 - Important (details...) "
BTW, I don't think I ever turned down an update for the desktop
computer, so I'm not sure how these six are missing.
I plan to open a new tab by clicking on each "details". So far, only
the firsr one, which is incomprehensible so far, but I have had only a
little time to look at it. BTW, this first one has been missing since
2007, so I've been vulnerable all that time, but it only relates to
CAPICOM whatever that is. (and Biztalk 2004, that I know I don't have.)
Wikip: CAPICOM is a discontinued ActiveX control created by Microsoft
to help expose a select set of Microsoft Cryptographic Application
Programming Interface (CryptoAPI) functions through Microsoft Component
Object Model (COM)...... So if CAPICOM is discontinued, do I
still neeed the security update?
The next one is for 2007 Microsoft Office, but I don't have MS Office.
Do I need the update?
The next one is for the 2007 MS Office suite, but I don't have that. Do
I need the update?
The next one if for Virtual PC and Virtual Server. I was going to
install Virtual PC but I never did. Do I need the update?
The next one is for Visual C++ 2005 SP1 Redistributable Package: June
14, 2011, but i don't think I have that. I'll check. Do I need the
update?
The last one is for Visual C++ 2010 Service Pack 1: August 9, 2011. Do
I need that.
You know, on second thought, I think I did turn down some updates, for
programs I didn't have. Was that bad? It' a bit confusing now. If I'd
taken everything I woudln't have to look up these 6 things.
P
Paul
micky said:
Q931906 - Critical MS07-028: Vulnerability in CAPICOM
Q936960 - Important office2007-kb936960-fullfile-x86-glb.exe (Office 2007)
Q951550 - Important Vulnerabilities in Microsoft XML Core Services
Q969856 - Important Vulnerability in Virtual PC
Q2538242 - Important Visual C++ 2005 Service Pack 1 (msvcr80.dll and friends)
Q2565063 - Important Visual C++ 2010 Service Pack 1 (Msvcp100.dll and friends)
None of those are directly related to IE.
And some of those, are the sorts of things the Baseline Analyser prints
on the screen. For example, even if you have Office Viewer programs
(like a PowerPoint Viewer), but not a real copy of Office, it still
pulls in fifteen patches.
For IE, you would want the latest cumulative update to
your particular version. This is the only one I have bookmarked,
but there was at least one other patch for an IE exploit after
"end of support" (late April maybe ?). Cumulative means you only
need the last one of the series. This would likely get you
pretty close.
http://support.microsoft.com/kb/2925418 (Mar.11, 2014)
This might be the late patch for IE.
http://support.microsoft.com/kb/2964358 (May 1, 2014)
Apparently I picked that up at the same time as KB2936068.
http://support.microsoft.com/kb/2936068 (Apr.8, 2014)
The last two are not cumulative, so you could install
those three in date order. That is, unless you
can find a cumulative later than Mar.11, 2014.
I wonder how the Windows Update mechanism, keeps track
of these patches that are being thrown aside ? Sounds
pretty messy. How would Windows Update know which
ones to invalidate or toss ?
Paul
M
micky
This list looks a lot like my list, but has more info, and it looks
something like my descriptions of what I found when I clicked on
details, but not quite. Did you just combine my descriptions with my
list, or did you get your lines somewhere else?
Slap myself in the forehead. I noticed that wrt to the laptop, but
somehow missed that fact about the desktop.
I have the PowerPoint Viewer. So is that why Belarc though I should
have the update? You say it pulls in 15 patches, but without Office, I
don't actually need them, iiuc, right? But what about Open Office,
doesn't that have vulnerabilities too? It will update when I start it?
But can an exploit run before the update finishes?
Thanks again. I'll do the earliest one at least tomorrow.
Good question.
P
Paul
micky said:
The Baseline Security Analyser seems to think that the
libraries that the Office Viewers use, bear similarities
to the paid version of Office. Which is why my machine
wanted so many of them. I don't know if yours will
need fewer, with only PowerPoint Viewer. OpenOffice or
LibreOffice are entirely different animals, free software,
and Microsoft doesn't patch them. You download newer versions
if you want to fix those.
And I just Googled your numbers, like this, to find stuff.
site:microsoft.com Q2565063
One search engine couldn't find the VirtualPC one,
but google.com did.
I only used the following link in the last few months, to
check my system, so my PowerPoint Viewer went without patches
for a long time
I pulled in all those patchesmanually, by Googling them and downloading them
from Microsoft. My MBSA run is relatively clean now.
Down to a thing or two maybe. I might have been missing
about 20+ or so, on my first run. This is roughly equivalent
to Microsoft Update. It could well use the same manifest
files that Microsoft Update or Windows Update uses.
http://technet.microsoft.com/en-us/security/cc184924.aspx
Paul
V
VanguardLH
micky said:
Resetting IE is changing it back to its default SETTINGS. No updates
for anything are uninstalled.
Resetting does disable all add-ons you installed for IE. Those are
there in a default install of IE so they are disabled after a reset.
http://support.microsoft.com/kb/923737
http://windows.microsoft.com/en-us/windows7/Reset-Internet-Explorer-settings
J
J. P. Gilliver (John)
In message <[email protected]>, micky
If Open Office does updates, then presumably yes, provided you've not
disabled them. Microsoft won't do updates for Open Office, of course.
Unfortunately, yes, in theory (for both Microsoft and other's products).
How frequently this actually happens in practice, I don't know.
If Open Office does updates, then presumably yes, provided you've not
disabled them. Microsoft won't do updates for Open Office, of course.
[]
Unfortunately, yes, in theory (for both Microsoft and other's products).
How frequently this actually happens in practice, I don't know.
V
VanguardLH
VanguardLH said:
Oops, should've been ...
"Those are NOT there in a default install of IE ..."
V
VanguardLH
J. P. Gilliver (John) said:
Since the OP installed an Office viewer (and might've installed others,
like for Word) then, yes, they get updated, too, when MS Office [full]
gets updated. The OP *will* need the Office updates if he installed the
viewers.
M
micky
Well that's good. and it corresponds with what I saw.
I don't think I had installed any.
V. added:
Oops, should've been ...
"Those are NOT there in a default install of IE ..."
Thanks to all you guys, Van, Paul, and J.P. I red all the replies,
even if I didnt comment. I"ve learned a lot.