Nakodari over at Addictive Tips has created a small software program called MSE Update Utility which can be used to update Microsoft Security Essentials even if Windows Update is disabled.

The update intervals of the software can be selected in the main interface after startup. The choices are daily, weekly, monthly or on startup with the additional option to add the program to Windows startup. The program could be an interesting option for users who cannot use Windows Update to update Microsoft Security Essentials. It seems though that the update tool needs to be running in the background to update the virus definitions. A better solution would be to either run and quit after updating the definition files or use the Windows Task Scheduler to schedule the updates.

Related posts

• Repair Microsoft Security Essentials (2)
• Offline Update 6 Adds Linux Support (3)
• Microsoft Security Essentials Rated Highly In AV-Comparatives Test (6)
• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Final Available (7)

Microsoft Windows and Microsoft Office users are encouraged to update their computer systems as soon as possible to protect the PCs from possible exploits that could attack the systems successfully. The usual options to download the patches are provided including automatic updates, Windows updates, Microsoft update or manually by following the links posted in the different security bulletins.

• MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) – This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability.
• MS09-064 – Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) – This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
• MS09-065 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) – This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker’s site.
• MS09-066 – Vulnerability in Active Directory Could Allow Denial of Service (973309) – This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
• MS09-067 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) – This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-068 – Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) – This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Detailed information are available in the security bulletins linked above or at the security bulletin summary page here.

Related posts

• Microsoft Security Updates April 2009 (2)
• Microsoft Patch Tuesday December 08 (3)
• Windows Security Updates September 2008 (0)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)

Windows 7 shipped with DirectX 11 and Microsoft promised to deliver the new version of DirectX to Windows Vista users as well. Microsoft kept their promise and Windows Vista users are now able to download a so called platform upgrade for their operating system which adds DirectX 11 to it.

The easiest way to obtain the update is from Windows Update. The platform update will not only update DirectX but add a series of other improvements to Windows Vista and Windows Server 2008:

• Windows Graphics, Imaging, and XPS Library – The Windows Graphics, Imaging, and XPS Library enables developers to take advantage of the advancements in modern graphics technologies for gaming, multimedia, imaging, and printing applications
• Windows Automation API – The Windows Automation API enables accessibility tools and test automations to access the Windows user interface in a consistent way across operating system versions.
• Windows Portable Devices Platform (Vista only) – The Windows Portable Devices Platform supplies the infrastructure to standardize data transfers between an application and a portable device, such as a mobile phone, a digital camera, or a portable media player.
• Windows Ribbon and Animation Manager Library – The Windows Ribbon and Animation Manager Library contains the following features:Windows Ribbon API, a command framework that enables developers to quickly and easily create rich ribbon experiences in their applications and Windows Animation Manager API, an animation framework for managing the scheduling and execution of user interface element animations

Additional information are available at the Microsoft Knowledgebase.

Related posts

• Windows Vista SP1 all languages released (3)
• Windows Live Movie Maker Updated (5)
• Windows 7 to ship in 2009 ? (17)
• Windows 7 OEM Activation Crack Already In The Wild (13)
• Windows 7 Milestone 1 leaked (4)

Adobe on the other hand plans to release security patches for its popular PDF reader Adobe Reader that are also rated critical. The updates will all be released tomorrow and system administrators will certainly their hands full updating the computer systems that run the software and operating systems.

A closer look at the Microsoft Patch Day reveals eight critical security vulnerabilities and five important vulnerabilities that will get fixed with the patches that are released tomorrow. The majority of vulnerabilities affects the Windows operating system but it does also include one critical Internet Explorer vulnerability.

System administrators and Windows users are encouraged to visit the two websites linked above for further information. These websites will also contain the links to patch the security vulnerabilities. Windows users can also use Windows Update, Microsoft Update or Automatic Updates to update their operating system.

Related posts

• Microsoft Security Patches for June 2009 (12)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Windows Vulnerability Scanner (4)
• Windows Vista SP1 all languages released (3)
• Windows Update Fix (3)

Microsoft has released two charts that show the severity and exploitable index and the deployment priority. The former interesting for all users while the latter probably only for network administrators.

• Microsoft Security Bulletin MS09-045 – Critical – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-046 – Critical – Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) – This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-047 – Critical – Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) – This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-048 – Critical – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) – This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
• Microsoft Security Bulletin MS09-049 – Critical – Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) – This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.

The patches can be download and applied by visiting the pages that are linked above or by using any of the update options that are provided by Microsoft operating systems including Windows Update, Automatic Updates or Microsoft Updates. Additional information can be found at the Microsoft Technet page.

Related posts

• Windows Security Updates September 2008 (0)
• Microsoft Security Patches for June 2009 (12)
• Block windows update from automatic updating to IE7 (1)
• Windows Vista SP1 all languages released (3)
• Windows Vista Service Pack 2 RC Download (6)

The second issue that the Internet Recovery Kit addresses is broken SSL support which usually comes in the form of not being able to connect to HTTPS websites properly. This too can be problematic as many financial websites and shopping websites use https for improved security.

Rizone’s Internet Recovery Kit can be used to fix both issues that have been described in the last two paragraphs. All the user needs to do is to press the right button in the software program to initiate the fix. While there is no guarantee that the program can fix the problem the chance is good that it can.

Users who want to repair Windows Update and Automatic Updates on their computer system can press the Repair WU/AU button to do so. The program will display the progress in the log at the bottom of the interface. The log can also be used to analyse what has been done to fix the problem. The Repair SSL / HTTPS button on the other hand will initiate the repair of these components in the Windows operating system.

Rizone’s Internet Recovery Kit is compatible with Windows XP, Windows Vista and Windows 7. It is a fine addition for every computer repair toolkit thanks to its portable nature, ease of use and success rate.

Related posts

• Block windows update from automatic updating to IE7 (1)
• Windows Update Error services not running (16)
• Windows Security Updates September 2008 (0)
• Update Windows with Offline Update (23)
• Steps to take before you install Windows XP Service Pack 3 (5)

The easiest way to download and install the patches is by pointing the Internet Explorer web browser to Microsoft Update which will automatically detect and install the available patches for the computer system. Other possibilities include downloading the security patches from Microsoft Download Center from where they are available as well.

Six vulnerabilities have been rated as critical, three as important and one as moderate. Critical security vulnerabilities can usually be exploited for remote code execution meaning it is essential to fix these vulnerabilities quickly. You can follow the links below for additional information about each vulnerability.

• MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 – Cumulative Security Update for Internet Explorer (969897)
• MS09-020 – Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
• MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-023 – Vulnerability in Windows Search Could Allow Information Disclosure (963093)
• MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-025 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 – Vulnerability in RPC Could Allow Elevation of Privilege (970238)
• MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

Related posts

• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Windows Vulnerability Scanner (4)
• Microsoft updates two critical security patches (5)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches April 2008 (0)

The portable software program will display a list of supported operating systems (Windows 2000, Windows XP, Windows Server 2003, Windows XP, Windows Vista and Windows Server 2008) and dozens of supported languages.

A second tab contains the same options for Microsoft’s Office suites (Office 2000, Office XP, Office 2003 and Office 2007). Below that selection are several additional options that include the following:

• Excluding Service Packs
• Verifying downloads
• Including the .net Framework 3.5 SP1
• ISO image creation per selected product and language or per selected language
• Copying updates to USB

Offline Update can be downloaded directly from the (German) homepage of the software developer. The software itself uses an English language interface.

Related posts

• January 2009 Microsoft Security Bulletin (1)
• Youtube Video Search Is A Barebone Youtube Downloader (2)
• Xkcd Comic Wallpaper Changer (2)
• Wireless Networking Software Homedale (13)
• Windows XP: Default Internet Browser Per User Profile (0)

• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
• Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
• Cumulative Security Update for Internet Explorer (963027)
• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

The easiest way to update is by visiting Windows Update or Microsoft Update. Please read our Windows Update Fix article if Windows Update is not working properly on your computer system. Alternatives are so called offline updates like Offline Update, Autopatcher or Update Windows Without Microsoft.

It is recommended to update the computer system as soon as possible to close the vulnerabilities.

Related posts

• Microsoft Security Updates November 2009 (2)
• Windows Security Updates September 2008 (0)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Microsoft August 2008 Security Updates (0)
• January 2009 Microsoft Security Bulletin (1)

Windows Update can cause problems on some computer systems. The first and probably most common problem that is encountered is the error message “The site cannot continue because one or more of these Windows services is not running” (read: Windows Update Error services not running for a detailed explanation). This message is caused by several Windows Services that need to be set to specific parameters for Windows Update to work.

One of these services that are required for Windows Update to function properly is Bits, the Background Intelligent Transfer Service. Bits can cause additional problems on some computer systems especially after uninstalling software programs like antivirus or security programs or after an infection and removal of computer viruses and other malicious software. Most users will experience the following: Bits is not running on the computer system and the attempt to start it will result in an error message. The error messages can vary and it is probably a good idea to perform a search for the error on the Internet.

Another solution is to use the Fix Windows Update program that has been specifically designed to fix problems with Bits and Windows Update. Here are the instructions on how to use the program:

• First click “Open Services Window”.
• After the window has been opened, find a Service called “BITS” and see if it is running.
• If it is, this program cannot help you, and you can exit the program.
• If it is not running, close the Services window and click on “Start BITS”.
• If it is successful, this program has helped you and you can close the program.
• If starting the BITS fails, continue with other 2 buttons.

Start by clicking on the Phase 1 button. A popup will appear if the program was able to fix and start Bits. If this did not work continue by pressing the Phase 2 button. This will take longer and should result in a popup containing the information that Bits started running again. There might be cases where the Fix Windows Update program is not successful in restoring the Windows Update functionality. The only possible solution in this case is research on the Internet to find the cause of the problem.

Users who are desperate to update their Windows operating system can use the following tools to do so even if Bits and Windows Update are not working: Windows Offline Update, Update Windows Without Microsoft or Autopatcher.

Related posts

• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)
• Windows Vista SP1 all languages released (3)
• Windows Updates Downloader (6)
• Windows Update Error services not running (16)
• Windows Tip: Don’t replace any files while copying (10)

The main advantages of exFAT in comparison to FAT32 are the removal of the 4 GB file size limit and support for hard drives with large capacities (recommended maximum sizes for both are 512 TB). The exFAT file system driver will add the option to format removable media with the exFAT file system to take advantage of it. The file system is using a smaller disk space overhead than the NTFS file system. Users reported a disk space overhead of only 96 Kilobytes on a 4 Gigabyte flash drive after formattting it with the exFAT file system. The NTFS file system used more than 47 Megabytes of space for overhead.

Interested users can download the exFAT file system driver update directly from Microsoft to add exFAT file system support to their operating system.

The exFAT file system driver incorporates the following advanced structures to improve performance:

* A cluster bitmap for fast allocation
* A per-file contiguous bit for fast file access
* Better contiguous on-disk layout (useful for recording movies)
* Support for Universal Coordinated Time (UTC) time stamps

The exFAT file system driver is designed for extensibility to enable the file system to keep pace with innovations in storage and changes in usage and to enable OEMs and ISVs to add extensions seamlessly. Specifically, exFAT adds the following features:

* Adds template-based metadata structures to enable custom extensions
* Enables implementations to persist these extensions without having to know their format

The exFAT file system driver adds increased compatibility with flash media. This includes the following capabilities:

* Alignment of file system metadata on optimal write boundaries of the device
* Alignment of the cluster heap on optimal write boundaries of the device

The prerequisites for the update are an installation of Windows XP Service Pack 2 or Service Pack 3.

Related posts

• Steps to take before you install Windows XP Service Pack 3 (5)
• Still running Fat32 ? Time to convert to NTFS (3)
• Project Dakota Full Windows XP Update CD (7)
• Hide Information in Files (0)
• Format an USB Device as NTFS in Windows XP (6)

The security bulletin resolves three vulnerabilities in Microsoft Server Message Block (SMB) Protocol which could allow remote code execution on affected systems. An attacker could run programs, create new user accounts and view, change or delete data on the computer system. It is interesting to note that Windows 7 is affected as well even though it is not mentioned in the security bulletin.

The security vulnerability would be rated as moderate for the upcoming operating system which is why Microsoft will not provide a patch at the current time (They chose to only patch critical security vulnerabilities immediately). A patch will be released with the next public release of Windows 7.

Patches can be applied as usual through the various official update channels.

Related posts

• Offline Update 6 Adds Linux Support (3)
• Microsoft Security Updates April 2009 (2)
• Windows Update Fix (3)
• Microsoft Patch Day March 2009 (4)
• Windows XP Service Pack 3 Uxtheme.dll patch (41)

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

Related posts

• Microsoft Security Updates November 2009 (2)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Updates April 2009 (2)

The updates are available for pretty much every Windows operating system from Windows XP to Windows Server 2008. The easiest way to download the security updates is to use the official Windows Update server from Microsoft, Automatic Updates or direct downloads from the Microsoft Download Center.

Below are the names of the Microsoft Security Bulletin and the links to the Microsoft Security Bulletin website.

• Microsoft Security Bulletin MS08-052 – Critical – Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
• Microsoft Security Bulletin MS08-053 – Critical – Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
• Microsoft Security Bulletin MS08-054 – Critical – Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
• Microsoft Security Bulletin MS08-055 – Critical – Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Related posts

• Microsoft Security Updates for June 2008 (0)
• Steps to take before you install Windows XP Service Pack 3 (5)
• Project Dakota Full Windows XP Update CD (7)
• Microsoft Security Updates October 2009 Online (3)
• Microsoft Security Updates April 2009 (2)

The update applies to all editions of Windows Vista and Windows Server 2008. Probably even better than having to download a 56 Megabyte file for five additional words is the fact that the computer has to be restarted after updating the operating system.

The explanation on the other hand is quite boring. The update replaces the dictionary files with the updated versions meaning the user is actually downloading the full dictionary files and not just a patch that adds the five words to them.

Most users on the other hand will probably never use those five words anyway, lets hope that this update will be optional and not mandatory.

Related posts

• XP SP3 and Vista SP 1 available through Windows Update (6)
• Windows Vista Upgrade Advisor (0)
• Windows Vista SP1 Refresh 2 is out (2)
• Windows Vista SP1 Download (12)
• Windows Vista SP1 breaks applications (2)

Microsoft suggests a minimum hard drive space of 1500 Megabytes on the system partition when installing the Service Pack from the Microsoft Download Center or 1100 Megabytes when installing it from a shared network drive. The page lists two updates that, when installed, will make the installation of the Service Pack fail. Those updates are the Microsoft Shared Computer Toolkit and Remote Desktop Connection (RDP) 6.0 MUI pack (Update 925877 for Windows XP).

If you have installed one or both you need to uninstall them to install the Service Pack. Last but not least it is required to make sure that security software like antivirus applications do not interfere when installing the Service Pack.

The page lists the most common error messages that user receive when updating Windows XP to Service Pack 3, among them are:

• You do not have enough free disk space on %SystemDrive% to install Service Pack 3.
• You do not have enough free disk space on %SystemDrive% to archive the uninstall files
• Service Pack 3 setup error. Access is denied
• You do not have permission to update Windows XP
• Digital Signature Not Found
• Setup could not verify the integrity of the file Update.inf
• Failed to install catalog files
• The software you are installing has not passed Windows Logo testing
• Service Pack 1 Setup could not verify the integrity of the file
• Internal Error
• This Service Pack requires the machine to be on AC Power before setup starts.
• Service Pack 3 installation did not complete
• Microsoft Windows XP Professional Service Pack 3 cannot be applied to Windows Fundamentals for Legacy PCs
• Microsoft Windows XP Professional Service Pack 3 cannot be applied to Windows Embedded for Point of Service
• Setup has detected that another update is in progress.

The blogs and forums are full of users who report problems after trying to upgrade Windows XP to Service Pack 3.

Related posts

• Official Windows XP Service Pack 3 Download Links (85)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• Windows XP Service Pack 3 leaked (6)
• Project Dakota Full Windows XP Update CD (7)
• Microsoft issues Windows XP Service Pack 3 Update Fix (5)

Microsoft today released the Windows Vista Service Pack 1 again this time for all 36 supported languages. This release is available in Windows Update or by downloading it directly from the Microsoft website. Here are the 32-bit and 64-bit download links of Windows Vista Service Pack 1. There is also a DVD release of Windows Vista Service Pack 1 that contains both the 32-bit and 64-bit updates. To make matters worse Microsoft released the service pack 1 in iso format and exe format and it really looks a bit confusing if you are a new user, but I guess that’s why Windows Update has been created.

The iso images of Windows Vista Service Pack 1 have to be burned to CD and DVD and can be installed from those after burning them. On the other hand, if you are not going to install the service pack on more than one computer Windows Update might be the easier way to download and install it.

Related posts

• Windows Vista Service Pack 1 Update Errors (1)
• Block installation of Windows XP SP3 and Vista SP1 (4)
• Adding 5 Words With A 56 Megabyte Windows Update (7)
• Yuck new Windows Vista Ultimate Extras (20)
• XP SP3 and Vista SP 1 available through Windows Update (6)

Project Dakota is another way of obtaining the latest updates for Windows XP. The project can be downloaded as a CD containing all updates found on the Microsoft website for Windows XP 32-bit including Service Pack 2 and some other useful programs like Spybot Search & Destroy.

The good thing about this is that you can download the Iso, burn it to CD and install it on as many computers running Windows XP as you like. You make a few selections at the beginning but all updates are installed silently afterwards which means they require no user interaction.

New versions of the Project Dakota iso will be released each month which unfortunately have to be downloaded again. That’s probably the biggest disadvantage of this approach.

There is no information on the kind of updates and software included on the CD until you download the iso and burn it. The independent programs are the following:

adaware
adobereader
apps
avgas
avgav
Firefox
flash
java
quicktime
spybot
vnc
Bginfo
CWShredder
portmon
procmon
psexec
psfile
psgetsid
psinfo
pskill
pslist
psloggedon
psloglist
pspasswd
psservice
psshutdown
pssuspend
SmitfraudFix
whois

Related posts

• Steps to take before you install Windows XP Service Pack 3 (5)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• Windows XP Service Pack 3 leaked (6)
• Windows Vista Critics Love Windows Mojave (44)
• Windows Update Error services not running (16)

Autopatcher has been closed down by Microsoft. There is an alternative, a great one that can be used instead. It is called c’t Offline Updater. It supports Microsoft Windows 2000, Windows XP, windows Server 2003, 64-bit editions of XP and Server 2003 as well as Windows Vista. Besides the operating systems it also supports Office 2000, Office XP, Office 2003 and Office 2007. As you can see from the screenshot below lots of different languages are supported as well.

The user has the option to exclude service packs and to create iso images, either one CD iso for every operating system or Office edition or one DVD iso that contains all the patches. A click on start begins the download process which can take some time. When the download finishes you find the created iso(s) in the /iso subdirectory.

You can then burn the iso and start it directly in Windows. Several options are presented when you execute UpdateInstaller.exe. The script asks if you want to create backups, install Internet Explorer 7, automatically reboot and recall or show the log file.

A click on start begins the update process. The Offline Update is an excellent way to download all patches for your operating system in one go.

Related posts

• Battle of the Software Updaters (12)
• Zip Repair (3)
• Zen Key An All Purpose Application Manager (3)
• Youtube Batch Downloader (13)
• Yahoo Widget Position Restorer (1)

I decided to list all patches with links to their downloads at the Microsoft website to make it easier to install all those patches if you do not want to use Windows Update. Remember that those patches fix serious vulnerabilities and should be installed immediately:

Installing those patches manually will take some time. Below are links that display a page listing the affected softwares and links to the patches.

• Microsoft Security Bulletin MS07-042 (critical) – This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-043 (critical) – This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-044 (critical) – This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-045 (critical) –

  This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Microsoft Security Bulletin MS07-046 (critical) – This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Microsoft Security Bulletin MS07-050 (critical) – This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-047 (important) – This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-048 (important) – This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS07-049 (important) – This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.

Related posts

• Windows Vista SP1 all languages released (3)
• Windows Update Fix (3)
• Windows Security Updates September 2008 (0)
• Steps to take before you install Windows XP Service Pack 3 (5)
• Project Dakota Full Windows XP Update CD (7)