Contradictions from the experts
by
dstone
·
· Score: 5, Interesting
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Windows Update not working?
by
mtcrowe
·
· Score: 5, Interesting
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..