Windows Vulnerabilities Revealed, Patched

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

Proof of concept?

[shinnyo]

Proof of concept? >:)

Re: I don't want to start a holy war here,

[TheOnyx]

Oh, I dunno. I guess I just like the fact that I can play something other than TUX RACER on a WinBox. All joking aside, I've used both Linux and Windows, and if there were more native applications and driver support for Linux, I'd switch to it. So, like, go hound developers and stuff.

Slightly OT, how to apply updates

[yamla]

This is slightly off-topic, I apologise. I have several Windows machines (specifically, Win2k and several XP machines). They are all set to download updates automatically and notify me when they are ready to be installed. However, despite me clicking to install the patches, none of them ever do.

And when I go to windowsupdate.com and try that way, I see the updates and tell the system to go ahead. The updates are downloaded (though some are obviously already in the cache) and the install starts. Part way through, it aborts and I'm told none of the installs were successful and to try again.

Now, this worked in the past. I currently have 'only' 5 critical vulnerabilities to patch. But it's not working now. I've tried removing the download cache area and that didn't help. Is it really time to reformat?

Re:heh

[sebi]

Would you be so kind and write out words the way they are supposed to be written in the future? Poorly obfuscated profanities always give me such a nasty headache.