Microsoft Rereleases Patch to Fix Problems

← Back to Stories (view on slashdot.org)

Microsoft Rereleases Patch to Fix Problems

Posted by CowboyNeal on Thursday March 11, 2004 @11:48AM from the if-at-first-you-don't-secure dept.

AbdullahHaydar writes "From CRN: 'One day after releasing a fix for an Office XP flaw, Microsoft upgraded the severity of the vulnerability to critical and re-issued a new patch to address a new attack scenario discovered in the last 24 hours.' The funny thing is that the second bug they missed with the first fix is 'critical' whereas the original bug the fix was for is 'important.'"

7 of 226 comments (clear)

Min score:

Reason:

Sort:

More information on the vulnerability by windows · 2004-03-11 11:51 · Score: 5, Informative

More information on the vulnerability can be found here.
They did not re-issue a new patch! by Nevo · 2004-03-11 12:03 · Score: 4, Informative

It's the same patch they released yesterday. They just discovered it's more serious than they first thought, so they released the same binaries with a higher severity.
http://www.microsoft.com/technet/security/bullet in/ms04-009.mspx
Read the revisions section
Anyone else notice... by ManxStef · 2004-03-11 12:15 · Score: 4, Informative

...the broken PGP signature on the e-mail update Microsoft sent round relating to this? (The original was fine.) Just seemed a bit sloppy from a company who's now supposed to be taking security so seriously is all...
BTW The Register chastised MS for marking the original as only "important", looks like they were right on the money!
Must have CD to install by ccnull · 2004-03-11 12:25 · Score: 5, Informative

How aggravating that many people won't install these service packs because Microsoft requires you have the original CD to install them.

There is a workaround: Download the larger (the 58MB one with "fullfile" in the name) file on this page here and you can do the update without a CD.

--
filmcritic.com - Movie reviews on Internet time
1. Re:Must have CD to install by ccnull · 2004-03-11 12:48 · Score: 4, Informative
  
  ... on second analysis, this method has now failed on 2 different machines -- both of which asked me for the CD despite being eligible for the CD-free patch per Microsoft's own rules. Use at your own risk, folks! (And apologies if I led anyone astray...)
  
  --
  filmcritic.com - Movie reviews on Internet time
Re:new method by value_added · 2004-03-11 13:29 · Score: 4, Informative

FWIW, you can use Microsoft's qchain utility that purportedly allows you to apply several patches a single reboot. Haven't tried it yet, as my hours are still being spent trying to figure out what patches I need on my systems. Seems that between the Windows update site, the HFNetChk commandline utility, and a handful of patch management programs I've been looking at, I'm getting a variety of results as to what's needed and what's been installed.

If anybody has any favourite suggestions for managing this mess, I'm all ears.
Re:Patch requires install CDs by enosys · 2004-03-11 13:37 · Score: 4, Informative

Office XP SP3 also fixes the problem. You can get a version of SP3 that doesn't require access to the install CDs:
OfficeXpSp3-kb832671-fullfile-enu.exe 58925 KB