Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Eight Security Updates

Posted by CowboyNeal on from the locking-down dept.

Juha-Matti Laurio writes "After a very uncommon break in March Microsoft has just published 8 new security updates. Almost all updates that are a part of the monthly release cycle are rated as 'Critical.' New Windows Shell vulnerability, named as MS05-016 is only 'Important,' but Windows XP Service Pack 2 is affected too, however. This is not the first time when there was something to fix at Shell32.dll. Vulnerabilities in TCP/IP that could allow remote code execution and denial of service at cumulative bulletin MS05-019 are affecting SP2 too. Windows Kernel, Exchange, MSN Messenger, Word (Office) and Internet Explorer get their updates as well."

9 of 344 comments (clear)

  1. maybe it's me ... by icebrrrg · · Score: 5, Interesting

    ... but after using the "windows update" utility in XP and 2000/2003 server for some time, and being a newbie to fedora (new servers in my home lab), i find the MS utilities muuuuuch easier to use than the fedora update manager. once i say no to an update, that choice stays "no" ... i have to always say no to unwanted updates in fedora (even tho they're on my ignore list). am i a feeble n00b, or could the linux distros learn a thing or two from MSFT?

    --
    nothing worth possessing isn't possessed. or something.
  2. Critical Updates Plus Bonus Junk by pycnanthemum · · Score: 5, Interesting

    Glad I don't do "Auto Install"...hidden way at the bottom of the list of things Windows wanted to update was...

    Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)
    Download size: 694 KB, 1 minute
    This software updates the Background Intelligent Transfer Service (BITS) to v2.0 and updates WinHTTP. These updates help ensure an optimal download experience with new versions of Automatic Updates, Windows Update, and other programs that rely on BITS to transfer files using idle network bandwidth.

    How is this critical?

    1. Re:Critical Updates Plus Bonus Junk by stinerman · · Score: 4, Interesting

      If I'm not mistaken, it allows the auto-update feature to only use idle bandwidth when downloading new updates.

      This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.

      Is it critical? No. Helpful? Probably.

    2. Re:Critical Updates Plus Bonus Junk by Theaetetus · · Score: 2, Interesting
      If I'm not mistaken, it allows the auto-update feature to only use idle bandwidth when downloading new updates.

      This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.

      Is it critical? No. Helpful? Probably.

      So, theoretically, while attempting to attack Joe User's new machine, you could simultaneously DoS him so that his machine doesn't have any idle bandwidth, and won't download any patches until you've completed your attack?

  3. silent install by unk1911 · · Score: 4, Interesting

    last night, i got a popup message saying "updates were applied to your system and it will be rebooted in 5 minutes" - i tried to kill that process but it kept respawning. is that related to these patches? weird, i thought i had autoupdate disabled..

    --
    http://unk1911.blogspot.com

  4. Re:So... by sagekoala06 · · Score: 2, Interesting

    I always seem to have at least one windows box at home ... and quite frankly I'm glad slashdot gives me the heads up for updates. Its because of this that i was able to completly avoid the whole sasser etc aound of worms on my machine. I see the heads up, and in a few weeks i see the havoc that they unleashed on the net. then i have to go to my girlfriends place and fix her machine because she doesn't read slashdot and god only knows she isn't going to listen to me!

  5. Re:WS2K3 SP1 by ookaze · · Score: 4, Interesting

    Five servers so far, and all of them have worked after the update. I'm far from a MS fan, but I have no problem admitting when they've done a good job.

    The scary thing is that this fact is worthy of a post, and is informative.
    Patches that do not break anything should be the rule, not the exception.

  6. Re:One wonders... by curufinwe741 · · Score: 2, Interesting

    Keep in mind the fact that Windows XP consists of roughly 45 million lines of code. Considering this, I think it puts into perspective what a gargantuan task testing and patching truly is, and gives me a little more understanding of holes in the OS.

  7. So, My Fedora Core 3 Install just got 30+ by MerlynEmrys67 · · Score: 3, Interesting

    Why is this news at all ?
    Patches up

    --
    I have mod points and I am not afraid to use them