Skip to comments.Five important fixes in MS December patch batch
Posted on 12/15/2004 10:27:15 AM PST by ShadowAce
Microsoft's regular monthly patch delivery slipped into port yesterday carrying five new patches, each described by Redmond as "important".
First up there's a flaw (MS04-041) in WordPad that potentially allows malicious code to be executed. All flavours of Windows (XP, 2000, 2003 and NT) need patching. A vulnerability (MS04-043) in the HyperTerminal component of Windows similarly affects all versions of Windows.
But a security bug in DHCP (Dynamic Host Configuration Protocol) that might allow remote code execution and denial of service affects only Windows NT (MS04-042).
Next up we have Vulnerabilities in Windows Kernel and Local Security Authority Subsystem (LSASS) which create a means for hackers to elevate their privileges (MS04-044). Again all flavours of Windows are affected.
Lastly, there a vulnerability in Windows Internet Naming Service (WINS) that could allow remote code execution (MS04-045).
Buffer overflow bugs are the culprit for almost all of these vulnerabilities.
Microsoft's most important December patch came earlier this month when it broke with its normal cycle to release a fix for the IFRAME vulnerability in IE, infamously exploited by the Bofra worm. Unsurprisingly this fix (MS04-040) is a "critical" update for all versions of Windows bar Win XP SP2 and Windows 2003. ®
Microsoft Patch Ping!
Microsoft - where quality is job 1.6
Just patched my two PCs last night. This one isn't too big. There was of course, the obligatory "you must reboot" message afterwards :).
My rig auto-updated these this morning. You are correct, it wasn't real big.
LOL!!! Even WINS was screwed up. Nice one!
Microsoft recently posted several updates to their Windows XP operating system. These updates require that your system be restarted. The restart takes a significant period of time (10 to 20 minutes) during which it seems as though the system has stalled or "locked up." Please do not power cycle the system during this process, simply be patient and let the operating system go through its necessary cycle.Anyone now to which XP update he is referring?
We have taken measures to prevent the updates from being distributed to any other systems.
If you have not yet received the updates and you receive a prompt asking to accept or decline them, do not accept the updates until further notice. If you have already accepted but not yet restarted your system, do not restart system unless absolutely necessary.
Supervisors should alert ________ to this issue in the event their systems are having problems.
If you are having any problems regarding these particular updates please notify _____ (reply to this message) so that we can take prompt corrective action.
We will be sending another message indicating when you can again accept the windows updates.
Thanks for your cooperation in this matter.
Most certainly both. I wonder what his caution is. Internal testing maybe?
Yeah like that one huh... I was laughing at that mysleff.
I've patched my desktop with the new patches and it is running fine, (even with sp02).
My laptop does not have SP02, (service pack 2) on it yet.
Is loading SP02 a bad idea?
I've got SP2 on my laptop, haven't had any problems with it.
You'd think that with all the publicity surrounding buffer overflows, they would all be fixed by now.
"This program has performed an illegal operation"
MS doesn't have enough fingers to fill all of the holes in the damn. Fix one hole, another one leaks.
I still cannot get over the fact that the same kind of booger-eaters who create viruses, exploit flaws, hack, spam, etc. -- develop the "patches".
All your patched holes are belong to them!
After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet.
This problem occurs because of the way that Windows Firewall interprets local subnets when the ³My network (subnet) only² option is used. Windows Firewall is included with Windows XP SP2.
Because of the way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet. This can let anyone on the Internet access the Windows Firewall exceptions. When the "My network (subnet) only" option is enabled, it is automatically selected for file and print sharing. Therefore, your shared drives can be unexpectedly revealed on the Internet when you use a dial-up connection.
To resolve this problem, you must download and install the Critical Update for Windows XP (KB886185)
...how many ways can Redmond say "oops?"
Ah, yes, the now-famous "patch Tuesday." One bit of advice - 04-45 is classified as "Important," and not "Critical" only because it only applies to WINS servers. If you got a couple of those, it's Critical. That's the big one in this bunch, IMHO, and Microsoft's kinda soft-pedaling it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.