Microsoft Releases Eight Security Updates 344
Juha-Matti Laurio writes "After a very uncommon break in March Microsoft has just published 8 new security updates. Almost all updates that are a part of the monthly release cycle are rated as 'Critical.' New Windows Shell vulnerability, named as MS05-016 is only 'Important,' but Windows XP Service Pack 2 is affected too, however. This is not the first time when there was something to fix at Shell32.dll.
Vulnerabilities in TCP/IP that could allow remote code execution and denial of service at cumulative bulletin MS05-019 are affecting SP2 too.
Windows Kernel, Exchange, MSN Messenger, Word (Office) and Internet Explorer get their updates as well."
maybe it's me ... (Score:5, Interesting)
Critical Updates Plus Bonus Junk (Score:5, Interesting)
Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)
Download size: 694 KB, 1 minute
This software updates the Background Intelligent Transfer Service (BITS) to v2.0 and updates WinHTTP. These updates help ensure an optimal download experience with new versions of Automatic Updates, Windows Update, and other programs that rely on BITS to transfer files using idle network bandwidth.
How is this critical?
Re:Critical Updates Plus Bonus Junk (Score:5, Interesting)
This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.
Is it critical? No. Helpful? Probably.
silent install (Score:4, Interesting)
--
http://unk1911.blogspot.com [blogspot.com]
Re:Feel safer now? (Score:1, Interesting)
3) Ah, so this is how I've been vunerable for the last month...
At least it's only one month max, but still, we have to wait that long for completed fixes to be released just to make the process seem regular.
I know some people like the regular thing, I would prefer the choice however.
Re:maybe it's me ... (Score:1, Interesting)
Not honouring something you have specifically chosen to ignore sounds like a bug though.
Re:So... (Score:2, Interesting)
Re:So... (Score:1, Interesting)
There's thousands of security updates to thousands of apps every month. It's a normal part of software development to fix bugs and problems and push patches. But we don't hear about those...
This is not newsworthy whatsoever. Just download and apply the patches. Nothing to see here.
Re:WS2K3 SP1 (Score:5, Interesting)
The scary thing is that this fact is worthy of a post, and is informative.
Patches that do not break anything should be the rule, not the exception.
Re:One wonders... (Score:2, Interesting)
So, My Fedora Core 3 Install just got 30+ (Score:4, Interesting)
Patches up
Re:Critical Updates Plus Bonus Junk (Score:3, Interesting)
This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.
Is it critical? No. Helpful? Probably.
So, theoretically, while attempting to attack Joe User's new machine, you could simultaneously DoS him so that his machine doesn't have any idle bandwidth, and won't download any patches until you've completed your attack?