Microsoft Releases Eight Security Updates

Juha-Matti Laurio writes "After a very uncommon break in March Microsoft has just published 8 new security updates. Almost all updates that are a part of the monthly release cycle are rated as 'Critical.' New Windows Shell vulnerability, named as MS05-016 is only 'Important,' but Windows XP Service Pack 2 is affected too, however. This is not the first time when there was something to fix at Shell32.dll. Vulnerabilities in TCP/IP that could allow remote code execution and denial of service at cumulative bulletin MS05-019 are affecting SP2 too. Windows Kernel, Exchange, MSN Messenger, Word (Office) and Internet Explorer get their updates as well."

maybe it's me ...

[icebrrrg]

... but after using the "windows update" utility in XP and 2000/2003 server for some time, and being a newbie to fedora (new servers in my home lab), i find the MS utilities muuuuuch easier to use than the fedora update manager. once i say no to an update, that choice stays "no" ... i have to always say no to unwanted updates in fedora (even tho they're on my ignore list). am i a feeble n00b, or could the linux distros learn a thing or two from MSFT?

Critical Updates Plus Bonus Junk

[pycnanthemum]

Glad I don't do "Auto Install"...hidden way at the bottom of the list of things Windows wanted to update was...

Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)
Download size: 694 KB, 1 minute
This software updates the Background Intelligent Transfer Service (BITS) to v2.0 and updates WinHTTP. These updates help ensure an optimal download experience with new versions of Automatic Updates, Windows Update, and other programs that rely on BITS to transfer files using idle network bandwidth.

How is this critical?

Re:Critical Updates Plus Bonus Junk

[stinerman]

If I'm not mistaken, it allows the auto-update feature to only use idle bandwidth when downloading new updates.

This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.

Is it critical? No. Helpful? Probably.

silent install

[unk1911]

last night, i got a popup message saying "updates were applied to your system and it will be rebooted in 5 minutes" - i tried to kill that process but it kept respawning. is that related to these patches? weird, i thought i had autoupdate disabled..

--
http://unk1911.blogspot.com [blogspot.com]

Re:Feel safer now?

[Anonymous Coward]

I'm more of a scenario 3 guy.

3) Ah, so this is how I've been vunerable for the last month...

At least it's only one month max, but still, we have to wait that long for completed fixes to be released just to make the process seem regular.

I know some people like the regular thing, I would prefer the choice however.

Re:maybe it's me ...

[Anonymous Coward]

That's a bad thing, isn't it? If you say no to a 20MB download because you are on dialup, and when you get home and plug into your broadband, the right thing to do would be to ask you again, wouldn't it?

Not honouring something you have specifically chosen to ignore sounds like a bug though.

Re:So...

[sagekoala06]

I always seem to have at least one windows box at home ... and quite frankly I'm glad slashdot gives me the heads up for updates. Its because of this that i was able to completly avoid the whole sasser etc aound of worms on my machine. I see the heads up, and in a few weeks i see the havoc that they unleashed on the net. then i have to go to my girlfriends place and fix her machine because she doesn't read slashdot and god only knows she isn't going to listen to me!

Re:So...

[Anonymous Coward]

I'm wondering too. Every month they have security updates for all their OS'es. It's known that it takes them time to patch things, but here they're actually doing it, so you can't blame them.

There's thousands of security updates to thousands of apps every month. It's a normal part of software development to fix bugs and problems and push patches. But we don't hear about those...

This is not newsworthy whatsoever. Just download and apply the patches. Nothing to see here.

Re:WS2K3 SP1

[ookaze]

Five servers so far, and all of them have worked after the update. I'm far from a MS fan, but I have no problem admitting when they've done a good job.

The scary thing is that this fact is worthy of a post, and is informative.
Patches that do not break anything should be the rule, not the exception.

Re:One wonders...

[curufinwe741]

Keep in mind the fact that Windows XP consists of roughly 45 million lines of code. Considering this, I think it puts into perspective what a gargantuan task testing and patching truly is, and gives me a little more understanding of holes in the OS.

So, My Fedora Core 3 Install just got 30+

[MerlynEmrys67]

Why is this news at all ?
Patches up

Re:Critical Updates Plus Bonus Junk

[Theaetetus]

If I'm not mistaken, it allows the auto-update feature to only use idle bandwidth when downloading new updates.

This is good for Joe User who is trying to surf on a 56k modem while downloading 10MB of updates. ISPs probably got calls of "the internet being slow", likely due to auto-update running while they were trying to surf.

Is it critical? No. Helpful? Probably.

So, theoretically, while attempting to attack Joe User's new machine, you could simultaneously DoS him so that his machine doesn't have any idle bandwidth, and won't download any patches until you've completed your attack?