Posted on 10/19/2005 10:54:59 AM PDT by Prime Choice
Some computer administrators are reporting issues with Microsoft's latest security update which is designed to fix a critical flaw in Windows.
The SANS Internet Storm Centre warned that in some cases security update MS05-051 will cause a host of problems, including blocking access to the Microsoft update website, displaying a blank log-in screen without icons, and issues with Office applications.
A Microsoft spokeswoman confirmed the glitch to vnunet.com, explaining that the problems are "isolated deployment issues" and that the company is working with the affected users to resolve the issue.
Microsoft issued the security bulletin and patch on 11 October. The bulletin describes a vulnerability rated 'critical' in the MSDTC and COM+ components of Windows. Unpatched systems are susceptible to attacks that could allow them to be taken over by cyber-criminals.
Early reports suggest that worm authors have already crafted malware that exploits the security hole described in the bulletin.
The problems with the security patch affect users that have changed the default settings of the COM+ catalog files, Microsoft said in a Knowledge Base article published on Friday.
The problem occurs in Windows XP, 2000 and Server 2003. The document also provides instructions on how to revolve the issue.
When the security patch is applied, it will prevent the firewall and Windows installer from starting. Windows will also display an empty 'network connections' folder and will not run any COM+ applications.
The Microsoft Component Object Model enables components inside Windows to communicate. The technology allows Word documents to dynamically exchange data with an Excel spreadsheet, for instance.
LOL!! Good one.
My co-workers got a kick out of that one too! Thanks for the laugh, it's needed around here these days.
It's cool, FRiend. Sorry for snapping at you.
I gotta keep focused. If the worst thing that happens to me is getting multiple copies of a reply, I must be having a good day. ;o)
Understanding the UNIX and LINUX TCP/IP Stack code was easy. All I did was download it and read it. But Windows 2000 was another situation.
So I decided to treat MS Windows as if it used the same code as LINUX. I was surprised to find that the LINUX code and the Microsoft code for the TCP/IP stack was almost identical. The only difference I could find was the LINUX module contained the data structure used by raw sockets and exposed it to calling routines. The Windows version of raw sockets needed to be passed the address of the data structure which exists in the calling routine. The MS code could not have even been a rewrite of the original UNIX code the rest was identical.
Later I was told that MS had purchased the UNIX TCP/IP Stack code from Berkley and made next to no changes before adding it to windows.
Every time someone tells me that the Microsoft TCP/IP stack is vulnerable and LINUX is not... I find it very funny. It is the same code.
Since Apple built it's operating system on top of UNIX it is very likely that the MAC, Windows, UNIX, and LINUX machines are all using the same TCP/IP Stack code.
Oh By the way the Borland compiler for Windows (Delphi) and LINUX (Kylix) use the same source code for their internet components.
Wow. Quadruple post. I've been here awhile and I don't belive I've ever seen that. gj
Hey youre a browns fan, how would you know what winning looks like ;)
There is a prob all over FR today. Same thing happened to me. Look on most threads and you'll see multiples galore.
None of this would be an issue if Microsoft only had 5% to 7% market share.
Really? Market share affects quality of code? I didn't know that--thanks.
"Hey youre a browns fan, how would you know what winning looks like ;)"
Wow, direct hit.
I call it the "Cleveland Suck Zone". Any sports teams within a 50 mile radius stink. That explains KSU and Akron U. sports.
The Indians teased us... but c'mon, it's Cleveland, a real Cleveland fan knows the net result before it happens.
Unfortunately, it's very strong, and I think the Buckeyes are starting to feel the effects of the Cleveland Suck Zone.
I generally like to put these in a test environment first but this one had an exploit announced (it wasn't actually seen in the field) less than 48 hours after Patch Tuesday so most S/A's just threw it on their production boxes and hoped. Welcome to the new world of reduced patching windows.
I also support Solaris, Linux, and Netware, so please, all, spare me the customary amateur "you ought to change operating systems" crap. You wanna talk patching architecture? How about 100+ Solaris patches WITH dependencies? RedHat patches that are corrupt in transmission and automatically installed? Microsoft's problems aren't any worse, only different.
They didn't buy it.
Every time someone tells me that the Microsoft TCP/IP stack is vulnerable and LINUX is not... I find it very funny. It is the same code.
Both are BASED on the BSD code. Neither ARE the BSD code. They have both been modified in order to work with their respective kernel implementations. It is the modifications, not the base code, that makes it possible for a vulnerability or misfunctioning in the Microsoft TCP/IP stack to not be present in the Linux TCP/IP stack. And vice versa.
Oh By the way the Borland compiler for Windows (Delphi) and LINUX (Kylix) use the same source code for their internet components.
So does Perl. So what?
Microsoft's problems are different in one respect.
Microsoft sees things like this as a PR problem rather than a technical problem. It is therefore in their best interest to pretend that things like this don't happen, hide known problems and lie about the outcome rather than fess up and fix them.
Not exactly. Given the number of systems out there, all running different combinations of software, in a combination of network environments, there's simply no way to test them all. And the problems that the article mentions are only on systems where the default security has been changed. As I posted in the last thread on this very topic, it's really up the the IT staff of the organization to make sure that the parthces will not cause problems before they're rolled out to the production systems.
You can't blame Microsoft for security patches that break things on systems where security settings are no longer set to their defaults, unless you would like to wait several years between updates. And by the way, this sort of thing (a released patch fixes one thing, and breaks one or more other things) is NOT unique to Microsoft. I've seen it on a number of different systems.
Mark
Classic Microsoft excuse.
Hey - I was with NASA - we have infinitely more complicated systems doing infinitely more complicated tasks. At NASA, Test was an independent organization. At Microsoft, its a branch of Development- who have a vested interest in NOT highlighting their own stupidity.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.