When you read that there’s a new security bulletin for IE, you probably tune me out
like you do with flight attendants: "Keep your browser
in its upright and patched position."
There’s a twist this week, though, as Microsoft closes a hole that’s already being
exploited but which hasn’t had a patch available for weeks.
What’s your plan for catastrophic PC failure?
It’s one thing to plan for dead hardware. If your budget can take the hit, some of you
might even welcome an excuse to have to replace some aging machine. The real problem
is all of your data. Do you have everything categorized, backed up, and
I should have known it was going to be an unusual week when two wooden mouse
traps disappeared in my garage. I thought I had one kind of pest problem at
first — cute, furry little mice in my garage. It turns out, I probably had
a different critter: a rat.
There’s been a trend lately with Microsoft’s "critical" patches. You may
have noticed that a significant portion of the time, patches the company rates
as Critical aren’t critical on Windows XP SP2 and Windows Server 2003 SP1. This is certainly no accident.
With these releases, in my opinion, Microsoft has achieved some actual payoff for
its security efforts.
The yellow shield is in the System Tray reminding me this is Patch Tuesday.
And before I began to write this article, I installed all 9. (Yes, there are 8 patches and
one malicous software removal tool.)
Normally, my second column of the month is my “clean up your patch details”
column. (The first column of the month deals with the problems that beset us from
Microsoft’s Patch Tuesday.)
Last Friday, I got the news that Microsoft would only have a new Malicious Software
Removal Tool and a high-priority, nonsecurity patch coming out on Patch Tuesday. So I
thought I’d be writing to you with my thoughts on Hurricane Katrina. Little did I know
that we’d end up with quite a bit of patching news after all.
The calendar says we’re in the dog days of August, and Patch Tuesday this
week was crawling along pretty slow, too.
The expected patches were released, all right. But reports were soon received from
sources on the PatchManagement.org list that the
direct-download patches for Internet Explorer had faulty digital signatures. As reported the
however, the patches for Windows Update,
Microsoft Update, SUS, and WSUS were unaffected this. I cover the details of
the problems below.
About six weeks ago, Microsoft released Update Rollup 1 (UR1) for Windows 2000 SP4.
Many people missed the security advisory, whereas some of those who saw the
advisory and did install the
rollup experienced problems. Microsoft has announced plans to reissue the update,
due to a few glitches affecting some customers, but has not yet given an exact
date for that release.
I go to Windows Update or Microsoft Update and think nothing of downloading
bits and pieces of what’s there. But many folks would really like to know what is
happening to their machines.