This isn’t the first time that a Microsoft patch has needed a patch.
And it won’t be the last time, either. Fortunately, it’s not the most
horrible or widespread “son-of-a-patch” I’ve ever seen. But it affects
enough people that you may want to listen up.
The serious security hole in Windows that I warned you about in the
July 24 and
issues of Brian’s Buzz exploded onto the front pages of newspapers around
the world on August 13. Hundreds of thousands of PCs – afflicted with a
vulnerability in the Remote Procedure Call (RPC) of
Windows – were infected a worm that’s been called Blaster, MSBlast,
and Lovsan. Variants of that worm have been spreading since then, and
the problem won’t totally go away any time soon.
I reported in the last issue
of Brian’s Buzz on the “port 135″ security hole that Microsoft recently
described as critical. This flaw affects not only Windows XP, 2000, and NT 4.0,
but also the much-hyped new Windows Server 2003. Microsoft has released a
patch, but most people haven’t installed it yet. Well, time’s running out –
worms that exploit the flaw started making attempts to hit every PC on the
Internet just a couple of weeks after the vulnerability became publicly known.
Every time Microsoft releases “the most secure operating system ever,”
the security flaws just keep on coming. Last week, Microsoft
notified users that a hole rated “critical” (the most severe rating)
affects not only Windows XP, 2000, and NT 4.0, but also its new, much-vaunted
Windows Server 2003 product. Microsoft says Windows Me is not
vulnerable, but it didn’t test Windows 9x, which the company no longer
For those of you running installations of W2K, Microsoft released
Service Pack 4 for Windows 2000 Professional, Server,
and Advanced Server on June 26. It’s too soon to tell whether this upgrade
will exhibit the kind of serious problems that’ve plagued Service Pack 1
for Windows XP. (For the latest on SP1, see “Solve your XP network headaches”
in the June 19
issue of Brian’s Buzz.)
My readers have discovered some severe problems with Windows XP
exhibiting maddeningly slow printing and file copying on a mixed network
with Win 2000 and Win 9x machines. Fortunately, we’ve also diagnosed
some causes and found some cures.
Reader Jeremy Rosenblatt blows the whistle on a situation in which Microsoft’s
widely used Windows Update routine finds no updates to install – even
when there are clearly many patches needed a machine.
Weaknesses in Microsoft’s “single sign-in” Passport technology
forced the Redmond company early this month to temporarily shut down
the ability of Passport users to change their passwords.
It hasn’t been Microsoft’s best month for releasing patches.
After it was widely reported that installing a recent security patch
can slow Windows XP to a crawl, the Redmond company
had to admit the problem and scale back its recommendation that
all XP users apply the update.
Microsoft’s launch of its new Windows Server 2003 line is just
taking place as I write this, and my readers are starting to send
fascinating tips about its secrets. But while I’m compiling a new batch
of articles on that subject, the most interesting gotcha I’ve
heard of this week involves Windows XP with Service Pack 1