I wrote in the Sept. 18 issue
of Brian’s Buzz on Windows that a critical Microsoft security patch does
not actually close the hole it was intended to correct. Now virus attacks
that take advantage of this flaw have appeared “in the wild,” on Web pages
that infect Windows PCs without warning.
Son of a patch, it happened again.
I reported in the Sept. 4 issue
of Brian’s Buzz that a patch for Internet Explorer 5 and 6 that was rated
“critical” Microsoft should be installed immediately: bulletin
and Knowledge Base article
This isn’t the first time that a Microsoft patch has needed a patch.
And it won’t be the last time, either. Fortunately, it’s not the most
horrible or widespread “son-of-a-patch” I’ve ever seen. But it affects
enough people that you may want to listen up.
The serious security hole in Windows that I warned you about in the
July 24 and
issues of Brian’s Buzz exploded onto the front pages of newspapers around
the world on August 13. Hundreds of thousands of PCs – afflicted with a
vulnerability in the Remote Procedure Call (RPC) of
Windows – were infected a worm that’s been called Blaster, MSBlast,
and Lovsan. Variants of that worm have been spreading since then, and
the problem won’t totally go away any time soon.
I reported in the last issue
of Brian’s Buzz on the “port 135” security hole that Microsoft recently
described as critical. This flaw affects not only Windows XP, 2000, and NT 4.0,
but also the much-hyped new Windows Server 2003. Microsoft has released a
patch, but most people haven’t installed it yet. Well, time’s running out –
worms that exploit the flaw started making attempts to hit every PC on the
Internet just a couple of weeks after the vulnerability became publicly known.
Every time Microsoft releases “the most secure operating system ever,”
the security flaws just keep on coming. Last week, Microsoft
notified users that a hole rated “critical” (the most severe rating)
affects not only Windows XP, 2000, and NT 4.0, but also its new, much-vaunted
Windows Server 2003 product. Microsoft says Windows Me is not
vulnerable, but it didn’t test Windows 9x, which the company no longer
For those of you running installations of W2K, Microsoft released
Service Pack 4 for Windows 2000 Professional, Server,
and Advanced Server on June 26. It’s too soon to tell whether this upgrade
will exhibit the kind of serious problems that’ve plagued Service Pack 1
for Windows XP. (For the latest on SP1, see “Solve your XP network headaches”
in the June 19
issue of Brian’s Buzz.)
My readers have discovered some severe problems with Windows XP
exhibiting maddeningly slow printing and file copying on a mixed network
with Win 2000 and Win 9x machines. Fortunately, we’ve also diagnosed
some causes and found some cures.
Reader Jeremy Rosenblatt blows the whistle on a situation in which Microsoft’s
widely used Windows Update routine finds no updates to install – even
when there are clearly many patches needed a machine.
Weaknesses in Microsoft’s “single sign-in” Passport technology
forced the Redmond company early this month to temporarily shut down
the ability of Passport users to change their passwords.