Results 1 to 10 of 10
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    UDP networking ports threatened by TCP/IP flaw




    PATCH WATCH


    UDP networking ports threatened by TCP/IP flaw


    By Susan Bradley

    For the average Windows user, the topic of networking ports is often confusing — and easily ignored.

    But November's Patch Tuesday includes an critical patch for Vista and Windows 7 — users for an unusual networking-protocol vulnerability.

    The full text of this column is posted at Windowssecrets.com/patch-watch/UDP-networking-ports-threatened-by-TCP/IP-flaw/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2011-11-09 at 20:06.

  2. #2
    New Lounger
    Join Date
    Oct 2010
    Location
    Canberra, ACT, Australia
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Dear M/s Bradley,

    May I suggest that you list your recommendations re MS patches in numerical order (the number of the patch) to make it easier to cross-reference with MS's recommendation?

    Cheers,

    Peter

  3. #3
    New Lounger
    Join Date
    Nov 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    RE: Apple's iOS 5 is easier to buy than to upgrade

    Your comment that a 'few' owners have reported power problems with iOS 5 I think is way understating the problem. I had the problem, as did everyone in my informal survey. People may not report it to Apple, but I think it is much more like 'all' than 'a few'. What I don't understand is how it is being downplayed by the media, and the simple fix not universally promulgated. I applied the 'Guardian' fix (to turn off time zone updating) and my battery life is restored. Maybe you could help to spread the word?

  4. #4
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    376
    Thanks
    1
    Thanked 29 Times in 24 Posts
    "All" would not be accurate, either. None of my fellow iPhone users that I've talked to have had power problems after upgrading to iOS 5. In any case, iOS 5.0.1 is now being pushed out to everyone.

  5. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    Edit: You may want to be aware of this with Verizon phones:
    Nasty Bug in iOS 5.0.1 OTA Update screws up Address Book on the iPhone 4S | The Startup Foundry:

    http://thestartupfoundry.com/2011/11...the-iphone-4s/

    iOS 5.0.1 is now out and includes Security updates as well:

    APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update


    iOS 5.0.1 Software Update is now available
    Last edited by SusanBradley; 2011-11-11 at 23:47.

  6. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    http://support.microsoft.com/default...;en-us;2641690
    Yes that is indeed another update this week that came out after Patch Watch was released. This revokes certain root certificates from your root certificate store based on the vendor's less than stellar handling of the strength of the certificates issued. This violated Microsoft's rules of Certificate processing and they are proactively removing the certificates to protect users.
    http://blogs.technet.com/b/msrc/arch...ate-store.aspx
    I would recommend installing this update when it's offered up to you.

  7. #7
    Lounger
    Join Date
    Apr 2011
    Posts
    41
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Susan/Kathleen:

    Two old patches that I'm still being offerred no longer appear on the Patch Chart, but haven't gotten an "install" go-ahead. Both were "wait" on the October 11th chart, but did not appear on the October 27 or the current charts. Sorry if I missed something or just couldn't figure out current info that applies. What are the recommendations for:

    KB 2541763: This is the patch that allows XP to parse fragmented TSL/SSL handshake messages.

    KB 2539581 (& KB 2539530): This is a nonsecurity patch for Office 2003 (and Office 2007) relating to the rupee symbol.

    Thanks.
    Marcia G.

  8. The Following User Says Thank You to MarciaG For This Useful Post:

    gpeyton (2011-11-18)

  9. #8
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    Quote Originally Posted by MarciaG View Post
    Susan/Kathleen:

    Two old patches that I'm still being offerred no longer appear on the Patch Chart, but haven't gotten an "install" go-ahead. Both were "wait" on the October 11th chart, but did not appear on the October 27 or the current charts. Sorry if I missed something or just couldn't figure out current info that applies. What are the recommendations for:

    KB 2541763: This is the patch that allows XP to parse fragmented TSL/SSL handshake messages.

    KB 2539581 (& KB 2539530): This is a nonsecurity patch for Office 2003 (and Office 2007) relating to the rupee symbol.

    Thanks.
    Marcia G.
    Not seen a need to put 2541763 on workstations and unless you have a need to use the rupee symbol I'd skip the rupee patch as well.

  10. The Following 2 Users Say Thank You to SusanBradley For This Useful Post:

    gpeyton (2011-11-18),user ht (2011-11-13)

  11. #9
    Lounger
    Join Date
    Apr 2011
    Posts
    41
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by SusanBradley View Post
    Not seen a need to put 2541763 on workstations and unless you have a need to use the rupee symbol I'd skip the rupee patch as well.
    Thanks. Two follow-ups:

    1. Have there been any problems with either of these patches? If not, even if they are not needed, is there any reason not to install them?

    2. Why were these dropped, rather than kept as "waits" or changed to "skips?" The Patch Column is really helpful, and I'd just like to understand this for the future.

    Thanks, again, for your help with this issue -- and for the Patch Column. Marcia G.

  12. #10
    Lounger
    Join Date
    May 2010
    Location
    Boston, MA, USA
    Posts
    32
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Re: Patch Watch 10/27/2011, "root certificate updates for XP come calling". Susan, would your recommendation to skip 931125 apply as well to security advisory kb2641690 which was offered on 11/10/2011, and reads as follows:

    Microsoft Security Advisory (2641690)


    Fraudulent Digital Certificates Could Allow Spoofing

    Published: Thursday, November 10, 2011 Version: 1.0
    General Information

    Executive Summary

    Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.
    DigiCert Sdn. Bhd is not affiliated with the corporation DigiCert, Inc., which is a member of the Microsoft Root Certificate Program.
    There is no indication that any certificates were issued fraudulently. Instead, cryptographically weak keys have allowed some of the certificates to be duplicated and used in a fraudulent manner.
    Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust in DigiCert Sdn. Bhd. The update revokes the trust of the following two intermediate CA certificates:

    • Digisign Server ID – (Enrich), issued by Entrust.net Certification Authority (2048)
    • Digisign Server ID (Enrich), issued by GTE CyberTrust Global Root

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •