By Susan Bradley
At least two critical Windows updates have been released recently by Microsoft — but they’re not being picked up by most patch-management software because the updates aren’t marked by Microsoft as “security” updates.
If your patching tool is Windows Update, you can skip this section. Windows Update automatically offers the patches discussed herein.
If you’re in a corporate environment where you use patch tools, Microsoft patches that are not considered to be security bulletins may be missed. As a result, these patches are not scanned for by the Microsoft Baseline Security Advisor, nor any other patch tool that “just” scans for security patches.
Two coding errors in SP2 need patching
The first patch is a problem with SP2 that leaves a security hole wide open for laptops using dial-up connections. See Knowledge Base article 886185.
The second issue involves antivirus and firewall programs, which ran fine on Windows XP or XP SP1. This raises a potential denial of service issue. See KB 887742.
(Mark Burnett is off this week. His regular Update Management column will return in the next issue.)