Microsoft Issues New Security Updates

(3 replies) #1 Jason on 15 Dec 2004 - 00:04

Good, more holes fixed.

#1.1 Hurmoth on 15 Dec 2004 - 02:57

That's not the thing I hate... I hate it when Microsoft releases a patch (not a Service Pack) and has to release 10 more to fix that one

#1.2 Black on 15 Dec 2004 - 09:21

But then people complain when patches take up to months to release when they do full matrix testing on them so what are ya gonna do?

#1.3 Hurmoth on 16 Dec 2004 - 14:17

Good point Black!

(2 replies) #2 Darkness2k on 15 Dec 2004 - 00:10

Microsoft Security Bulletin MS04-042
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (KB885249)

Affected Software:

• Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

Non-Affected Software:

• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

• Microsoft Windows XP 64-Bit Edition Service Pack 1

• Microsoft Windows XP 64-Bit Edition Version 2003

• Microsoft Windows Server 2003

• Microsoft Windows Server 2003 64-Bit Edition

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

(I.E. It isn't for Windows XP SP2, only NT4)

#2.1 lardiop on 15 Dec 2004 - 02:11

Thanks... Front Page Updated

#2.2 Varsity on 15 Dec 2004 - 07:31

I'm on SP2 and got four...

(4 replies) #3 keratosis on 15 Dec 2004 - 00:11

Just keep fixing them , we'll keep finding them.

#3.1 Rogue` on 15 Dec 2004 - 00:17

^tool

#3.2 SVT on 15 Dec 2004 - 01:49

QUOTE

^tool

Even though I don't use Windows, I'm grateful when someone takes the time to track down a bug in one of the OSs I use. It means my OS will be more stable and secure after the patch is applied.

SVT

#3.3 warr on 15 Dec 2004 - 07:26

best comment so far.

#3.4 chacho on 15 Dec 2004 - 19:57

QUOTE

It means my OS will be more stable and secure after the patch is applied.

No sheit.

(1 reply) #4 Chestah on 15 Dec 2004 - 00:12

Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (KB885835)

This one applies for both XP SP1 and SP2

#4.1 Deviate_X on 15 Dec 2004 - 02:03

QUOTE

This one applies for both XP SP1 and SP2

It is not exploitable via the network.

(1 reply) #5 DELTA75329 on 15 Dec 2004 - 00:17

AutoUpdate, how do I love thee? Lemme count the ways...

#5.1 figgy on 15 Dec 2004 - 00:24

Yeah. Got my updates even before I saw the posting on Neowin.

#6 Sn1p3t on 15 Dec 2004 - 00:17

I was waiting for these updates. I was browsing a few websites, and then returned to Neowin, where I saw this announcement. I was about to go to Windows update when I noticed the little yellow sheild. I moused over it and noticed all the updates had been downloaded, and were awaiting my install.

I love you SP2

(8 replies) #7 webeagle12 on 15 Dec 2004 - 00:29

another sad day for users of Windows

#7.1 Sn1p3t on 15 Dec 2004 - 00:35

Sorry, I have to say it.

You are a << removed >>. (no need for name calling)

After an install of the newest version of Fedora I could find on the public FTPs, I had 105 updates to install. Not only that, but the update program took a few reboots before it would even start to update the software. (Y)

Last edited by 36818 on 15 Dec 2004 - 02:38

#7.2 MegaManXcalibur on 15 Dec 2004 - 01:50

Oh yeah getting security updates is such a sad state of affairs... I'd be so much happier if Microsoft just didn't patch these Windows flaws.

Yes thats sarcasm but honestly after installing any Linux disto the first thing I usually do is get any updates that were made avalible since the release date. In every instance (be it Ubuntu, Fedora Core, Slackware, or Mandrake) that the distro has been our for a while there are a good number of updates that need to be installed.

Any operating system is going to have flaws in them, and I honestly don't understand how its considered a sad day when fixes are made avalible for these flaws.

#7.3 SVT on 15 Dec 2004 - 01:52

QUOTE

After an install of the newest version of Fedora...I had 105 updates to install.

I did a fresh Install of BeOS 5 Pro for my networked jukebox and had 1 update to install afterwards. What was your point again? Oh wait you didn't have one.

SVT

#7.4 Deviate_X on 15 Dec 2004 - 02:10

QUOTE

After an install of the newest version of Fedora I could find on the public FTPs, I had 105 updates to install

And Redhat Linux FC 3 was released on November 8th 2004, which gives you about 3 patches to install every day.

#7.5 neostyle on 15 Dec 2004 - 02:14

QUOTE

I did a fresh Install of BeOS 5 Pro for my networked jukebox and had 1 update to install afterwards. What was your point again? Oh wait you didn't have one.

SVT

lol do u know how old beos 5 is ?

#7.6 Skyfrog on 15 Dec 2004 - 02:20

QUOTE

I did a fresh Install of BeOS 5 Pro for my networked jukebox and had 1 update to install afterwards.

I hope you're not being serious. Could it have anything to do with the fact that the OS has not been supported for ages, since Be no longer exists?

#7.7 nic on 15 Dec 2004 - 17:00

I'm running FC3 as well, and it does seem like their update tool is a little "over eager". There might be away to have it only look for "critical" updates. But by default it will suggest you update everything even if there is the smallest version number change (like 1.2.2.3.1 -> 1.2.2.3.2). It does get a little ridiculous.

#7.8 dandu on 15 Dec 2004 - 19:31

QUOTE

After an install of the newest version of Fedora I could find on the public FTPs, I had 105 updates to install. Not only that, but the update program took a few reboots before it would even start to update the software. (Y)

this is normal since Fedora Core, which you are using includes all "bleeding edge"/alpha/beta technologies/applications like gcc 3.4/libc 2.3.3 2/kernel 2.6/xorg 6.8 and so on. they are all under "heavy" development and of course require frequent updates.

try using a more "stable" linux distribution if you don't like updating so much.

Last edited by 62935 on 15 Dec 2004 - 19:38

#8 Mysterio on 15 Dec 2004 - 00:34

guess EVERY second tuesday of the month will be sad day.....because MS has started to release updates on the 2nd tuesday of EVERY month....

(4 replies) #9 Snipe™ on 15 Dec 2004 - 00:43

another restart...

#9.1 Skyfrog on 15 Dec 2004 - 02:29

It's a difficult thing to deal with but just hang in there; in 15-30 seconds or so your computer will be back on. I know it's hard to go almost half a minute without your computer but you CAN make it, I promise.

#9.2 SquareSoft0 on 15 Dec 2004 - 08:54

Pity this poor boy, he will go hours without his computer while all the zombie-spam-node services do their dirty work!

#9.3 mrbester on 15 Dec 2004 - 11:51

No, it's just bloody annoying that every single damn patch needs a reboot, especially if you're updating a domain controller. I can't remember when the last alleged hotfix was a proper hotfix; no reboot required...

#9.4 Snipe™ on 16 Dec 2004 - 05:04

Exactly, some people don't get it

#10 Faiden on 15 Dec 2004 - 00:47

say cheese

#11 mkouk on 15 Dec 2004 - 01:10

installed them, rebooted and now i cant sign in to msn messenger, anyone else having this problem? messenger keeps trying forever but nothing happens

edit:
and as i hit submit for my comment msn signs in! lol

(1 reply) #12 caerma on 15 Dec 2004 - 01:18

system updated...

#12.1 chacho on 15 Dec 2004 - 19:59

thanks for the info.

#13 MtDewCodeRedFreak on 15 Dec 2004 - 01:35

Got my system updated too as well.

Also got virus definition updates today for my NIS 2005.

#14 JOEWARE on 15 Dec 2004 - 02:43

Just got these updated. ALso updated NIS2005, InfoPath 2003 & AIM.

(1 reply) #15 Miran on 15 Dec 2004 - 02:57

I take no issue in MS updating windows, but wordpad??! I would have thought most of the security issues involving a simple text editor would be worked out by now. Oh well, better for MS to find and fix them then someone else.

#15.1 Skyfrog on 15 Dec 2004 - 04:03

Well at least Solitaire hasn't had any security issues yet.

(4 replies) #16 Gary_Player on 15 Dec 2004 - 03:01

QUOTE

Vulnerability in WordPad Could Allow Code Execution (KB885836)

How the hell could a wordpad vulnerability allow code execution? Wordpad shouldn't be doing anything that would give it the ability to allow any sort of code execution, let alone this security problem

#16.1 Jugalator on 15 Dec 2004 - 08:23

Why not?

All it takes is a buffer overflow, and these can of course appear in, well, even Minesweeper.

You don't know much about programming, do you?

#16.2 Gary_Player on 15 Dec 2004 - 09:58

There shouldn't even be the possibility of a buffer overflow in a program thats been around as long as freaking wordpad

#16.3 gameguy on 15 Dec 2004 - 10:18

Yes, because... I'm not even going to explain it

Learn a thing or two about programming before you throw around stupid comments like that

#16.4 SquareSoft0 on 16 Dec 2004 - 00:02

QUOTE

Learn a thing or two about programming before you throw around stupid comments like that

#17 no-sweat on 15 Dec 2004 - 03:07

Am i the only person that actually LOVES updating windows?? I LIVE FOR THIS STUFF!!!

(2 replies) #18 webeagle12 on 15 Dec 2004 - 03:31

Microsoft shoud pay us to update windows, 1 update =$100

#18.1 Skyfrog on 15 Dec 2004 - 05:12

Symantec should pay me for updating my anti-virus program. 1 update=$100

No, on second thought it still sounds dumb.

#18.2 Jugalator on 15 Dec 2004 - 08:25

Dumb? Yes. Making me a millionare? Yes.
Hey, this idea is good, not dumb!

Sure, MS would go bankrupt, but I'm sure I'd survive without them

#19 cengao on 15 Dec 2004 - 03:53

If you use windows update,
there seems two more update avaiable for XP published today

Critical Update for Windows XP (KB886185)
Cumulative Update for Outlook Express for Windows XP (KB887797)

#20 Suren on 15 Dec 2004 - 03:55

Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)

Summary
Who should read this document: Customers who use Microsoft Windows Internet Naming Service (WINS)

Affected Software:

• Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

• Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4 – Download the update

• Microsoft Windows Server 2003 – Download the update

• Microsoft Windows Server 2003 64-Bit Edition – Download the update

Non-Affected Software:

• Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

• Microsoft Windows XP 64-Bit Edition Service Pack 1

• Microsoft Windows XP 64-Bit Edition Version 2003

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

THIS IS NOT FOR WINDOWS XP SP 2

#21 eilegz on 15 Dec 2004 - 04:01

Using Microsoft Baseline Security Analizer and for SP1 detected this:

Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution (KB885836)

Microsoft Security Bulletin MS04-043
Vulnerability in HyperTerminal Could Allow Code Execution (KB873339)

Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (KB885835)

(7 replies) #22 shichiroji4 on 15 Dec 2004 - 04:39

Why do I only see holes everywhere in M$ winXP? Gee, a whole buch of high paying leechers at M$ cannot make a secure OS like the smaller Apple or hobbyist Linux?

#22.1 Skyfrog on 15 Dec 2004 - 05:01

Ignoring the fact that typing M$ automatically makes you a pathetic lamer, you might want to look at how many updates are available for your hobbyist Linux. A hell of a lot more than there are for Windows. Mac OS isn't immune either; every OS needs updates. I'm sure you also considered the fact that Windows is by far the biggest target for hackers. Didn't you? Oh wait, your just a clueless troll. Nevermind.

#22.2 shichiroji4 on 15 Dec 2004 - 05:10

Apple is as secured as it can be. Most of its updates are just precautionary and presents no major threat. I have use Macs for nearly a decade and no hacking or virus threats have I encountered. all windows does is crash at every single prob. Use a Mac before spouting off your mouth.

#22.3 Skyfrog on 15 Dec 2004 - 05:21

QUOTE

Apple is as secured as it can be.

BS, no OS is secured as it can be. If Mac OS had the market share Windows has you can bet there would be plenty of viruses and vulnerabilities popping up for it.

QUOTE

all windows does is crash at every single prob.

More BS, Windows XP has never crashed on my system.

QUOTE

Use a Mac before spouting off your mouth.

I have used Macs since the late 80's, and while the latest models are nice I still choose not to act like a mindless fanboy who goes around trolling forums, typing M$ and spreading FUD while praising their Mac like it's some kind of flawless holy creation.

Last edited by 3601 on 15 Dec 2004 - 05:37

#22.4 Mathiasdm on 15 Dec 2004 - 08:39

Aargh! It's you who's spreading fud!

QUOTE

BS, no OS is secured as it can be. If Mac OS had the market share Windows has you can bet there would be plenty of viruses and vulnerabilities popping up for it.

Security through obscurity does NOT EXIST. This goes both for Linux and Mac.
http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/

#22.5 SquareSoft0 on 15 Dec 2004 - 08:59

Yes, because TheRegister is a respectable source of hard-hitting technological new.

QUOTE

I have use Macs for nearly a decade

You made my day, thanks!

#22.6 Deviate_X on 15 Dec 2004 - 11:15

QUOTE

Why do I only see holes everywhere in M$ winXP?

Simply because patches for Windows XP is a newsworthy event. No one is in interested in reading about patches for MacOS or Linux. It that simple.

Apple issues MacOS patches only slightly less frequently or equivalent to Windows. Linux distributors issue patches far more often. BSD less often. But the truth is, no one really cares to read about these OS'es and their patches.

Last edited by 38808 on 15 Dec 2004 - 11:22

#22.7 bladerunner81 on 15 Dec 2004 - 12:11

that would be because they fix problems too fast to really become an issue. whenever microsoft comes around to fix something it has to be a "big thing(tm)" and everyone has to rush for a fix.

(1 reply) #23 Skyfrog on 15 Dec 2004 - 05:19

Nice to see they are still updating NT 4.0, I actually know quite a few people that are still using it.

#23.1 EduardValencia on 15 Dec 2004 - 15:42

tell em to upgrade

(1 reply) #24 youyou on 15 Dec 2004 - 05:45

pirates will need to re-activate? true?

#24.1 [DGS] on 15 Dec 2004 - 06:57

Yes you pirates need to re-activate.. LOL

By the way since when do pirates activate??

(2 replies) #25 [DGS] on 15 Dec 2004 - 06:56

The following updates were installed successfully:

Security Update for Windows XP (KB873339)
Security Update for Windows XP (KB885835)
Critical Update for Windows XP (KB886185)
Cumulative Update for Outlook Express for Windows XP (KB887797)
Security Update for Windows XP (KB885836)

#25.1 warr on 15 Dec 2004 - 07:27

Do you want to restart your Gates now?

#25.2 [DGS] on 15 Dec 2004 - 11:48

Eh?

#26 MarcusJClifford on 15 Dec 2004 - 11:09

The two additional Non MS04-XXX updates are:

Outlook Express Update:
Cumulative Update for Outlook Express for Windows XP (KB887797)
Date last published: 12/14/2004
Typical download size: 612 KB
This non-security update helps resolve various issues found in Outlook Express. After you install this item, you may have to restart your computer.
System Requirements
Recommended CPU: Not specified.
Recommended memory: Not specified.
Recommended hard disk space: Not specified.
How to Uninstall
This software update can be removed via Add or Remove Programs in Control Panel.

---------------------

Windows XP SP2 Firewall Update:
http://www.microsoft.com/downloads/details...&displaylang=en

Critical Update for Windows XP (KB886185)
This update helps narrow the definition of the My network, or local subnet, restriction option in the Windows Firewall.

Quick Info
File Name: WindowsXP-KB886185-x86-enu.exe
Download Size: 385 KB
Date Published: 12/13/2004
Version: 886185

Overview
This update helps narrow the definition of the My network, or local subnet, restriction option in the Windows Firewall. This is helpful in situations where the Windows Firewall would consider a large network to be on the local subnet because of how the dial-up software configured the route tables. After you install this item, you may have to restart your computer.

System Requirements
Supported Operating Systems: Windows XP Service Pack 2

Windows XP Media Center Edition with Windows XP Service Pack 2
Windows XP Tablet PC Edition with Windows XP Service Pack 2

#27 EduardValencia on 15 Dec 2004 - 15:40

updated via automatic,i love u microsoft

#28 nic on 15 Dec 2004 - 17:15

good to see security patches come out that fill in this bad stuff.

Too bad the security flaws exist in the first place. Maybe because i haven't overseen such a large programming effort as Windows is, but I can't see how you can let these type of security issues persist throughout your code like Windows is. But I guess it is ture for all OSes.

#29 Hekx on 15 Dec 2004 - 17:26

I just beat automatic updates to it by going through manual update at the site.
Now I guess I had better reboot, this thing has been annoying me to restart for a good 50 minutes.

#30 rIaHc3 on 16 Dec 2004 - 01:22

Updated too but im download Ocean's 12 so ill problably reboot tomorrow. BTW Thanks alot to autoupdate. I turned on my PC today saw the shield and the updates were downloaded and just needed my word for installation.

#31 NYCBetaSte on 17 Dec 2004 - 21:44

is it possible someone can direct me to where i can download the updates in one file and install them offline? thanks

Neowin.net