main

Microsoft Releases Bumper Updates Summary for February 2005

Steven Parker   on 08 February 2005 - 21:53 · 56 comments & 3920 views

Advertisement (Why?)
Thanks Drestin for notifying us of this.

Microsoft has posted their Feb '05 security updates as promised. A grand total of 11 patches, all but 2 don't affect Windows XP and 3 if you don't have .NET Framework installed. Also we see the first signs that SP2 is already feeling its age, because even if you have SP2 installed you still need to apply these patches. Windows XP SP2 is affected unlike the earlier bulletins that more often than not showed that SP2 was more secure than anything before it.

The security updates for February 2005 include several high-priority updates for Microsoft Windows that also affect Microsoft SharePoint, Microsoft Internet Explorer, and Microsoft Media Player technologies. If you have any of the software listed on this page installed on your computer, you should install the updates from Windows Update.

Microsoft have never been known to be short of words, but even they advise we "Skip the details and update now", you know what to do ;)

View: Windows Security Updates Summary for February 2005


Firstly, could you tell us about yourself, your history?

I've been into recreational mathematics most of my life, and worked in software startups for a while after dropping out of college before starting work on BitTorrent.

Tell us about BitTorrent- what was the inspiration? What were you trying to achieve with the protocol?

I had a lot of experience working on networking protocols, and was interested in exploring what I thought were the reasonable problems to work on. My main goal was to make it cheap to distribute large, popular files, which I of course succeeded in doing.

BitTorrent, it was recently suggested, was carrying as much as 30% of the webs traffic; how did you re-act to this news?!

I don't have any visceral concept of how much that bandwidth that really is, so it's mostly just surreal.

Moving onto BitTorrent uses at the moment - it'd be hard to ignore the arguably most common use of the protocol - piracy. How do you feel about this? Did you think about the potential for 'abuse' when you conceived the protocol?

Given the history of such tools, it's fairly obvious that the general public has a strong interest in piracy.

A group have created a new program called eXeem which appears to solve one of the problems BitTorrent has- that off tracking torrents. Have you seen the program, and if so, what do you think of it?

It's yet another napster/kazaa/edonkey/hotline/whatever. BitTorrent usage is doing quite well without it.

Moving on, the protocol has clearly many legitimate uses; have you seen any especially unique implementations?

They're all just pushing around bits, which is about all I care about.

How do you think companies are going to deal with bandwidth in years to come - do you think it will be something along the lines of bit torrent, or something radically different?

Peer to peer as an approach is here to stay.

What's cool technology wise in the Cohen house hold at the moment? What'd be your pick for the "next big thing"?

I've also been working on the Codeville version control system and designing twisty puzzles. I don't know what the next big thing is.

Finally, what does the future hold for yourself?! What are you working on at the moment?

I'm continuing to work on BitTorrent.

Share this Article

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 56 additional comments
(5 replies) #1 Steven on 08 Feb 2005 - 21:55
Roll up means all in one patch... i had about 8 patches to install.

whats "Bumper"
#1.1 Neobond on 08 Feb 2005 - 21:59
ahh sorry thats an English term for 'Big'
#1.2 Steven on 08 Feb 2005 - 22:14
There are many updates for Microsoft Office that are associated with these bulletins that will NOT appear on Windows Update.

Please also visit: Microsoft Office Update Homepage as well as Microsoft Windows Update Homepage to be protected from all known vulnerabilities!
#1.3 Neobond on 08 Feb 2005 - 22:24
I just did an article on 3 new updates in 'Software news' category
#1.4 Steven on 08 Feb 2005 - 22:35
Good Job Neobond.
#1.5 Mr. Black on 09 Feb 2005 - 18:47
Steven (1.2), thanks for that info, it was a great help!
(6 replies) #2 phedot on 08 Feb 2005 - 21:56
[QUOTE]You know what to do [/QUOTE]

Yeah, grab IE and install the updates...

When is Microsoft going to offer support to other browsers?
#2.1 Xeron on 08 Feb 2005 - 21:57
What on earth are you talking about?
#2.2 WeeJames on 08 Feb 2005 - 22:03
I guess he's talking about how you can't get at Windows Update with Firefox or any non-ie browser...
#2.3 Steven on 08 Feb 2005 - 22:43
The first day of never!
#2.4 SquareSoft0 on 09 Feb 2005 - 04:30
Oh, let's blame Microsoft because Firefox doesn't support ActiveX. Plenty of browsers other than IE work, ActiveX is a useful piece of technology and I'm glad to see it have a good use such as Windows Update.
#2.5 carl0ski1 on 09 Feb 2005 - 12:28
QUOTE
Oh, let's blame Microsoft because Firefox doesn't support ActiveX. Plenty of browsers other than IE work, ActiveX is a useful piece of technology and I'm glad to see it have a good use such as Windows Update.

idiot dont attack his opinion

He wants MS to move away from ActiveX as their form of Windows Updates.
Firefox cant use ActiveX as MS doesnt give the specs out too much for other browsers to support it they can't

And MS themselves have publicly proclaimed that ActiveX is dangerous and to either disable or put a choke collar on it allowing only trusted sites.

Why not a separate .Net applet to install updates?

Java? Javascript hell anything will do.


Numerous companies, Google, Symantec, Trendmicro
and numerous other companies have moved from MS implementations for their projects online tools
and recognised the need to advertise with the growing number people scattering on different browsers
why can't ms?


but they are sticking with ActiveX to keep competitors away.

("We are confident corporate users will continue to use IE as they require it as it is crucial to their key infrastucture"
ms defense and public statement as to why corporations wont change to firefox.
probably describing Windows Update maybe?

#2.6 SquareSoft0 on 10 Feb 2005 - 07:37
So what you're saying is that it's alright to attack someone else's opinion if it isn't anti-Microsoft? That's pretty much all anyone can see while reading your rant.
(1 reply) #3 ev0| on 08 Feb 2005 - 21:58
The only reason SP2 looked more secure first is because they pre put patches in it. Now you'll see more security issues for it every month
#3.1 Burly on 08 Feb 2005 - 22:09
not true, all you need to do is read the update/feature list of sp2 or use it for a bit to realise that its not patches
(4 replies) #4 [DGS] on 08 Feb 2005 - 22:10
Where is the critical update concerning MSN MESSENGER ?
#4.1 Breach on 08 Feb 2005 - 22:19
There IS a critical update for MSN Messanger.
#4.2 Steven on 08 Feb 2005 - 22:55
Microsoft is not going to issue a critical update for BETA Software, they will however eventually release a new beta build that has this fix included. If you are worried about being vulnerable go back to MSN Messenger 6.2 and then install the most recent update for protection.
#4.3 Ryan92 on 08 Feb 2005 - 23:27
Actually from what I've read...MSN Messenger 7 Beta is safe and is not affected. However, it is MSN Messenger Verion 6 that is.

QUOTE
We have obtained new details on the previously announced Microsoft Security Bulletins. Core Security Technologies today published a vulnerability in MSN Messenger clients up to version 6. According to the report, using a specially-crafted MSN Display Picture, an attacker could trigger a buffer overflow vulnerability on a contact's computer and execute arbitrary code.
NOTE: MSN Messenger 7 BETA is NOT .

Source: Mess.be....
#4.4 [DGS] on 09 Feb 2005 - 09:37
I AM using MSN MESSENGER 6.2.... I NEVER said i was using 7...

I thought they were gonna release an update to 6.2
(1 reply) #5 Steven on 08 Feb 2005 - 22:13
THe biggest issue IMO is the OLE exploit. Most if not all current applications you use today have some usage of "Drag & Drop" Functionality. Thus they are vulnerable!

UPDATE PEOPLE!!!
#5.1 tiagosilva29 on 09 Feb 2005 - 04:18
Just did it.
(4 replies) #6 Tantawi on 08 Feb 2005 - 22:19
Is it me only who is having problems installing "Comment ASP.NET Security Update for .NET Framework 1.1 SP1" Update?

It gives me an error "Application has generated an exception that could not be handled" and some stuff while installing and can't continue...

Any help?

Last edited by 49195 on 08 Feb 2005 - 22:42
#6.1 Breach on 08 Feb 2005 - 22:28
Just that you're not the only one ;-) Then again if you have Visual Studio .NET (like me) I guess that's the problem...
#6.2 Tantawi on 08 Feb 2005 - 22:39
Oh, then I hope someone will come with a solution, I don't have VS.NET anyway
#6.3 Tantawi on 08 Feb 2005 - 23:58
I searched google, MANY users faces the same problem when installing .NET 1.1 or its SP1 and no solution yet!
#6.4 Tantawi on 09 Feb 2005 - 00:35
My third reply to my own post lol

but not usless, I made a solution

Go and delete this regkey:
[HKEY_CLASSES_ROOTInstallerProductsDDE7F2BCF1D91C3409CFF425AE1E271A]

Then setup .NET 1.1 > .NET 1.1 SP1 > .NET 1.1 SP1 Update

And it'll work very fine.

Problem's cause? tweaking windows by deleting the folder windowsinstaller, what a stupid tweak I did!
#7 Breach on 08 Feb 2005 - 22:21
Ah, fun, even the bulletin wasn't verbose at all - sort of like, s*** we've got about 10 new, let's not get the media all over it again (as if). Nice to have so many fixes all-in-one (for some unfortunate of us -- to little to late). Not that the Linux kernel hasn't been guest starring on SecurityFocus lately...
#8 cooldude7273 on 08 Feb 2005 - 22:26
The update links are giving me MS 404 errors!

edit: working now!
(2 replies) #9 INFERNO2k on 08 Feb 2005 - 22:28
Now where is MSN 7?
#9.1 wooyayhoopla on 08 Feb 2005 - 22:36
patience, young grasshopper.
#9.2 bucko on 09 Feb 2005 - 00:03
LOL, it's hardly an update is it, im gona nudge my friend, lmao. Well I can give that a miss
#10 Razor_D on 08 Feb 2005 - 22:43
I had 11 new, here on Windows MCE 2005..
#11 eilegz on 08 Feb 2005 - 22:47
i got 7 updates (red) and 1 missing upgrade (blue) at mbsa
#12 Ficman on 08 Feb 2005 - 23:26
Unleash the hounds...
(1 reply) #13 tahoma on 09 Feb 2005 - 00:16
whats the point in having automatic updates running 25/7 like ms wants you to if they are going to 'save' all the critical updates for the 2nd tuesday every month?
#13.1 twyst3d on 09 Feb 2005 - 01:39
i agree
#14 b0m8er on 09 Feb 2005 - 00:48
Istalled... all updates without any problem
#15 Hills420 on 09 Feb 2005 - 02:04
I installed the updates on 3 computers. Two of them were perfect and one received an error on the .Net patch.
#16 em_te on 09 Feb 2005 - 02:37
What .NET has a vulnerability? Even with the sandbox and what not?

I'm shocked.

This is gonna get ugly with all the .NET fanboys and bashers.
(3 replies) #17 freeza on 09 Feb 2005 - 02:53
Where can i get these updates without windows update?

V5 i seem to have broken and they dont show up on V4
#17.1 Zolk on 09 Feb 2005 - 02:58
Turn on Automatic Updates and they should download.
#17.2 freeza on 09 Feb 2005 - 03:02
cool, i just did it.

when does it start to download? i set it to DL every tuesday at 7 PM which is now lol

do i need any services enabled other than automatic updates? like the BITS service?
#17.3 Skyfrog on 09 Feb 2005 - 04:16
You can download them individually from the link on this page.
(1 reply) #18 cork1958 on 09 Feb 2005 - 03:17
What exactly is that messenger update for? I have NEVER had messenger, the chat messenger program, that is, or the .net framework installed on any machine of mine. Isn't this for the messenger service in the administrative tools section of the control panel? If so, then I will get it. I have SP2, so the part that says it affects media player 9 shouldn't apply to me either. I don't really think I need that update.

Otherwise there 9 updates for me. 2 of which I didn't get, yet. 1 is the above mentioned messenger thing and the other is that removal tool. The 7 I got installed flawlessly.

Screw it! After posting the above a while ago, I went and got those other 2 updates anyway. WTH!! The more the merrier!! No problems with any of the updates.

Last edited by 17953 on 09 Feb 2005 - 03:44
#18.1 Steven on 09 Feb 2005 - 16:07
-Windows Messenger & MSN Messenger.

the Messenger Service is a notification service for a network.
(1 reply) #19 Jon on 09 Feb 2005 - 09:42
MS05-011 looks like fun. Why is it always the '011s'!!!
#19.1 krono6 on 09 Feb 2005 - 16:09
its Robot Language...011 means, Download me or I'll Asssimulate you with error messages.
(3 replies) #20 seb5150 on 09 Feb 2005 - 17:50
Has anyone had problems with their system after doing this update? I installed them all last night, rebooted and now I can't log in. I put in my password, everything begins to startup normally and then it starts the log out procedure. It does the same thing if I go to Safe mode.
#20.1 Mr. Black on 09 Feb 2005 - 18:51
Not here. Did you install or do something before installing the updates? Sometimes you may have done something two days ago (and had the machine up for 5) and totally forgot about it...just a suggestion.
#20.2 Iluvatar on 10 Feb 2005 - 01:00
Mine is hanging after login....had to rollback. I will wait on these for a bit.
#20.3 seb5150 on 10 Feb 2005 - 07:19
I haven't done anything to it recently, no new programs or anything, no hardware changes. Usually I don't have any problems with MS updates. I recovered my system tonight and then installed the updates again and it did the same thing so I'm leaving these on my do not install list.
#21 bush on 09 Feb 2005 - 18:46
go microsoft!
#22 slimy on 11 Feb 2005 - 00:31
good stuff
#23 Hekx on 12 Feb 2005 - 00:33
I think my automatic updates service is dead... three days in and it has not even detected one update.
Manual downloads it is.
#24 DisabledTrucker on 13 Feb 2005 - 20:40
What's the big deal with having to patch SP-2 already? It's been out now for 5 months or so, (if you include the beta's,) what would leave people to believe that it's still as secure as it was 5 months ago? Even the SP-2 version isn't perfect, as was highly noted when it was released. I for one don't pay attention to how many downloads there are when doing an update for XP, I just do them and let Windows sort them out. I would rather be safe then sorry later because I didn't do the updates when they were released. I have my computers all set up to always check on Wed's for any/all updates from M$'s site. I too though would wish that M$ went a different route to doing the installs than using only IE for them. If they are determined to use ActiveX for delivery of them they should make it a seperate application that's browser independant like that of the Mac OS X, where it's not required to even open a browser to install their updates. It would only make more sense!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.897) © 2000 - 2008 Neowin.net