Announcement

Collapse
No announcement yet.

if you haven't done it yet, update your xp now!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • if you haven't done it yet, update your xp now!

    list of patches:

    Microsoft Security Bulletin MS04-018
    Cumulative Security Update for Outlook Express (823353)

    Microsoft Security Bulletin MS04-019
    Vulnerability in Utility Manager Could Allow Code Execution (842526)

    Microsoft Security Bulletin MS04-020
    Vulnerability in POSIX Could Allow Code Execution (841872)

    Microsoft Security Bulletin MS04-021
    Security Update for IIS 4.0 (841373)

    Microsoft Security Bulletin MS04-022
    Vulnerability in Task Scheduler Could Allow Code Execution (841873)

    Microsoft Security Bulletin MS04-023
    Vulnerability in HTML Help Could Allow Code Execution (840315)

    Microsoft Security Bulletin MS04-024
    Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

  • #2
    And next week they will discover that those patches opening up 15 more security holes.

    Jammrock
    “Inside every sane person there’s a madman struggling to get out”
    –The Light Fantastic, Terry Pratchett

    Comment


    • #3
      Well I know four other holes were found in IE on Tuesday so they won't be in the patches.

      Security tip at the moment, disable active scripting and what does the latest beta version of Windoze update need. Scripting enabled. Also Java gets blocked by Nortons firewall.

      Time Microshaft also allowed other browsers directly to the windoze update.
      Chief Lemon Buyer no more Linux sucks but not as much
      Weather nut and sad git.

      My Weather Page

      Comment


      • #4
        Out of curiousity, isn't there a way for Mozilla/Firefox (probably Opera as well) to trick the sites they go to into thinking that they ARE Internet explorer? Though I don't know if that would work for windows update, since it uses the scripting.... Got to love Microsoft's way of updating things.....

        Leech
        Wah! Wah!

        In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

        Comment


        • #5
          Winupdate uses activeX. Though it's supposedly possible to get ActiveX for Firefox, it kind of defeats the purpose of using alternate browsers.

          Comment


          • #6
            Friggen hell, those patches are pain in the bum when on dial-up

            But thx anyway, i'll download these when I sleep.

            Comment


            • #7
              Good call. Build 2162 it is.
              "And yet, after spending 20+ years trying to evolve the user interface into something better, what's the most powerful improvement Apple was able to make? They finally put a god damned shell back in." -jwz

              Comment


              • #8
                Originally posted by leech
                Out of curiousity, isn't there a way for Mozilla/Firefox (probably Opera as well) to trick the sites they go to into thinking that they ARE Internet explorer? Though I don't know if that would work for windows update, since it uses the scripting.... Got to love Microsoft's way of updating things.....

                Leech
                It's called the User Agent string. For Firefox, go to about:config, and add a String called "general.useragent.override" and set it to what you want to masquerade as.

                Here's a list of a bunch of them: http://www.zytrax.com/tech/web/browser_ids.htm

                I think it's supposed to be pretty easy in Opera, too, but I've never used Opera.


                And Windows Update requires ActiveX, which only IE is dumb enough to be capable of support.
                Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                Comment


                • #9
                  Well if they're serious about security perhaps they should forget about this activex and make easier to access.
                  Chief Lemon Buyer no more Linux sucks but not as much
                  Weather nut and sad git.

                  My Weather Page

                  Comment


                  • #10
                    ActiveX is the cause of most of the security holes. Go figure that windows update requires it.
                    "I dream of a better world where chickens can cross the road without having their motives questioned."

                    Comment


                    • #11
                      ANyone have any weirdness with XP. On the first reboot after installing the patches and when logging onto our network, their is about a minute and a half delay just after entering one's username and password but then it is fine.

                      Comment


                      • #12
                        I haven't but one person with Novell client noticed that Novell had forgotten his username.

                        My XP machine at work with rc2 reckons theres no updates and no previous installed updates. Either it's not working or these patches are older than we think.
                        Chief Lemon Buyer no more Linux sucks but not as much
                        Weather nut and sad git.

                        My Weather Page

                        Comment


                        • #13
                          Originally posted by The PIT
                          My XP machine at work with rc2 reckons theres no updates and no previous installed updates. Either it's not working or these patches are older than we think.
                          most likely they are issuing those patches to only XP/SP1 clients, and are acctually pulled from the SP2 code base. in any case, even if it was a ""new"" vulnerability that SP2 couldn't handle, you would not see an update on WU. you would see either a patch released through the MS beta download site or it would simply be merged into a newer build (ie, the 2162 build that was released yesterday).
                          "And yet, after spending 20+ years trying to evolve the user interface into something better, what's the most powerful improvement Apple was able to make? They finally put a god damned shell back in." -jwz

                          Comment


                          • #14
                            With all this, I'm thinking it's a good thing that I'm going to get an nvidia card soon (if the bastards ever come out!) and then avoid using XP as much as I can...

                            Leech
                            Wah! Wah!

                            In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

                            Comment


                            • #15
                              Originally posted by Byock
                              ActiveX is the cause of most of the security holes. Go figure that windows update requires it.
                              Makes me seriously wonder if MS really does use those extensions to spy on your system when you do updates.
                              Titanium is the new bling!
                              (you heard from me first!)

                              Comment

                              Working...
                              X