Tag Archive: patch

Microsoft Patch Tuesday for April

Posted Apr.12, 2010 under Microsoft, Windows 7, Windows Vista, Windows XP

Microsoft’s monthly release of security updates is this coming Tuesday, April 13, and is set to deliver 11 patches to address vulnurabilities in various bits of its software. Five of the patches are marked as critical, the highest severity rating by Microsoft, and another five as important.

All five of the critical fixes are for Windows, along with three of the important fixes and one moderate one. The rest of the patches affect Office or Exchange Server, and all of the updates apply to even the most recent versions of Microsoft’s software and operating systems (for example, Windows 7, Office 2007, Server 2008 R2 and Exchange Server 2010).

This is a larger batch of patches than is usually released by Microsoft, and they are designed to fix remote code execution, elevation of privilege, denial of service and spoofing vulnerabilities.

The following software is affected:

  • Windows 2000 SP4
  • Windows XP SP2 & 3
  • Windows XP Professional (64-bit) SP2
  • Windows Server 2003 SP2 (32-bit and 64-bit, Itanium)
  • Windows Vista, SP1, SP2 (32-bit and 64-bit)
  • Windows Server 2008, SP2 (32-bit and 64-bit, Itanium)
  • Windows 7 (32-bit and 64-bit)
  • Windows Server 2008 R2 (64-bit and Itanium-based systems)
  • Office XP
  • Office 2003
  • Office 2007
  • Exchange Server 2000
  • Exchange Server 2003
  • Exchange Server 2007
  • Exchange Server 2010

As usual, there will also be an updated version of the Windows Malicious Software Removal Tool released.

Tags: ,
Leave a Comment

Microsoft: Malware may cause BSOD patch issue

Posted Feb.12, 2010 under Microsoft

Microsoft officials issued a status update on Friday for the BSOD patch issue affecting a limited amount of users.

Jerry Bryant, Sr. Security Communications Manager at Microsoft, confirmed the company was continuing their investigations into the Blue Screen Of Death (BSOD) issues related to Windows Patch MS10-015. “We have determined that malware on the system can cause the behavior” stated Bryant. He added that the software giant was not yet ruling out “other potential causes” at present and that company officials are still investigating the root cause.

Microsoft said on Thursday it was investigating numerous reports on Microsoft’s help forums by users who were complaining that after a recent update (MS10-015) they now are receiving a BSOD. Microsoft Answers, is filled with many users who are angry at the company for what they believe the update did to their machine.

The patch in question, MS10-015, one of 13 security updates Microsoft issued Tuesday, fixed a 17-year-old kernel bug in all 32-bit versions of Windows. The vulnerability went public three weeks ago when a Google engineer disclosed the bug and posted proof-of-concept attack code. As BlogoFlux had previously reported, Microsoft said it would fix a 17 year old bug that was discovered by the Google engineer.  The bug, patched in this update, is related to the Virtual Dos Machine (VDM) which is used to support 16-bit applications.

Microsoft officials say the issue is difficult to solve once a computer is in an un-bootable state. Microsoft advises customers who feel they have been impacted by the issue to contact the Customer Service and Support group.

Tags: , , , ,
1 Comment

Microsoft investigating claims of wide spread BSODs due to recent patch (Update)

Posted Feb.11, 2010 under Microsoft, Windows XP

On Tuesday, Microsoft released a patch (KB977165) for Windows that seems to be causing a lot of headaches for users of Windows XP.

ComputerWorld claim that numerous reports have been hitting Microsoft’s help forums by users who are complaining that after the update they now are receiving a BSOD. Microsoft Answers, is filled with many users who are angry at the company for what the update did to their machine.  The update, MS10-015, is the suspected culprit and it may be wise to avoid this update until these apparent issues are resolved.

We requested a comment from Microsoft regarding the patch and the software company confirmed they are investigating the issues:

“Microsoft is investigating reports of an installation issues with a security update released on February 9, 2010. We are investigating the issue to determine the cause of the issue. Anyone believed to have been affected can visit: https://consumersecuritysupport.microsoft.com. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Those outside the United States can find local contact numbers at http://support.microsoft.com/international.”

The patch in question, MS10-015, one of 13 security updates Microsoft issued Tuesday, fixed a 17-year-old kernel bug in all 32-bit versions of Windows. The vulnerability went public three weeks ago when a Google engineer disclosed the bug and posted proof-of-concept attack code.

As BlogoFlux had previously reported, Microsoft said it would fix a 17 year old bug that was discovered by the Google engineer.  The bug, patched in this update, is related to the Virtual Dos Machine (VDM) which is used to support 16-bit applications.

At the time of writing, there is no solution to the problem.  Several users on the Microsoft Answer forums have posted possible workarounds but other users are claiming that those solutions are not working for them.

We suggested the following fix that may work for some:

  1. Boot from a Windows XP setup CD and select Recovery Console at the prompt.
  2. Change directories to the uninstall directory of update in question: At the C:\windows prompt, type “CD $NtUninstallKB977165$\spuninst” and press Enter.
  3. Run in the uninstall script for that update: At the prompt, type “BATCH spuninst.txt” and press Enter. This executes the txt file as a batch script.

You’ll also want to boot into safe mode and set automatic updates to download but do not install. Other wise when you boot into windows it will automatically reinstall the update.

Update: Microsoft has posted an official response to the issue which you can read here. In a nutshell they state that they do not know the exact cause of the issue and pulled the patch from Windows Update as they continue to investigate the problem.

Tags: , , ,
2 Comments

Microsoft preparing bumper Patch Tuesday for February 2010

Posted Feb.04, 2010 under Microsoft, Windows 7, Windows Vista, Windows XP

Microsoft issued an advanced bulletin notification on Thursday detailing 26 vulnerabilities the company plans to fix on Tuesday February 9.

February’s Patch Tuesday will include 13 bulletins – five rated Critical, seven rated Important, and one rated Moderate – addressing 26 vulnerabilities. The huge bumper Patch Tuesday will also include a fix for a 17 year old Windows vulnerability. Eleven of the bulletins affect Windows and the remaining two affect Office. The Office vulnerabilities only affect older versions of Office 2007 and Office 2008 for Mac are unaffected.

Microsoft also confirmed it will not be issuing a patch next Tuesday for a new flaw discovered in Internet Explorer 6, 7 and 8 recently. Jerry Bryant, Sr. Security Communications Manager at Microsoft stated “We do not have an update for this issue planned for the normal February bulletin release. However, this vulnerability only affects versions of windows older than Vista in their default configuration.” The new vulnerability affects IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003. IE7 and 8 on Windows Vista, Windows 7 and Windows Server 2008 are only affected if a user opts to disable protected mode or, in the case of Windows Server 2003 and 2008, is not running IE in Enhanced Security Configuration.

Microsoft also took the time to remind customers about Windows versions that are reaching the end of their product lifecycle:

  • Windows XP Service Pack 2 will no longer be supported as of July 13, 2010. Microsoft recommends upgrading to Service Pack 3 or to Windows 7 as soon as possible.
  • Windows Vista RTM will no longer be supported as of April 13, 2010. Service Pack 1 will still be supported until July 12, 2011 but Microsoft recommends customers update to Service Pack 2 or Windows 7.
  • Extended support for Windows 2000 will also be retired on July 13, 2010. At that time, Microsoft will no longer provide security or any other updates for Windows 2000.

Tags: , , , ,
1 Comment

Enter your email address:

Delivered by FeedBurner