Re: Anyone have hard evidence of problems with Windows Automatic Upda tes?

From: Anthony Kim (Anthony.Kim@VW.COM)
Date: 03/20/03

  • Next message: James D. Stallard: "RE: Anyone have hard evidence of problems with Windows Automatic Updates?"
    Date: Thu, 20 Mar 2003 16:58:19 -0600
    From: Anthony Kim <Anthony.Kim@VW.COM>
    To: focus-ms@securityfocus.com
    
    

    On Thu, Mar 20, 2003, Thomas Cameron wrote:

    > All -
    >
    > We are using the Windows 2000 automatic update feature on several of our
    > production servers.
    >
    > One of my fellow IT team members has expressed concern that Microsoft has a
    > bad history of releasing hotfixes which break servers. I can find lots of
    > anecdotal evidence that this has happened, but only a very limited number of
    > cases where some specific configurations were negatively impacted by hotfix
    > application.
    >
    > Does anyone have any hard evidence that automatic updates are a Bad
    > Thing(tm)?

    Read the paper published by WireX and Zero Knowledge Systems folks:
    "Timing the Application of Security Patches for Optimal Uptime".
    (Google for it.)

    Based on a sample of 136 total CVE entries, 20 patches were
    "determined to be faulty, all but one (CVE-2001-0341) had an
    updated patch released." And the one was pulled and never
    re-released.

    Faulty patches are a real phenomenon.

    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input
    box giving hackers complete access to all your backend systems!
    http://www.spidynamics.com/mktg/sqlinjection33


  • Next message: James D. Stallard: "RE: Anyone have hard evidence of problems with Windows Automatic Updates?"

    Relevant Pages

    • Anyone have hard evidence of problems with Windows Automatic Upda tes?
      ... We are using the Windows 2000 automatic update feature on several of our ... production servers. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • Re: Anyone have hard evidence of problems with Windows Automatic Upda tes?
      ... > We are using the Windows 2000 automatic update feature on several of our ... > production servers. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • Re: KB923561,KB956572,KB961373,KB952004,KB960803,KB959426 corrupt JVM
      ... An automatic update was executed today in the morning and we have to ... "Maximum memory pool" option to a value under 1024 MB. ... I had the same problem and, after uninstlling patches, Tomcat ... I tried to install those patches on another similar system, ...
      (microsoft.public.windowsupdate)
    • Re: updates...do they or dont they?
      ... If you would like to know what patches you are missing go to ... Microsoft MVP - Windows Security ... > automatic update, religiously keeping,4 antispyware and adware prog. ... > prog......etc I get ms05-009 vuneralbility in the png processing could ...
      (microsoft.public.security)
    • Re: Updates, general quoestion
      ... > www.microsoft.com/sbs click on downloads and install all the patches there. ... > I repeat...going to windows update isn't enough. ... I update the SBS server through the automatic update page. ...
      (microsoft.public.windows.server.sbs)