Re: Anyone have hard evidence of problems with Windows Automatic Upda tes?

From: Anthony Kim (Anthony.Kim@VW.COM)
Date: 03/20/03

  • Next message: James D. Stallard: "RE: Anyone have hard evidence of problems with Windows Automatic Updates?" 
    Date: Thu, 20 Mar 2003 16:58:19 -0600
From: Anthony Kim <Anthony.Kim@VW.COM>
To: focus-ms@securityfocus.com

    On Thu, Mar 20, 2003, Thomas Cameron wrote:

    > All -
    >
    > We are using the Windows 2000 automatic update feature on several of our
    > production servers.
    >
    > One of my fellow IT team members has expressed concern that Microsoft has a
    > bad history of releasing hotfixes which break servers. I can find lots of
    > anecdotal evidence that this has happened, but only a very limited number of
    > cases where some specific configurations were negatively impacted by hotfix
    > application.
    >
    > Does anyone have any hard evidence that automatic updates are a Bad
    > Thing(tm)?

    Read the paper published by WireX and Zero Knowledge Systems folks:
    "Timing the Application of Security Patches for Optimal Uptime".
    (Google for it.)

    Based on a sample of 136 total CVE entries, 20 patches were
    "determined to be faulty, all but one (CVE-2001-0341) had an
    updated patch released." And the one was pulled and never
    re-released.

    Faulty patches are a real phenomenon.

    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input
    box giving hackers complete access to all your backend systems!
    http://www.spidynamics.com/mktg/sqlinjection33

  • Next message: James D. Stallard: "RE: Anyone have hard evidence of problems with Windows Automatic Updates?"

    Relevant Pages

    • Anyone have hard evidence of problems with Windows Automatic Upda tes?
      ... We are using the Windows 2000 automatic update feature on several of our ... production servers. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • Re: Anyone have hard evidence of problems with Windows Automatic Upda tes?
      ... > We are using the Windows 2000 automatic update feature on several of our ... > production servers. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • Re: updates...do they or dont they?
      ... If you would like to know what patches you are missing go to ... Microsoft MVP - Windows Security ... > automatic update, religiously keeping,4 antispyware and adware prog. ... > prog......etc I get ms05-009 vuneralbility in the png processing could ...
      (microsoft.public.security)
    • Re: Updates, general quoestion
      ... > www.microsoft.com/sbs click on downloads and install all the patches there. ... > I repeat...going to windows update isn't enough. ... I update the SBS server through the automatic update page. ...
      (microsoft.public.windows.server.sbs)
    • Re: When does Automatic Update Kick in? appears to do it randomly in the office
      ... By default Automatic Update performs a detection every 23 hours. ... > I dont know maybe i'm missing something, because I can't find info on> it anywhere, I'm in an office environment, various bits of IT> equipment running XP, how does windows update prompt when patches are> ready to download? ... > For example coming in nothing alerted for me but some people were told of the new patches, but when i go> to the window update page it tells me there are patches to install. ... > In the same way sometimes I get prompted before other people in the> office to download patches via the automatic update. ...
      (microsoft.public.windowsupdate)