RE: Windows XP SP2 update

From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 04/09/05

  • Next message: Ken Schaefer: "RE: Windows XP SP2 update"
    Date: Sat, 9 Apr 2005 08:52:39 -0700
    To: "Bob Lachance" <boblach@hotmail.com>, <focus-ms@securityfocus.com>
    
    

    Jeez, folks; this is absurd.
    PLEASE perform a modicum of research and testing before making such
    noises.

    AU has three basic settings
    - auto-download and install on a schedule
    - auto-download on a schedule and wait for user action to install
    (DEFAULT)
    - do nothing, wait for user intervention

    How about SUS or WSUS? Here's how you control bandwidth - by making
    patches centrally available within the environment itself and <GASP>
    control which patches are published to the users.

    If you're really concerned about your customers, then help them exercise
    control over their environment. AU can be controlled by registry
    entries if GPO aren't an option and its <GASP> all documented on a
    freely-downloaded document available here:
    http://www.microsoft.com/windowsserversystem/updateservices/techinfo/pre
    vious/susdeployment.mspx.

    BTW, considering that XP SP2 has been out for nearly a YEAR, you've all
    had more than enough time to evaluate the impact XPSP2 has in various
    deployments. If you found something in XPSP2 and failed to report it,
    that particular problem lies squarely on your own shoulders.

    Jim

    -----Original Message-----
    From: Bob Lachance [mailto:boblach@hotmail.com]
    Sent: Friday, April 08, 2005 11:57
    To: focus-ms@securityfocus.com
    Subject: Re: Windows XP SP2 update

    >"However--and this is the most important point--Automatic Updates won't

    >automatically install SP2 at that time.

    *** But they will automatically DOWNLOAD won't they?

    Bandwidth considerations ?

    -Bob

    >Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
    >
    >>Gawd bless it...not another post...
    >>
    >>NO THEY ARE NOT....
    >>
    >>1. only if you had the kill bit enabled...do you? I didn't..I don't
    know
    >>of anyone who used it ... is it expiring
    >>2. Only if you have autoupdates enabled... kill bit gone...then shut
    off
    >>AU
    >>3. even with the AU enabled, the kill bit gone you STILL have to
    click on
    >>a EULA
    >>
    >>Geeze between Microsoft themselves not clarifying how few people used
    >>this, how few people will be affected by this.. it's insane the amount
    of
    >>misinformation April 12th has.
    >>
    >>Nothing will happen..if you want to stay on a less secure XP sp1...
    you
    >>have every right to do so.
    >>
    >>Me I already upgraded a long time ago.
    >>
    >>And no.. Windws 2003 isn't on AU either... if you got it you approved
    it
    >>on SUS or you WU'd it yourself..
    >>
    >>The FUD over this kill bit thing is insane.
    >>
    >>Like a fellow mvp said... he thinks he could convince people that it
    will
    >>be installed even if the computer isn't turned on and he bets that the

    >>newsmedia would buy it.
    >>
    >>Susan
    >>
    >>John Madden wrote:
    >>
    >>>Forgot about this one...
    >>>
    >>>Microsoft is forcing the upgrade to XP2 by april 12th.
    >>>
    >>>This is going to be a nightmare if all pc's get
    >>>updated at the same time...
    >>>
    >>>
    >>>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aum
    ng.mspx
    >>>
    >>>
    >>>
    >>> __________________________________ Yahoo! Messenger Show us
    what
    >>>our next emoticon should look like. Join the fun.
    >>>http://www.advision.webevents.yahoo.com/emoticontest
    >>>
    >>>---------------------------------------------------------------------
    ------
    >>>
    >>>---------------------------------------------------------------------
    ------
    >>>
    >>>
    >>>
    >>>
    >>>
    >>
    >
    >--
    >Chapter 4 of The Complete Patch Management Book:
    >https://www.ecora.com/ecora/jump/pm149.asp
    >
    >So why is it the only book on NT Event Logging is out of print?
    >http://tinyurl.com/3kwc2
    >
    >And if you don't know about www.eventid.net You should!
    >
    >
    >-----------------------------------------------------------------------

    ----
    >-----------------------------------------------------------------------
    ----
    >
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Ken Schaefer: "RE: Windows XP SP2 update"

    Relevant Pages

    • Re: Tying in GEM-X10 into Napco Gemini 816 Alarm System Controller
      ... the preferred Napco controller for Home ... the panel itself. ... What specifically did your contractor install in the way of wiring ... There are some limitations as to what you can control on the Napco from the ...
      (comp.home.automation)
    • Re: 030 igetnet ignkeywords
      ... "downlaod" the control to find out if it is signed or not... ... > clicking on a link on a web site, and allowing it to install HOWEVER - ... IGetNet provide did appear to "sufficiently" remove the thing from my ... "adware" folk in trouble. ...
      (Incidents)
    • Re: Recurring Spyware
      ... A PC is only as good as it's maintenance. ... succeeding at installing itself to STOP the Install - WINDOWS ... network client, so it waves all sorts of opportunities around. ... Having deeply-pervasive automated control over things that have no ...
      (microsoft.public.windowsxp.security_admin)
    • [NT] Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Terminal Services Advanced Client web control is an ActiveX ... A security vulnerability results because the control contains an unchecked ... * Customers should install the latest IE cumulative patch. ...
      (Securiteam)
    • Re: More before-the-fact advice for 2K and XP?
      ... neither ActiveX nor BHO require Admin permissions to ... given that non-admins have a significant amount of control over ... "Would you like to install the ... With executable white listing, the app doesn't just ...
      (microsoft.public.security)