04.25.10
Microsoft Serves Patch to Windows Servers Which Can Compromise These Servers Rather Than Secure Them
Summary: Latest Windows Update can actually create holes rather than close them; Vista 7 is disliked by another business, which may dump it for another operation system (or XP)
MICROSOFT IS not so good at patching those serious flaws which it deliberately hides; every now and then we find a story about Microsoft delivering bad patches that break Windows rather than fix it (sometimes even breaking mathematics in Office). Microsoft then issues a patch to fix the damage caused by the first patch, assuming that Windows can boot at all or connect to the network after the first patch.
According to this report, Microsoft has just done that again and it’s retracting the patch (a little too late though).
Microsoft has withdrawn an update for Windows Server because the patch, issued eight days ago, does not treat the root cause of the problem it was meant to fix.
This is why so many users — including businesses — refuse to accept Windows patches, at least immediately (some take a wait-and-see approach). They have no confidence in them.
As Terry Porter put it, “Windows Server fix pulled after failing to patch flaws.” He cites this interesting article which goes further than the above.
Windows Server fix pulled after failing to patch flaws.
Microsoft has taken down a recent security patch for Windows 2000 Server.
The company said that it would be working on an update for the MS10-025 patch, released last week as part of the monthly ‘Patch Tuesday’ update package.
The update was taken down amidst reports that the fix Microsoft had released was not properly patching vulnerabilities in the Windows Media Services component for Windows 200 Server.
The company has the vulnerabilities rated as ‘critical,’ and a successful update could allow an attacker to remotely execute code on a targeted system. No attacks targeting the flaw have been reported in the wild, however.
Be sure to read that last part again. It says that “a successful update could allow an attacker to remotely execute code on a targeted system.”
Gotta love Windows, eh?
“Business is far too important to entrust to Windows, get a clue and look at GNU/Linux TODAY!”
–Terry PorterPorter has actually shared another anecdote, quoting what he titled “Windows 7 described as a disaster by small business owner, may switch to another OS!”
“This business user had Autocad,” he explains, “and MS Word compatibility problems, no printer drivers for a hp DeskJet 5850 (which is supported under Linux), and describes his Windows 7 purchase as a “disaster”.
“Business is far too important to entrust to Windows, get a clue and look at GNU/Linux TODAY!”
Here is the word directly from the source:
We [purchased] a new fully loaded HP desktop (three months ago) with all the goodies,” they wrote. “We are experiencing to many problems to list but here are some; video very unstable, incompatibility problems with ACAD 14, MS Word 2003, Macromedia drivers, Easy Innkeeper etc., etc. not working at all or unstable, Microsoft Outlook 8 irregular load failures and no drivers for hp DeskJet 5850 (it will only work as a network printer).
We are small business owners and this is a disaster of a purchase we
made.We replaced our older HP Pavilion f1905 running XP pro/service pack 3 (hard drive problems) with an E154 running on Windows 7 Pro. They (MS) still do not get it – we do not have an IT department and service calls are getting expense. HP service technicians have been of very little help. We will be seriously looking at switching to brand X or go back to XP.
Why does Microsoft keep saying that everyone loves Vista 7 when obviously that’s not true? █
Yuhong Bao said,
April 25, 2010 at 8:58 pm
“Be sure to read that last part again. It says that “a successful update could allow an attacker to remotely execute code on a targeted system.””
On the matter of this, remember MS06-042, which in some OSes introduced a vulnerablity, and it required two revisions before that was finally patched properly?