Angry customers blame MS10-015 for Blue Screen of Death and XP reboot hell.
Tuesday’s security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company’s support forum.
Complaints began early yesterday, and gained momentum throughout the day.
“I updated 11 Windows XP updates today and restarted my PC like it asked me to,” said a user identified as “tansenroy” who kicked off a growing support thread . “From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: ‘A problem has been detected and Windows has been shutdown to prevent damage to your computer.’”
Others joined in with similar reports. “There is something seriously wrong with the update. I can’t even open in safe mode,” said “Ghellow,” referring to Windows diagnostic mode that’s often a last-chance way to boot a PC.
“I am not very happy with Microsoft as I got to work this morning to find my helpdesk flooded with messages that the PC has the famous Blue Screen,” said “brawfab.”
“I had to go to work and use my Mac to get online to find out what is going on with the XP updates last night,” complained “moosewalk” on the same thread. “I am this much closer to switching over to a Mac for good.”
Source: Infoworld
Microsoft is only planning to release one bulletin on its first Patch Tuesday of 2010 and will not address an existing vulnerability in SMB that could allow a denial-of-service attack.
In an advance notification, Microsoft Security Response Center security program manager Jerry Bryant said that one bulletin addressing a single vulnerability in Windows will be released. This will address a remote code execution vulnerability that is only in Windows 2000, and may require a restart.
He said that the vulnerability is critical on Windows 2000 and low for all other platforms, although the Exploitability Index rating for this issue will not be high which lowers the overall risk.
Bryant said: “I also want to proactively point out that we will not be addressing security advisory 977544 (vulnerability in SMB that could allow denial-of-service attack). We are still working on an update for the issue at this time.
Source: SC Magazine UK
Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.
That bulletin – MS09-072 – is the only patch that carries both a “critical” severity rating and Exploitability Index grade of one, meaning consistent exploit code is likely. One of the five flaws was a zero-day, for which proof-of-concept code was publicly available.
“[The patch] is at the top of deployment priority list this month,” Jerry Bryant, senior security program manager at Microsoft, said on Tuesday in a blog post.
Microsoft originally confirmed the flaw, rated critical on all Windows platforms except Server 2008, in an advisory it released late last month. Experts anticipate malware writers will work quickly to create exploits for the bug considering the holiday shopping season is in full swing.
Source: SC Magazine UK
Microsoft is to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer and Microsoft Office on tomorrow’s Patch Tuesday.
Jerry Bryant, security program manager for Microsoft Security Response Center, wrote in the company blog that three of the bulletins have a maximum severity rating of critical and three have a maximum severity rating of important.
Bryant said: “To help customers plan for their deployment of these updates, I want to specifically call out that they touch all supported versions of Windows and IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All of the updates for Windows will require a restart so please plan accordingly.”
A vulnerability addressed in late November in Internet Explorer will also be covered.
Source: SC Magazine UK
Just two weeks after the release of exploit code for a critical (remotely exploitable) security hole in its Internet Explorer browser, Microsoft says a fix will be included in this month’s batch of Patch Tuesday updates.
Microsoft has already issued an advisory to confirm the severity of the issue, which affects users of Internet Explorer 6 and Internet Explorer 7 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. [More...]
In all, Microsoft plans to release six security bulletins next Tuesday (December 8, 2009) to fix security flaws affected IE, Microsoft Office and the Windows operating system.
Three of the six bulletins will be rated “critical,” Microsoft’s highest severity rating.
Source: Threat Post
Five critical Windows fixes are expected to be released this patch Tuesday. As reported in The Register:
Microsoft plans to release five critical update bulletins next Tuesday, all critical, in the September edition of its regular Patch Tuesday update cycle.
However, a fix for the IIS zero day flaw is not expected to be released. Which possibly leaves certain IIS configurations vulnerable for up to another month, unless Microsoft releases an out of band patch.
The list of affected software leaves out mention of Microsoft’s IIS Web Server software, which is currently the target of exploits capitalising on a zero-day vulnerability. More specifically, the flaw involves problems in the Microsoft FTP services component bundled with IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
The lack of mention of IIS in Microsoft’s pre-alert implies a set of patches for Microsoft’s web server software software will have to wait until at least October.
Remember to patch your servers!
