Get Smart about Business Spending
- Related Stories
-
Windows patch backfires on the security-minded
October 17, 2005 -
Critical Windows patch may wreak PC havoc
October 14, 2005 -
Microsoft plugs Windows worm holes
October 11, 2005
A "critical" patch for a problem in a Windows component for streaming media, called DirectShow, apparently isn't as straightforward as Microsoft thought. Some Windows 2000 users have applied the incorrect patch, leaving their computers vulnerable even though they think they've patched up, Microsoft said Thursday.
"A limited amount of customers, who may have obtained the wrong security update for their version of DirectX, may think they are protected when, in fact, they are not," a Microsoft representative said in an e-mailed statement. "This only affects users who have selected the wrong package manually." DirectX contains DirectShow.
Microsoft on Wednesday published its second advisory in as many weeks for users to deal with trouble arising from this month's patch release. Last week the software maker said another critical patch could cause problems for users who changed specific Windows security settings.
The latest patching issue deals with the fixes in security bulletin MS05-050. The problem occurs when Windows 2000 users who have DirectX 8.0 or 9.0 mistakenly apply the patch for DirectX 7.0. The computer will still be vulnerable to the flaw, while the user won't be notified that the system is not updated, Microsoft said.
Windows 2000 users who obtain security patches automatically through Microsoft's patching tools or who accurately followed the steps in the security bulletin are protected, the Microsoft representative said.
Users probably applied the wrong patch because Microsoft's security bulletin was unclear, said Brian Grayek, chief technology officer at Preventsys, a vulnerability management company in Carlsbad, Calif. "The vendor, no matter who, has to be responsible for being crystal clear on remediation," he said.
While Microsoft could have perhaps published a clearer bulletin, administrators are ultimately responsible for their systems, said Susan Bradley, an independent security consultant and Microsoft Most Valuable Professional.
"At the end of the day Microsoft is not responsible for my network, I am," Bradley said in an e-mail interview. "If I don't have a clear understanding of what I have installed, whose fault is that?"
Microsoft offers guidance for Windows 2000 users who think they may have applied the wrong update in an article on its Web site.
See more CNET content tagged:
DirectX, Microsoft Windows 2000, patch, Microsoft Corp., security
Why not just release a patch over windows update to fix the problem with this patch?
The users applied the patch over a version of DX that the patch does not address.
The system is not messed up, it just isn't patched (because the user isn't running the version of DX that needs the patch.)
Stop blaming other people for your own problems.
__________________________________
R.K.
http://www.Remove-All-Spyware.com/
knowing" what they are somehow supposed to know! Unlike
these techies, MOST people use computers as tools for word
processing, etc and don't tinker or explore them. This is the vast
majority of users.
I have been horrified at Microsoft's update site over the years.
There are lists and lists of "appropriate" software, with
convoluted descriptions and "install order" (must install this
before that - or your screwed). Sheesh. They really don't get it.
- Has anybody heard of TESTING.
- by The Vanish October 21, 2005 2:52 PM PDT
- Has anybody heard of TESTING. DUH!!! before you send a patch out make sure the patch is tested first. And I am talking to the people at Microsoft.
- Reply to this comment
-
-
- Testing?
- by October 24, 2005 3:59 PM PDT
- Testing!? What's that? Ha. Microsoft don't need to test. They think they are the best coders since they cover 90% of the market.
-
-
(8 Comments)