Just when you thought it was safe to compute….PATCH TUESDAY! (Now playing at pc’s every where!)
Do you like my dramatic announcement? I should put some scary music to it - ya think?
Seriously though, so far, it’s only one (1) critical update and one (1) important update coming. Unless of course, they have to revise again. (No, Microsoft wouldn’t do that! Laughing hysterically)
But again, seriously - (I’m really in a mood today, aren’t I?) - the updates will affect Windows (virtually all installations) and Office software.
The update is affecting the Microsoft XML core. Wonder what’s wrong with it this time? Just a mention of yet another remote code execution vulnerability. Imagine that.
And, oh goodie! They issued another Malicious Software Removal Tool that I can deny again! I so look forward to those. NOT!
I’m going to make sure that the XML core update can be removed before I allow it to install and I’m going to check for known issues when this is released. In short, I’m going to wait a few days before installing. I vaguely remember having problems with a previous XML update.
There are two critical alerts I need to give you and remind you that these are NOT Halloween hoaxes.
The first is for parents. DO NOT, I repeat, DO NOT allow your children to eat any Pirates Gold Chocolate Coins. They have been recalled due to the finding of melamine in the candy.
The second critical alert is about Microsoft Updates. I sent a Critical Alert to our newsletter subscribers yesterday and I’m repeating it here for those of you who do notsubscribe to those.
The most recent set of updates went out nearly two weeks ago on Patch Tuesday and a special “Out of Band” Security Bulletin was issued last week that was marked Critical.
This special update is titled: MS08-067 and affects:
Windows Server 2003 Windows Server 2008 Windows 2000 Windows XP Windows Vista
This update deals with a service called the Server Service and even though you may think you aren’t using this service on your laptop, desktop, or any other kind of workstation, it is a part of your Windows Operating System and it is being used. The name does not imply what you think it does.
The reason I’m alerting you is because there is now a notice that an exploit has been publicly posted on the Internet. What that means is that a “bad guy” posted an example of how to attack someone’s un-patched computer to take over their machine from the Internet.
It is imperative that you go to theMicrosoft Update Site and download the current set of updates. (You may feel free to exclude the Malicious Software Removal Tool if you are so inclined.) But please update the rest of your patches!
I have done my updates and have noticed no change in the behavior of my computer nor the programs operating on it so I can only assume these updates are safe.
And while you’re at the update site, under the Other Software category, get the new Root Certificate Server update too!
What causes the vulnerability?
The vulnerability is caused by the Windows Server service not properly handling specially crafted RPC requests.
What is the Server service?
The Server service provides RPC support, file and print support, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC.
What is RPC?
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.
Note to students in the Advanced PC Security Course (Hack Your Way to Security): Do you remember the lesson on RPC Service and why it is so dangerous? Here’s your proof!
Before I release the final part of the Why is my PC slow series, I wanted to get this out to you because I found out other windows users are experiencing the same thing.
I went to shut down my PC Wednesday evening and I received a different shut down screen than I’m used to seeing.
Microsoft's Shut Down Screen
Now, I found this quite odd since I have my auto-updates set to “Download updates for me, but let me choose when to install them.” So I was like, “Microsoft Dudes! Where’s my updates?” And more specifically, where’s my install shield??
Auto-Update Settings
I did my usual Google search and found that it appears many other Microsoft users are having the same problem in the past month or so. This was surely becoming, “The Case of the Missing Install Shield!”
So of course, my mind goes into “Microsoft Conspiracy Mode” and I start looking for solutions on how to get my shield back so I can scope out what kind of junk they are trying to give me this time!
There were a few good sites that told me what to try, but of course, Microsoft’s Live Search of the knowledgebase yielded nothing. And I did try three things with the command line (run) to try to initiate the download shield but to no avail.
Not to be out-witted by Microsoft’s sneaky tactics, I headed straight to the Windows Update site to check what updates were trying to install by doing a scan and seeing what I needed.
To my surprise, each of the waiting downloads appeared on the scan in Windows Update and showed that they were downloaded and waiting to be installed. (See my related YouTube video below this post.)
But because I NEVER accept the Malicious Software Removal Tool, I didn’t want it installing itself through the shut down screen. I used the results of the Windows Update online to uncheck that box and accepted the other updates, plus the root certificate update under the software category and let them install from the Windows Update site.
As the second installation starts, guess what pops up? My auto-update shield and the update installation window!
(Click to view full image)
Now, does this mean I fixed my problem? Not sure, but I think I figured out how this might have happened and we’ll see I can duplicate the results next Patch Tuesday.
And here’s what I think happened. Somewhere during the course of my day Tuesday or Wednesday, the updates installed. The install shield must have became hidden in my task bar because I know I was really busy those two days.
I’m going to have to assume that since I neglected my poor Microsoft install shield and the updates, Microsoft is programmed to install them, “by any means possible” which includes getting you to unconsciously click the “Turn Off” button which will install the updates.
But that’s only my guess. Only Microsoft can answer the question of, “Dude! Where’s my updates?”
P.S. Please check back here tomorrow morning to see Part 3 of the Why Is My PC So Slow series!
In honor of Patch Tuesday, August 12, 2008, ZoneAlarm (Check Point) will be offering ForceField browser security for FREE for only 24-hours!
In Microsoft’s Advance Warning notice that I receive, there will be 7 critical updates and 5 important updates.
Affected software will be: Windows 2000, Windows XP (SP2 and 3), Windows XP Professional - including x64 edition and SP2, Windows Server 2003 (including: SP1 & SP2, x64, and SP1 & SP2 for Itanium-based Systems), Windows Vista (including: SP1, x64 and x64 SP1), Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems, Microsoft Windows Malicious Software Removal Tool (now there’s a surprise! NOT!), Non-Security, High-Priority Updates on MU (*Microsoft Update), WU(*Windows Update), and WSUS (*Windows Server Update Service), Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, Microsoft Internet Explorer 7, Media Player 11, Microsoft Outlook Express 5.5 Service Pack 2, Microsoft Outlook Express 6 (including SP 1), Windows Mail (Vista), Windows Messenger 4.7, and 5.1. There is also supposed to be critical updates for Access, Excel, and PowerPoint but it’s not clear what versions they are yet.
So, first thing tomorrow morning, head over to ZoneAlarm’s special site here: www.zonealarm.com/patchtuesday and get yourself a copy of ForceField. I think we’re all going to need it!
Do you enjoy this blog? Then buy me a coffee or send me a tip! May I suggest $3 for a Venti (extra-large) cup of Starbucks Carmel Macchiato? You can also choose any amount you wish.Click to send Tip>>
MICE Critical Alert!
*Standard text messaging rates may apply from your carrier*
Do you enjoy this blog? Then buy me a coffee or send me a tip! May I suggest $3 for a Venti (extra-large) cup of Starbucks Carmel Macchiato? You can also choose any amount you wish.
Recent Comments