MS releases 4 patches for April 2004

***The Texan*** · April 15th, 2004, 12:05 AM

just go to your windows update page and get all your updates from there.

**!mitationRust** · April 15th, 2004, 01:03 AM

Measure twice code once

**devpon** · April 15th, 2004, 02:35 AM

!mitationRust, I tried to download the pdf, but you have to be a member or have a subscribtion to access it. Was the pdf informative or pretty bland? Are the bugs you are talking about, kernel device driver bugs? Would they be considered critical?

**!mitationRust** · April 15th, 2004, 02:48 AM

Originally posted here by devpon
!mitationRust, I tried to download the pdf, but you have to be a member or have a subscribtion to access it. Was the pdf informative or pretty bland? Are the bugs you are talking about, kernel device driver bugs? Would they be considered critical?

catch originally posted this pdf here.
http://www.antionline.com/showthread...ight=catch+PDF

I have a copy on a data CD around here, I'll do some plundering around but like he said it's too big for the site but I'll find a way to post it when I find it. Did you sign up for the site? That site has more intresting PDF's then the NSC site.

**devpon** · April 15th, 2004, 03:48 AM

!mitationRust, no I haven't signed up yet, but thanks for the extra info.

**darkes** · April 15th, 2004, 01:28 PM

Hmm, interesting point about Windows update ......

A lot of the fixes it installs are only about 300K or so, but during the installation phase they link to wxpsp2.windowsupdate.com to download the real fix, which is considerably bigger.
I can imagine this causing a lot of confusion out there.

On a dial up connection, this means that the installation phase can appear to hang for at least 30 mins or so. Seen the symptoms at a friends house, who had given up on trying to update his copy of WinXP.

It would be nice if MS gave some warning as to what was going on, like we are now going to download the real 1.5Mb fixes - took 2 hours in his case

**Beryllium9** · April 15th, 2004, 03:39 PM

How many of these linux bugs that are up to 1.8 years old have had advisories, and have been actively exploited in the wild? Not all bugs are security issues either, some will be annoyances, others will be more serious. No code is perfect and bugs will never go away no matter who develops the software and regardless of the development model. However, once a vendor is notified of a serious flaw that allows code execution, have been given sufficient time to develop and provide a solution, and the information has been made public, is it not reasonable to expect a patch?

The CHM bug that allows code execution has been known about for ages, and has been public knowledge since december 30. There are no workarounds, and no fixes. With the current patch schedule, it's been ignored or missed 4 times. It's a bit strange that a vulnerability like this has been unpatched for so long when microsoft are trying to convince world+dog they do actually take security seriously. This is the point I was trying to make, and it wasn't just another 'have a go at microsoft for the sake of it' post. There's far too many of them already, mostly for no good reason at all.

Are there any alternative download locations for that PDF file? It does look interesting going by the summary, and I've not got a subscription to that site.

**!mitationRust** · April 16th, 2004, 06:22 AM

Originally posted here by Beryllium9
No code is perfect and bugs will never go away no matter who develops the software and regardless of the development model.

Code has to be perfect or damn near when dealing with nuclear silo's in america.

Example:Google XTS-200 systems "those systems are so validated that they never need patching."

Like catch stated, AO is not uploading it,it's too big. However I did go on the record saying that I would find away to upload it.....but you will have to download the PDF to get the full effect of the charts and graphs that are presented in the PDF.

**TheSpecialist** · April 16th, 2004, 06:55 AM

Originally posted here by Draco980172
I applaud MS's attempt to reduce the number of patches, but it seems to me like including this many fixes in a single patch is just asking for trouble. What if a single fix in this patch breaks something you need. Then you have to uninstall the whole patch. I think they should at least make these readily available as separate patches to mitigate the possible problem that could occur.

Why is this such a surprise to peaple? They have always managed to package things in thier OS dozens of things which you will most likely never use... but they do this to suit the needs of the some 80% of cyberspace running thier OS. They are with the majority & the majority is lazy and would do anything BUT look through at what they may need to patch up on... vulnerabilities possably months often even years old. They are just to busy to browse up on it all. So once agian they are packing stuff together and sending out these patches all at once to suit the needs of the average fat lard-ass S.O.B. who can hardly breath or get up off the couch... yet alone walk around a few inches except when it comes to food.

**kr5kernel** · April 19th, 2004, 01:30 PM

I ran the april updates ona few computers at work...33% of them wont login correctly after the reboot. They are all running windows 2000 and are cloned dell machines. AFter 2 hours, one logged in and I was able to see the 'system' process eating up 100% cpu usage....not system idle, just 'system'. Ended up re-installing the machines. This has been all over microsoft dev forums...I would advise holding off.....now back to that lsass exploit.......

Thread: MS releases 4 patches for April 2004

Thread Tools

Display

Posting Permissions