From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jul 20 2006 - 00:31:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/Microsoft+irons+out+security+patch/2100-1002_3-6096179.html

By Dawn Kawamoto
Staff Writer, CNET News.com
July 19, 2006

Microsoft on Tuesday fixed two glitches related to one of its recently
released security patches.

One of the problems, in security bulletin MS06-034, led some people to be
repeatedly offered the same patch via Microsoft's update delivery tools,
the software company said.

"Last night we fixed a couple of issues from last week's release," the
Microsoft Security Response Center team wrote in a posting on their blog.
"One issue was that even though you installed the update, you could still
be getting it reoffered to you via Windows Update, Microsoft Update,
Automatic Update or WSUS."

A second glitch affected people running Windows Server 2003 Service Pack
1. In this particular case, the MS06-034 patch would not be offered to
users if the initial update failed to install. In certain cases, users may
not have been aware that the security patch had not taken hold. Microsoft
has provided information on both issues on its Web site.

"Because the second issue might have involved a silent failure, we
recommend all Windows 2003 SP1 users rerun detection on these systems to
make sure that their systems have updated properly," Microsoft's security
team advised.

The MS06-034 patch was delivered last week as part of Microsoft's monthly
patch cycle. The flaw, a risk mainly in Web servers that let people upload
new content, could enable an intruder to commandeer the server by
uploading a malformed ASP file.

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]