Critical UPDATE for your computer

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
20,450
Loc
Lincoln, RI
Business
Get The Picture
Microsoft released 3 "critical" updates last night that fix some serious security flaws in Windows XP, 98, NT, 2000, and Windows Server 2003. The flaws are in Outlook and Internet Explorer, and let a person take control of your computer.

They seem pretty concerned that folks upgrade, so i'm posting it here in case you didn't see/hear it on the news.

To update, click on the WINDOWS UPDATE button on your computer - or visit http://www.windowsupdate.com. This site will automatically scan your computer and select the necessary updates.

Microsoft's site has been overloaded and slow since the announcement was made, but i'm sure it'll get better as folks get through.

Mike
 
Are they the same "critical flaws" that were disclosed just after last months updates; but, they waited until this months scheduled release schedule??

Just courious.

Jerry
 
Thanks, Mike. I do so LOVE MSN
fire.gif
icon45.gif


When I go to the website, after 30 minutes or so of waiting, it tels me I have 14 downloads available, then I get a message that says "Server too busy now"

When I move, I'll still have to be on dial-up, 'cause DSL or cable isn't available, but BellSouth.net, ATT, Earthlink all are!

I could go on and on about MSN. %#%@&#*$'s!!!
 
For once, Charles, it may not be MSN's fault. Microsoft servers are overloaded with demand for the critical update downloads. So it's Mike's fault.

Mike, in your opinion, are the frequent critical updates due to flaws in the operating systems, new threats, or both?

I'm trying to relate this to our industry. Okay, let's try this: About 30-40 times each year, we each send out notices to anyone who's ever had framing done in our shops. For me, that's about 5,500 people - a little smaller customer base than Microsoft, but still a lot of notices.

The notice would say something like, "We have discovered a new atmospheric pollutant that presents a serious threat to your framed art. Please bring all your framing in to have the mats and backing updated to the latest standards. Expect to wait 18-24 months to get the items back."

BTW, this didn't show up on XP's automatic update notice and, when I went to the update site, it chugged along for a while and then came back and told me my computer's time and date settings are incorrect.

They are not. I'll try again later.
 
I have been on the CERT (Computer Emergency Readiness Team) mailing list for about three years. Of the 180 or so alerts I have gotten, roughly half of them have been for the Windows operating system; only one for the Macintosh.

You cannot download patches from the site, but you can be forewarned of the vulnerabilities to your computer. I would urge everyone to subscribe to CERT.
 
RON: Mike, in your opinion, are the frequent critical updates due to flaws in the operating systems, new threats, or both?
Both
They're due to security holes in the product that shouldn't have existed in the first place, which some kid figured out. Microsoft products are like "swiss cheese". This is why I'd never operate without a router.

Bill: Of the 180 or so alerts I have gotten, roughly half of them have been for the Windows operating system; only one for the Macintosh.
Most of these little critters originate overseas, in places where they probably don't have MACS. Most of the exploits relate to the web browsers and email programs. With about 5-6% of the market share, it's probably not worth their time to develop programs to exploit the macs. They're going for the masses, so they go after Microsoft products and unix. I think it may give a false sense of security to Mac users. Then again, maybe they really are more secure. Hopefully no one will decide it's time to test that theory


Jerry: Are they the same "critical flaws" that were disclosed just after last months updates; but, they waited until this months scheduled release schedule??
Most likely, but I'm not sure. There's another big issue floating around in the past few weeks with a large security problem in certain CISCO routers.

CHARLESL: When I move, I'll still have to be on dial-up, 'cause DSL or cable isn't available, but BellSouth.net, ATT, Earthlink all are!
There are a lot of cheap $9.95 alternatives these days too. Netzero, etc From what I've heard, they're pretty reliable. I believe many of these cheap alternatives use the same dialup nodes of the major ISPs, so you'd be calling the same modem pool in many cases.

Wireless is hitting many markets now, as an alternative to DSL and Cable. It's already here in Providence, but i'm not sure on the pricing. Residential DSL is $29.95/mo and cable is $39.95.

Mike

PS: When I signed up for the Grumble, I never figured there would be discussions like this one! Love it
 
If you are running Windows XP you should have automatic updates enabled. You will be notified of the critical updates and can choose "Update now" or " Update later".

Pat
kaffeetrinker_2.gif
 
I got the automatic updates notification and selected "update now". The update installation got a bit more than a third complete when the whole system froze. I had to manually shut off the computer and go through a second restart before I was able to get back on line.
I would assume that the installation of the updates is incomplete, and that I'll need to do this again. What should I be concerned about when something like this happened. I did all the things I'm supposed to do before starting the updates (closed down all activities),and am now a little skeptical about trying again...any suggestions?
 
Wally,

I am not sure about this but I was told that the updates don't actually unzip and automatically install themselves until the entire update is downloaded. So, if you shut down in the middle of your third update, chances are that the first 2 made the transition and the third didn't complete the download and, therefore, didn't start any automatic install.

I also got the notice automatically and had no trouble downloading them yesterday. (Or so I assume as there was only a "restart computer now to complete download" message when I returned to the computer.)

Framerguy
 
Thans again, Mike! There are several advantages to being an early riser. At 6am eastern there was no problem logging on to the website, and the downloads began immediately even on our slow dial up AOL connection. The only better time than 6am is 6am on Sunday. I get through to technical support easily for whatever I need when I call then (and it doesn't annoy the rest of the family! hehehe)
 
Source
http://news.com.com/2100-1002_3-5191796.html?tag=fd_nbs_ent

Stampede for patches disrupts Microsoft update site

Last modified: April 14, 2004, 5:32 PM PDT
By Robert Lemos
Staff Writer, CNET News.com


The crush of millions of Windows users trying to patch their computers overwhelmed Microsoft's update service for several hours after new security fixes were made available, the software giant acknowledged on Wednesday.

Immediately after Tuesday's release of four patches that fixed a score of flaws in the company's operating system, traffic to Microsoft's Windows Update site spiked higher than seen during any previous update, reaching a sustained download rate of more then 50GB per second. Past patches have resulted in 2 million people visiting Microsoft's Windows Update site every hour to download fixes. This time, between 3 million and 4 million users came to the site.

As a result, many customers found that the scan didn't work properly and they were not able to download the latest patches.

"When the patches went out yesterday there was a significant wave," said Todd Weeks, director of operations for Microsoft.com. The increase led to delays for users who wanted to immediately download the latest patches from the service. "After about the first four hours, it was essentially resolved."

By Tuesday afternoon, the company had about doubled the ability of the servers to handle requests by adding more servers that had better processors, Weeks said. By Wednesday morning, the software giant's update servers were handling 4 million visitors every hour with no issues, he said.

The events present the latest problem for Microsoft as it continues its two-year-old Trustworthy Computing initiative. Although the software giant has taken major steps to alleviate security concerns, such as delaying its next version of Windows in order to divert developers to its Windows XP Service Pack 2 security update, Microsoft has also had to contend with releases of critical patches to deal with large virus epidemics among customers.


Nonprofit group Pathfinder International encountered delays in updating its Microsoft computers Wednesday, said Kevin Greene, senior network administrator for the group. Pathfinder has servers in the United States, Peru, Brazil, Bolivia, Bangladesh, Egypt, Ethiopia, India, Kenya, Nigeria, Vietnam, Pakistan, Yemen, Tanzania and Uganda. After one of those computers had been infected by the MSBlast worm last August, the group focused on applying patches as soon as possible.

"Microsoft's decision to release updates to 90 percent of the computers on the planet on the same day, coupled with its announced desire for us to all update on the same day, places a considerable burden on Microsoft to ensure it has the bandwidth, equipment and other infrastructure necessary to ensure that we can do that efficiently," Greene said. "My experience this morning, and in the last round of updates in February, indicates that the infrastructure is lacking."

Internet performance measurement service Netcraft noted the problems as well, stating: "A browser request through Internet Explorer eventually raises the site after an extended wait, and in some cases it is possible to successfully download and install updates over a broadband connection."

The flood of users led Microsoft to add the ability to regulate the rate at which Windows Update will try to download patches from the company's servers, Weeks said. The new feature will act as a spigot on the electronic data, evening out the demand for downloads.

The current problems were solved by throwing more computing power at the issue, said Stephen Toulouse, Microsoft's security program manager. He added that--on the positive side--the flood of users means more customers are worrying about security.

"People are now just waiting to get the update," he said. "We are pleased (that customers are more aware). We will do whatever it takes to provide these updates to our customers as demand increases."
 
Back
Top