Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Focus on Microsoft
RE: Anyone have hard evidence of problems with Windows Automatic Upda tes? Mar 24 2003 10:16AM
AKaasjager enertel nl
Sure!

Of course it depends on what you would call BAD, but my idea of BAD
is an update that kills the ability to scan for new updates :-P

I have seen several Win2K Pro machines (but not all) that at some time
receive
an autoupdate from MS (I'm pretty sure that it's one of those IExplore6
service packs but haven't found out yet). After the reboot, the update
feature can no longer find any updates, although for example several
hundreds may have shown up. This affects al OS-related updates, the Office
2K updates still show up.

If you let the autoupdate feature do your patching & updating, your system
may
feature several holes waiting to be exploited.

So, YES. I think automatic updating may be a very BAD thing indeed.

BTW: even a manual update (by going to the MS website) doesn't show anything
at all.
MS has put some guidelines for fixing this problem on the knowledgebase, but
most
of the time these are useless.

Alex

> -----Original Message-----
> From: Thomas Cameron [mailto:ThomasC (at) mip (dot) com [email concealed]]
> Sent: Thursday, March 20, 2003 9:49 PM
>
> Does anyone have any hard evidence that automatic updates are a Bad
> Thing(tm)?
>

#***********************************************************************
****
#
# Dit e-mailbericht met eventuele attachments is uitsluitend bestemd voor de
# geadresseerde(n) en bevat mogelijk vertrouwelijke gegevens en/of is
# beschermd door intellectuele eigendomsrechten. Bent u niet de
# geadresseerde, neemt u dan zo spoedig mogelijk contact op met de afzender
# en verzoeken wij u het e-mailbericht en eventuele attachments van uw
# computer te verwijderen. Elk gebruik van de inhoud van dit e-mailbericht
# en eventuele attachments (waaronder verveelvoudiging, verspreiding of het
# anderzins openbaar maken in welke vorm dan ook) door andere personen dan
# de bedoelde geadresseerden is verboden. De weergegeven mening is puur
# persoonlijk en hoeft niet noodzakelijk over een te komen met die van
# Enertel. Enertel is niet aansprakelijk voor de inhoud van dit
# e-mailbericht en eventuele attachments.

----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33

[ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus