News: Microsoft Security Tool Leaves Holes

Advisories

Discover Vendors/Products News

Microsoft Security Tool Leaves Holes

Problems with Microsoft Corp.'s Windows Update are causing the automated scanning service to mismanage patches, leaving IT managers to wonder whether the systems they thought were safely patched are actually vulnerable. WU, which was originally meant for consumers but is used . . .
Problems with Microsoft Corp.'s Windows Update are causing the automated scanning service to mismanage patches, leaving IT managers to wonder whether the systems they thought were safely patched are actually vulnerable. WU, which was originally meant for consumers but is used widely in the enterprise as well, checks a customer's PC for needed product updates and critical security patches. Customers can then download and install whichever components they need.

But confusion has risen with patch management in WU because Microsoft has at least four mechanisms for installing patches, each with its own vagaries and nuances. The complexity has led to technical glitches and patch mismanagement.

In one extreme case, a Microsoft customer said a patch he installed via WU removed without warning several previous hot fixes he had installed. As a result, one of his systems was successfully attacked by the Nimda virus, for which he once had a patch. "It got Nimda again because the roll-up uninstalled the previous patches," said John McGuire, a staff engineer and security expert at Strictly Business Computer Systems Inc., a consulting and engineering company in Huntington, W.Va.

The link for this article located at eWeek is no longer available. 

 

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.