Re: <+> Patch for MS04-007 Today!!!!<+>
From: Tim (Tim_at_NoSpam)
Date: 02/16/04
- Next message: Jeff Middleton [SBS-MVP]: "Re: NO you can't...Re: Yes"
- Previous message: Joe Letter: "Re: VPN Firewall through ISA"
- In reply to: Jeff Middleton [SBS-MVP]: "<+> Patch for MS04-007 Today!!!!<+>"
- Next in thread: Jeff Middleton [SBS-MVP]: "Re: <+> Patch for MS04-007 Today!!!!<+>"
- Reply: Jeff Middleton [SBS-MVP]: "Re: <+> Patch for MS04-007 Today!!!!<+>"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 17 Feb 2004 10:58:54 +1300
This is annoying.
For those of us on the ball, we applied the patch
Windows2000-KB828028-x86-ENU.EXE and other flavours last week.
Now there are new notifications sprouting claiming a new Critical bug under
the guise of MSO4-007!
Well, its not, and that's the issue.
KB828028 is installed everywhere I have influence, yet people are talking
now about MSO4-007.
Between MS and everyone else, could there please be One naming convention
used at all levels? This includes the file names for patches, alerts,
Windows Update references, Add Remove Programs, and so on. In add remove
programs, this should always have a hyperlink to the KB article & that
should be the only place where the KB article number is visible in the
install process.
I notice that Windows Update does not regard the patch as being installed
unless it is installed by Windows Update, or am I wrong?
So, thanks Jeff for being complete and detailing that MSO4-007 == KB828028.
In future, whenever anyone raises an alert such as this, could you please
mention both the KB number and the MSO number as Jeff has done?
But could someone tell Windows Update?
You may think I am being either hair splitting or lazy for not going off and
reading the articles. I am splitting hairs, and I am not lazy, but when I
have a customer that drove hundreds of miles to a remote site to install the
patch (he didn't want to do it via TS due to the possibility of a failed
session during update), it is not nice to have him think he should have
waited 1 or 2 days.
Comments anyone?
Regards,
- Tim
"Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in message
news:esFmcfJ9DHA.1596@TK2MSFTNGP10.phx.gbl...
> Do NOT DELAY!!
>
> I've prepared a sample email you can use to forward to customer, family
and
> friends to notify them to obtain and install this patch. I know all of us
> need something like to send people, so I'm sharing the one I wrote for my
> needs.
>
> Feb 15, 2004
>
> An ~extremely~ critical security software update was made available last
> week by Microsoft. Every Windows 2000/XP/NT computer has a design flaw
> vulnerability which Microsoft acknowledged by releasing this patch. Though
> there is no virus/worm known currently in circulation yet to attack this
> flaw, don't panic but you should protect your computer by installing the
> update in the next day or so. Go to WindowsUpdate if you are familiar with
> that method of update and install all currently offered "Critical Updates
> and Security Packs". Issue 828028 is the item involved in this matter.
>
> The balance of this message expands more detailed information than stated
> above, so if the first paragraph made sense to you, you don't really need
to
> read the rest of this unless you are curious.
> If you want a news story, this one covers it:
>
> http://www.cnn.com/2004/TECH/biztech/02/10/microsoft.flaw.reut/index.html
>
> * * * * * * * * * * * *
>
> The nature of the vulnerability could be exploited to potentially gain
full
> control of a system remotely, a firewall would not provide protection to
> certain exploit methods, nor would anti-virus provide protection in such
> cases. Installing this patch is the only appropriate defense because it
> corrects the flaw itself. It's very important to understand that this is a
> simple preventative step to take now while there is no virus/worm yet in
> circulation attacking this flaw.
>
> This is a very unusual flaw of the most serious nature, arguably ranks in
a
> top 5 flaws in Windows history. What you need to do about it is pretty
> simple, takes just a minute or two if your computer has high-speed web
> access and is periodically being updated at WindowsUpdate.
>
> WindowsUpdate will provide the patch if you are familiar with that method
of
> updating. The patch is Q828028, aka: MS04-007 depending upon what resource
> reference is being indicated. Your concern should be most specifically
first
> about protecting your home computer, or personal laptop. Tell your friends
> to take these steps as well.
>
> For your business computers, check with whomever maintains them to
determine
> if you need to take any action to protect it, or if they will act on your
> behalf.
>
> ** You should go to Microsoft's website to directly obtain and install
this
> patch. Never open an email claiming to be a patch from Microsoft because
> Microsoft NEVER emails patch files or updates. **
>
> You can reach WindowsUpdate at www.microsoft.com/windowsupdate.
>
> Follow the screen prompt instructions to "Scan for Updates" on your system
> for missing patches, then accept and install all "Critical Updates and
> Security Packs" patches offered. If none are offered to you, then you
likely
> have the patch already installed by an automatic update method configured
on
> your computer. If you visit WindowsUpdate frequently, you should find this
> patch to be small and install in a minute or two, then require a reboot.
If
> you do not frequently update your computer, you may find it takes an hour
or
> more to obtain the patches over high-speed connection.
>
>
- Next message: Jeff Middleton [SBS-MVP]: "Re: NO you can't...Re: Yes"
- Previous message: Joe Letter: "Re: VPN Firewall through ISA"
- In reply to: Jeff Middleton [SBS-MVP]: "<+> Patch for MS04-007 Today!!!!<+>"
- Next in thread: Jeff Middleton [SBS-MVP]: "Re: <+> Patch for MS04-007 Today!!!!<+>"
- Reply: Jeff Middleton [SBS-MVP]: "Re: <+> Patch for MS04-007 Today!!!!<+>"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
