Re: Yet more Windows XP security patches

From: "MAP" <mikepawlak2REM@xxxxxxxxxxxxxx>
Date: Thu, 11 Aug 2005 12:01:18 -0400

As with many so called "critial patches" does the average "home user" need
them?
Before installing these updates it is best to read just what they do,take
the
PNP patch that you mention, The person exploiting this MUST have their hands
on your keyboard! (or "Admin rights" how would they get this if you secured
your system?).
A couple of years ago hotfix Q811493 (the first release) had this same
mitigating factor many installed it because of the "critical update"
header,and their system slowed down to a crawl,did they need it NO!
It takes longer to install these hotfixes reading each one but on the
otherhand it may keep your computer up and running by not installing some
that you really don't need which may screw your system up! I have read posts
already on this months patch tuesday of problems with computers not booting
after installing these updates.

Mitigating Factors for Plug and Play Vulnerability - CAN-2005-1983:

.. On Windows XP Service Pack 2 and Windows Server 2003 an attacker must have
valid logon credentials and be able to log on locally to exploit this
vulnerability. The vulnerability could not be exploited remotely by
anonymous users or by users who have standard user accounts. However, the
affected component is available remotely to users who have administrative
permissions.

Just my 2 cents worth
Mike Pawlak

Borgholio wrote:
> Now before I continue, I just want to let everybody know that I'm NOT
> trying to troll here. I'm not a Microsoft-hater, but there are just
> some things that are inexcusable and that I MUST rant about. It's
> nothing new actually...about a dozen security patches to install.
> Happens all the time. Today, however, something just stuck in my
> craw. Here are the
> descriptions of two patches waiting to be installed:
>
>
>
> Size: 483 KB - 566 KB
>
> A security issue has been identified in the Plug and Play service
> that could allow an attacker to compromise your Microsoft
> Windows-based system and gain control over it. You can help protect
> your computer by installing this update from Microsoft. After you
> install this item, you may have to restart your computer.
>
> More information for this update can be found at
> http://go.microsoft.com/fwlink/?LinkId=48900
>
>
>
>
> Size: 494 KB - 550 KB
>
> A security issue has been identified in the Print Spooler service
> that could allow an attacker to compromise your Microsoft
> Windows-based system and gain control over it. You can help protect
> your computer by installing this update from Microsoft. After you
> install this item, you may have to restart your computer.
>
> More information for this update can be found at
> http://go.microsoft.com/fwlink/?LinkId=48902
>
>
>
>
> Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't
> have a security hole in it??? What's next, a security hole in the
> mouse driver? I mean I understand if there's a hidden security hole
> in the TCP / IP stack that nobody noticed, but the Print Spooler?
> Plug and Play? For crying out loud...EVERY SINGLE security patch I
> downloaded today is to prevent "an attacker to gain control over your
> system". From my personal experience, it seems as if Microsoft
> designed Windows XP to be more accessable to the outside world than
> to the actual user! What's their excuse for allowing so darn many
> lapses in security to pass through QA?
>
> In a nutshell, Microsoft's security sucks eggs. Why? Do they just
> not care (as they pretty much bend people over a barrel when it comes
> to buying an operating system)? Or are they just incompetent when it
> comes to security?

.

Follow-Ups:
- Re: Yet more Windows XP security patches
  - From: kurttrail
- Re: Yet more Windows XP security patches
  - From: Jupiter Jones [MVP]
- Re: Yet more Windows XP security patches
  - From: Alias

References:
- Yet more Windows XP security patches
  - From: Borgholio

Prev by Date: Re: Right SP level required for a Repair Install?
Next by Date: RE: Roaming profile problem
Previous by thread: Re: Yet more Windows XP security patches
Next by thread: Re: Yet more Windows XP security patches
Index(es):
- Date
- Thread

Relevant Pages

Re: Starting again with a 2 year old XP version. Updates question
... Noel Paton (MS-MVP 2002-2005, Windows) ... I also noted that it wouldnt shut down after installing SP2 - ... > Security Update for Windows XP ... > can help protect your computer by installing this update from Microsoft. ...
(microsoft.public.windowsupdate)
Starting again with a 2 year old XP version. Updates question
... Security Update for Windows XP ... You can help protect your computer by installing this update from Microsoft. ...
(microsoft.public.windowsupdate)
Starting again with about a 2 year old version of XP. Updates pro
... Security Update for Windows XP ... You can help protect your computer by installing this update from Microsoft. ...
(microsoft.public.windowsupdate)
How can I download these updates in French?
... Download size: 455 KB, 5 minutes ... Windows XP Professional. ... A security issue has been identified that could allow an attacker to ... You can help protect your computer by installing ...
(microsoft.public.windowsupdate)
RE: Error Installing XP Sp 2
... rule also applies not only to Windows 98 but also to Windows XP. ... Worldwide customers can use the Guide to Worldwide Microsoft Licensing ... Error Installing XP Sp 2 ... | same product key on a retail version. ...
(microsoft.public.windowsxp.general)