Wednesday, May 30, 2007

Windows Please Phone Home!

I have talked about patching a few times.

I have also discussed how I have found Microsoft Windows systems that where configured for automatic downloading of security patches, but where not patched in Cup of Hot Cocoa: Patch Warfare II.

Now it appears that Microsoft has taken notice and has released patches to fix the problems with the automatic updates, and manually using Microsoft and Windows Update sites for that matter which is great, but except for an announcement on their blog (Welcome to the Microsoft Security Response Center Blog!) it has received very little fanfare. See Two Advisories on Non-Security Updates for details.

Now the scary part is that it is being distributed be the very mechanism that it is designed to fix. If a PC is not getting updates due to the problems these updates fix, then the system will not get the fix! Now to compound the problem these fixes are distributed separately and each one requires a reboot.

In other words the broken update mechanism must download and install the first update. Can you say if your internet connection is down please visit our web site to report a problem... or how about please cal the phone company if your phone is not working...

Then it has to do the same thing for the second update!

Now if Microsoft wanted to be a good internet citizen they would announce this all over the place and encourage users to visit the update sites to download these manually or if that fails to directly download them per the knowledge base articles: Microsoft Security Advisory (927891) and Microsoft Security Advisory (937696).

No comments: