[ISN] Microsoft irons out security patch

From: InfoSec News (alerts@private)
Date: Wed Jul 19 2006 - 22:31:10 PDT


http://news.com.com/Microsoft+irons+out+security+patch/2100-1002_3-6096179.html

By Dawn Kawamoto 
Staff Writer, CNET News.com
July 19, 2006

Microsoft on Tuesday fixed two glitches related to one of its recently 
released security patches.

One of the problems, in security bulletin MS06-034, led some people to be 
repeatedly offered the same patch via Microsoft's update delivery tools, 
the software company said.

"Last night we fixed a couple of issues from last week's release," the 
Microsoft Security Response Center team wrote in a posting on their blog. 
"One issue was that even though you installed the update, you could still 
be getting it reoffered to you via Windows Update, Microsoft Update, 
Automatic Update or WSUS."

A second glitch affected people running Windows Server 2003 Service Pack 
1. In this particular case, the MS06-034 patch would not be offered to 
users if the initial update failed to install. In certain cases, users may 
not have been aware that the security patch had not taken hold. Microsoft 
has provided information on both issues on its Web site.

"Because the second issue might have involved a silent failure, we 
recommend all Windows 2003 SP1 users rerun detection on these systems to 
make sure that their systems have updated properly," Microsoft's security 
team advised.

The MS06-034 patch was delivered last week as part of Microsoft's monthly 
patch cycle. The flaw, a risk mainly in Web servers that let people upload 
new content, could enable an intruder to commandeer the server by 
uploading a malformed ASP file.


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed Jul 19 2006 - 22:47:01 PDT