[ISN] Microsoft Investigates Blocked Patch Updates in XP

From: InfoSec News (alerts@private)
Date: Thu Sep 27 2007 - 23:17:51 PDT


http://www.eweek.com/article2/0,1895,2189878,00.asp

By Brian Prince
September 27, 2007 

Updates quietly deployed by Microsoft in July and August could prevent 
Windows XP users from installing up to 80 recent patches.

Microsoft officials say they are investigating reports that files the 
company deployed this summer prevent Windows XP users who run a built-in 
"repair" function from installing as many as 80 of the company's latest 
security patches.

"We are aware of reports about customers not being able to download some 
updates from Windows Update when using the latest version of the Windows 
Update client and after reinstalling Windows XP system files from CD," a 
Microsoft spokesperson said Sept. 27. "We take this issue very seriously 
and are investigating the root cause of this behavior and what options 
are available to address it."

The issue was brought to light by Scott Dunn, a writer and associate 
editor with Windows Secrets Newsletter. According to Dunn, the problem 
is stealthy updates deployed by Microsoft in July and August. The files 
prevent Windows XP users who utilize the repair function from installing 
recent patches.

In the newsletter, Dunn explained that after a user employs the repair 
option from an XP CD-ROM, Windows Update downloads and installs the new 
7.0.600.381 executable files. Some of the Windows Update executables are 
not registered with the operating system, which in turn prevents Windows 
Update from working as intended.

"We have tested and confirmed that the silent updates actually prevent a 
repaired copy of Windows XP from loading the latest patches," Dunn said 
later in a statement. "We initially thought Microsoft's stealth update, 
though unwise, was harmless. But that is not the case, because it 
cripples the updating process on XP after the repair option is used."

The repair function takes Windows back to its original state if a 
computer is unable to boot up.

According to Dunn, a few users of the repair option relayed their 
problems to Windows Secrets after the newsletter on Sept. 13 revealed 
"silent installs" by Microsoft.

Microsoft, based in Redmond, Wash., urged customers that are 
experiencing this issue to contact customer service.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Thu Sep 27 2007 - 23:43:06 PDT