http://www.eweek.com/article2/0,1895,2189878,00.asp By Brian Prince September 27, 2007 Updates quietly deployed by Microsoft in July and August could prevent Windows XP users from installing up to 80 recent patches. Microsoft officials say they are investigating reports that files the company deployed this summer prevent Windows XP users who run a built-in "repair" function from installing as many as 80 of the company's latest security patches. "We are aware of reports about customers not being able to download some updates from Windows Update when using the latest version of the Windows Update client and after reinstalling Windows XP system files from CD," a Microsoft spokesperson said Sept. 27. "We take this issue very seriously and are investigating the root cause of this behavior and what options are available to address it." The issue was brought to light by Scott Dunn, a writer and associate editor with Windows Secrets Newsletter. According to Dunn, the problem is stealthy updates deployed by Microsoft in July and August. The files prevent Windows XP users who utilize the repair function from installing recent patches. In the newsletter, Dunn explained that after a user employs the repair option from an XP CD-ROM, Windows Update downloads and installs the new 7.0.600.381 executable files. Some of the Windows Update executables are not registered with the operating system, which in turn prevents Windows Update from working as intended. "We have tested and confirmed that the silent updates actually prevent a repaired copy of Windows XP from loading the latest patches," Dunn said later in a statement. "We initially thought Microsoft's stealth update, though unwise, was harmless. But that is not the case, because it cripples the updating process on XP after the repair option is used." The repair function takes Windows back to its original state if a computer is unable to boot up. According to Dunn, a few users of the repair option relayed their problems to Windows Secrets after the newsletter on Sept. 13 revealed "silent installs" by Microsoft. Microsoft, based in Redmond, Wash., urged customers that are experiencing this issue to contact customer service. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Thu Sep 27 2007 - 23:43:06 PDT