Print this article  |  E-mail this article  |  Comment on this article

Patch Tuesday Arrives with Nine Fixes

By Ed Oswald, BetaNews

October 11, 2005, 4:26 PM

As promised, Microsoft on Tuesday issued nine separate security patches, fixing vulnerabilities in DirectX, Exchange, Internet Explorer, and Windows itself. Three of the fixes were deemed "critical," four "important," and two "moderate."

All of the critical patches involved some type of remote code execution vulnerability. The Internet Explorer patch fixes a flaw found by eEye Digital Security and the French Security Incident Response Team back in July revolving around the COM object within IE.

The DirectX patch fixes a flaw within DirectShow, and the Windows fix patches a hole in the MSDTC and COM+ objects.

Of the important updates, all fixed code execution problems, with three of them fixing various problems with Windows. Holes in Plug and Play, Client Services for Netware and Windows Shell were repaired.

The remaining important update fixes a problem with Microsoft Collaboration Objects within Microsoft Exchange, which only pertains to business users.

A tampering vulnerability within the Windows FTP client that could allow hackers to modify file transfer locations, as well as a Denial of Service problem in the Network Connection Manager have also been addressed under the moderate category.

Microsoft's next scheduled Patch Tuesday will be November 8.

Add a Comment (24 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By wat0114

posted Oct 11, 2005 - 10:31 PM

I chose only four updates. Check out the "more Information" links for each one, and you may find several you don't need. Your Services profile is key in determining what's needed, as well as the ports you're blocking.

Score: 0

By GoodThings2Life

posted Oct 12, 2005 - 7:13 AM

Windows Updates only offers what it detects your computer needs... just because you don't use the functionality explicitly, it does not imply that Windows itself isn't using DLL's that are part of that package.

Score: 0

By sjc001

posted Oct 12, 2005 - 6:28 AM

It you didn't actually need them they wouldn't have shown up in the list after the site scans your OS.

Score: 0

By Banquo

posted Oct 11, 2005 - 9:00 PM

One or two of the issues do not affect XP SP2, so that's why some people won't get them all.

Score: 0

By kholdstare

posted Oct 11, 2005 - 5:28 PM

yet another thing they have never fixed is that stupid issue with PPoe connections it still takes windows up to a minte to just get the connection box up once i start the computer

Score: 0

By GoodThings2Life

posted Oct 12, 2005 - 7:17 AM

This sounds like a problem with your configuration and or a user error, not a bug, per se. Have you bothered to look into it, and research reasons why it is doing that, or are you just complaining out of impatience? What I suspect is happening (based on my own experiences with PPPoE) is that your computer auto-logons to your desktop on boot and that the Network Connections and Remote Access Connections services have not fully started when you click on the icon.

You could try tweaking some of your service configurations to make sure that those services are set to "Automatic" startup instead of manual... and you might also just try being patient... or you could even look up the issue on Google and find some ideas.

Score: 0

By mjm01010101

posted Oct 11, 2005 - 5:18 PM

COnsider this:
XP SP2 did little to stem the flow of updates for XP. We're seeing essentially the same updates for XP and W2K each release. Similar criticality for both OS's. Amazing, considering the amount of developers that looked over XP SP1 to get it "secure." MS sure has a long way to go yet.

Score: 0

By GoodThings2Life

posted Oct 12, 2005 - 7:30 AM

On the contrary, SP2 enables the Windows Firewall by default, and providing that users don't screw with it, it does a fantastic job of preventing Worm type viruses, which are generally the worst kind.

Furthermore, since the release of SP2, fewer than 5 of the updates have created even a potentially-wormable exploit. I'd say that contradicts your argument about not stemming the flow of updates. The updates release have instead largely (but not entirely, I acknowledge) been to prevent possible exploits, not actual exploits.

Score: 0

By Niro

posted Oct 11, 2005 - 11:21 PM

Let me see if I'm understanding what you're trying to say...

"Windows is not secure because MS keeps releasing patches for it"?

Nothing will ever be 100% secure out of the box and never need updates...that's impossible.

Linux has more security patches then windows...

Score: 0

By fewt

posted Oct 12, 2005 - 3:21 PM

No, Linux distributions have more patches than Windows.

They also have 10K more packages to support.

Score: 0

By wincement

posted Oct 11, 2005 - 6:22 PM

As would be true with any OS that has to support an infinite number of platforms and software environments.

Mac took the easy way out, and they still have to issue security patches. It's not like MS is alone.

Score: 0

By Adrian79

posted Oct 11, 2005 - 4:59 PM

since sp2 came out this problem has not been fixed!!!
http://support.microsoft...cid=kb;en-us;886299#toc

why cant they fix that?!! anyone know a workaround?
....wincement, i got 9fixes

Score: 0

By GoodThings2Life

posted Oct 12, 2005 - 7:23 AM

From the Article:
"The ActiveX controls were disabled in Windows XP SP2 because they pose a security risk. There is no supported workaround to enable this functionality in Microsoft Office."

Any workaround offered would only defeat security measures in place to protect you. The only people who would ever see the results of your efforts are fellow Office/Outlook users, so there really isn't a point to doing so.

Score: 0

By wincement

edited Oct 11, 2005 - 6:24 PM

Honest question: Which would you rather have? Security or functionality? I would definitely choose security. It says on that page that the feature is not available because unsafe ActiveX controls have been disabled by SP2.

It looks like that's a pretty darn obscure feature anyway...

Score: 0

By pozgayboi

posted Oct 12, 2005 - 6:46 AM

Let me get this straight, aside from the "Security or functionality" comment. Microsoft makes both products (IE; MS Office, MS XPSP2) but there is an "unsafe" ActiveX control in one of their products. Now, answer this, How much do you trust microsoft to your internet experience?

Score: 0

By GoodThings2Life

posted Oct 12, 2005 - 7:19 AM

I use Windows, Office, and IE daily... so if your question is "How much do you trust Microsoft"... the answer is ... generally speaking, I trust them pretty much explicitly or else I wouldn't be using their products. Granted, my primary browser is Firefox, but only because of tabbed browsing. When IE7 is released, all bets are off on what I'll be using.

Score: 0

By wincement

posted Oct 11, 2005 - 4:48 PM

For some reason I only got eight. Anyone else have the same situation?

I've got Win XP Pro SP2

Score: 0

By TomA102210

posted Oct 12, 2005 - 9:05 AM

Received 9 for my desktop computer and 8 for my notebook computer.

Score: 0

By yohimbe9

posted Oct 11, 2005 - 5:46 PM

#9 is an Exchange Server only fix

Score: 0

By wincement

posted Oct 11, 2005 - 6:23 PM

Oh. Thanks =)

Score: 0

By Kamika007z

posted Oct 11, 2005 - 5:25 PM

you prolly installed an update before it was released via winupdate.

Score: 0

By sophist_dreams

posted Oct 11, 2005 - 5:22 PM

I only got 8 myself, but I have my auto update enabled, so maybe one from earlier snuck in.

Score: 0

By 1uk3

posted Oct 11, 2005 - 5:21 PM

I've got Win XP ProSP2 but got all 9. Not sure why you would only have got 8 of them :S

Score: 0

By Claudinho69

posted Oct 11, 2005 - 6:24 PM

i got 7...

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue