"If I don't have a clear understanding of what I have installed, whose fault is that?"
By Joris Evers
Published: 21 October 2005 09:10 GMT
Microsoft's latest batch of security fixes keeps causing trouble for some users.
A "critical" patch for a problem in a Windows component for streaming media, called DirectShow, apparently isn't as straightforward as Microsoft thought. Some Windows 2000 users have applied the incorrect patch, leaving their computers vulnerable even though they think they've patched up, Microsoft said on Thursday.
A Microsoft representative said in an emailed statement: "A limited amount of customers, who may have obtained the wrong security update for their version of DirectX, may think they are protected when, in fact, they are not. This only affects users who have selected the wrong package manually." DirectX contains DirectShow.
Microsoft on Wednesday published its second advisory in as many weeks for users to deal with trouble arising from this month's patch release. Last week the software maker said another critical patch could cause problems for users who changed specific Windows security settings.
The latest patching issue deals with the fixes in security bulletin MS05-050. The problem occurs when Windows 2000 users who have DirectX 8.0 or 9.0 mistakenly apply the patch for DirectX 7.0. The computer will still be vulnerable to the flaw, while the user won't be notified that the system is not updated, Microsoft said.
Windows 2000 users who obtain security patches automatically through Microsoft's patching tools or who accurately followed the steps in the security bulletin are protected, the Microsoft representative said.
Users probably applied the wrong patch because Microsoft's security bulletin was unclear, said Brian Grayek, chief technology officer at Preventsys, a vulnerability management company. "The vendor, no matter who, has to be responsible for being crystal clear on remediation," he said.
While Microsoft could have perhaps published a clearer bulletin, administrators are ultimately responsible for their systems, said Susan Bradley, an independent security consultant and Microsoft Most Valuable Professional.
Bradley said in an email interview: "At the end of the day Microsoft is not responsible for my network, I am. If I don't have a clear understanding of what I have installed, whose fault is that?"
Microsoft offers guidance for Windows 2000 users who think they may have applied the wrong update in an article on its website.
Joris Evers writes for CNET News.com
The client currently has a vast number of Oracle i/10g databases and you will have strong experience of patching latest fixes to Oracle databases for ...
As Senior sysadmin, your duties will include: - Installation, monitoring and maintenance across the global server infrastructure (UNIX) - Maintenance ...
As a LAMP Developer, your duties will include:- Bug fixes, monitoring and new development on the application (PHP) - Installation, monitoring and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy