SafeInput - Silent Microsoft update blamed for Windows issue - Vulnerabilities & Exploits


	Login


Username: Password: Lost Password? Register now!


	Did you know?


What is SafeInput? More details...


	Random FAQ


Disable soft-keyboard input. Answer here!

Vulnerabilities & Exploits : Silent Microsoft update blamed for Windows issue

Posted by glm on 2008/12/22 18:10:07 (29 reads)

By :Frank Washkuch

Oct 2, 2007 10:10 AM

Scott Dunn, associate editor of the Windows Secrets newsletter, said on Thursday that the update, deployed during July and August, has switched off updates for XP users who have repaired their PCs from CD-ROMs.

Microsoft%26#39;s most recent 80 patches are marked as undeliverable if a user has repaired XP system files from a CD-ROM, thus setting Internet Explorer to the version shipped with the PC.

Microsoft Product Manager Nick White said on a posting on the Windows Vista Team Blog that the issue appears to be rare.

%26ldquo;The issue does not look to be widespread and occurs in rather exceptional circumstances. It occurs because the Windows XP Repair CD replaces all system files, including Windows Update, with older versions of those files,%26rdquo; he said.

%26ldquo;Meanwhile, the most current version of Windows Update (which is already present on the system) includes a file that is not present in the Windows Update image on the Repair CD. After performing the repair, the new file remains on the system and creates a registry mismatch, causing subsequent installation of some updates to fail.%26rdquo;

Nate Clinton, Windows Update program manager, said on the Microsoft Update Product Team Blog on Friday that the issue results from a file installed in the latest update.

%26ldquo;Here%26#39;s what we found: when an XP repair CD is used, it replaces all system files (including Windows Update) on your machine with older versions of those files and restores the registry. However, the latest version of Windows Update includes wups2.dll that was not originally present in Windows XP,%26quot; he said. %26quot;Therefore, after the repair install of the OS, wups2.dll remains on the system, but its registry entities are missing. This mismatch causes updates to fail installation.%26rdquo;

Clinton recommended that users employ workarounds, including manual registration of files.

A Microsoft spokesperson said today that customers experiencing the issue are urged to contact customer service or visit support.microsoft.com/security.

Source from:Secure Computing Magazine

Previous article - Next article

Other articles
2009/2/4 23:20:16 - Cloud computing is a storage spot for malware
2009/2/4 23:20:15 - Microsoft responds to Windows 7 security gripe
2009/2/4 23:20:12 - Web identity hijacking on the rise
2009/2/4 23:20:12 - Google glitch puts surfers in a quandary
2009/2/4 23:20:11 - Facebook plays down privacy concerns
2009/2/4 23:20:10 - Australian Computer Society to use Sophos security solution
2009/2/4 23:20:09 - Google working on fix for clickjacking vulnerability in Chrome
2009/2/4 23:20:08 - McAfee: Malware will use web and USB sticks to spread in 2009
2009/2/4 23:20:07 - With economy in tailspin, Monster discloses major breach
2009/2/4 23:20:06 - OS X 'pirate' trojan resurfaces
2009/2/4 23:20:05 - IE 8 approaching on formal release
2009/2/4 23:20:04 - Companies warned over use of Netbooks
2009/2/4 23:20:03 - Trend Micro signs up with BigFix
2009/2/4 23:17:08 - Banks urged to change security policies
2009/2/4 23:17:08 - Heartland incident provides opportunity to standardise data breach notification laws

The comments are owned by the poster. We aren't responsible for their content.

Articles