Microsoft Security Bulletins for 12/9/2003 in Security

Microsoft Security Bulletins for 12/9/2003 in Security http://www.dslreports.com/forum/r8735604 en Sat, 05 Dec 2009 19:02:19 EDT Sat, 05 Dec 2009 19:02:19 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8752417 GuruGuy : The knowledge base article still have a November date on it and does NOT reflect the updated December date......the technet article DOES have the updated date stamp on it....someone needs to update the KB.
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8752417 Thu, 11 Dec 2003 05:31:29 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8752231 Mele20 : >On Wednesday 10 December 2003, Windows Update and Software Update Services (SUS) prompted some Windows XP users who were not at risk to install the security update MS03-051. This was due to a change in the Windows Update detection mechanism. This is being updated to ensure that Windows Update and SUS only prompts those Windows XP users who need it to install the security update MS03-051.

I have XP Pro SP1 and I was NOT offered this patch in November. I am now offered it. From your statement above, I gather that the current offer of the patch is erroneous because if I needed it I would have been offered it in November. Fine.

However, the updated MS03-051 states that:

>If you have the fp4awel.dll file on your system, you have FrontPage Server Extensions 2000 installed.

I have this file so I conclude I DO need the patch. Correct?
However, the bulletin also states that:

>Windows XP does not have FrontPage Server Extensions installed by default

I did not install FrontPage Server Extensions. But I have the file indicating the extensions are installed.

This is all about as clear as mud. Do I or don't I need this patch???

One more thing:
> However, those customers who determine that they do not need the Windows XP update for MS03-051 and want to remove it can do so as discussed in the "Security Update Information" section of the Security Bulletin.

Windows Update informs me that "once you have installed this item, it cannot be removed". So which is correct? Windows Update that says it cannot be removed or the Security Bulletin that says it can be removed?????

Third edit...Ahhhh...I think I finally understand. I checked in add/remove programs and I do NOT have the extensions installed. (I looked in the right place under details in IIS and the box for the extensions is not checked). So, why is the fp4awel.dll file being used as the way to determine if the extensions are installed? I have the file, but the extensions are NOT installed so I don't need the patch. Simple as that. Why does MS03-051 make it so confusing?

I guess I'll know if I figured this out correctly if Windows Update stops offering me the patch. :D

--
"Everything can be taken from a man or woman
but one thing: the last of the human freedoms
- to choose one's attitude in any given set of
circumstances, to choose one's destiny."
Victor Frankl - Man's Search for Meaning
]]> http://www.dslreports.com/forum/remark,8752231 Thu, 11 Dec 2003 03:39:57 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8751826 JmanB : I'll make a seperate post on this but since the MS03-051 (KB810217) issue is being dicussed in this thread, I'll go ahead and post it here as well:

On Wednesday 10 December 2003, Windows Update and Software Update Services (SUS) prompted some Windows XP users who were not at risk to install the security update MS03-051. This was due to a change in the Windows Update detection mechanism. This is being updated to ensure that Windows Update and SUS only prompts those Windows XP users who need it to install the security update MS03-051.

Customers who installed the security update MS03-051 do not need to take any action; the update is fully tested and supported on Windows XP. However, those customers who determine that they do not need the Windows XP update for MS03-051 and want to remove it can do so as discussed in the "Security Update Information" section of the Security Bulletin.

More information is available in the FAQ section of the Security Bulletin.
»www.microsoft.com/technet/securi···-051.asp

If you have any questions regarding this alert after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.]]> http://www.dslreports.com/forum/remark,8751826 Thu, 11 Dec 2003 01:33:19 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8750217 sashwa : Thanks, skj, for finding that. It must have come out late today. I had given up looking. I haven't gotten the Security Bulletin yet.

sash :)
--
Visit the San Francisco Bay Area Forum]]> http://www.dslreports.com/forum/remark,8750217 Wed, 10 Dec 2003 22:11:30 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8750077 skj : Something with today's date:

From: »www.microsoft.com/technet/treevi···-051.asp

Microsoft Security Bulletin MS03-051

Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Issued: November 11, 2003
Updated: December 10, 2003
Version: 1.4

V1.4 December 10, 2003: Updated the FAQ section to reflect a new Windows Update offering on Windows XP.]]> http://www.dslreports.com/forum/remark,8750077 Wed, 10 Dec 2003 21:59:30 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8748375 Sparrow :

said by GuruGuy :
It's been available (AGAIN) for several hours....

...late bloomer, I am! :D]]> http://www.dslreports.com/forum/remark,8748375 Wed, 10 Dec 2003 19:20:50 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8748344 GuruGuy : It's been available (AGAIN) for several hours....
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8748344 Wed, 10 Dec 2003 19:17:10 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8748291 Sparrow : One Critical Update Available Now.
»v4.windowsupdate.microsoft.com/e···ault.asp

]]> http://www.dslreports.com/forum/remark,8748291 Wed, 10 Dec 2003 19:11:43 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8748279 GuruGuy : Here is the KB....as you can see, it was released in NOV 2003 and there is no modification to the date....still says NOV 2003. Is it being re-released? Did they forget to release it in Nov? WTH?

»support.microsoft.com/?kbid=810217
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8748279 Wed, 10 Dec 2003 19:10:54 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8748200 Mele20 : >When you click on "read more..." for the update it takes you to a page which states: " No Security Bulletins for December Monthly Release (December 9, 2003)

I just ran Windows Update and the critical patch is shown, but I have no "read more" place to click! I have never, ever before seen a critical patch on Windows Update site where I could not learn more about the patch! If I hadn't just read the Cnet article and what Lucy had to say via antdude's post, I would be wondering if someone had hacked into Windows Update and was spoofing us! I'd say Cnet's characterization of Microsoft confusing itself is a bit mild!

I checked and I do have the web server extensions that Lucy mentions located where she indicates. I guess I am one of those to whom the update was supposed to be offered in November but was not. However, I do NOT have XP home edition. I have XP Pro version SP1a. Lucy says this fix is for those with XP HOME SP1 who don't have FrontPage Server Extension in Add/remove. Well I have XP PRO and I don't have this extension in Add/remove but I have it nonetheless. So, where do I fit in this scenario?

To confuse matters further, where is the Microsoft Security Bulletin for this? I received nothing in my email yesterday or today. I do not have automatic update turned on. I rely on the Security Bulletin List serve and this site for notifications. So where is the security bulletin for this? Even if this patch is just a reissue for those who were not offered the patch last month for some strange reason, then why is there not a Bulletin explaining this and why have I not received this Bulletin in my email?
--
"Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning ]]> http://www.dslreports.com/forum/remark,8748200 Wed, 10 Dec 2003 19:02:00 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8747909 antdude : Very confusing! Even on a clean XP Professional!

I asked Lucy if this update was an error to show up:
"No, it's not an error. This is a valid update. If you have the web server extensions then Windows Update will offer the update to install."

Anyways, share your finds on msnews.microsoft.com newsgroup server in microsoft.public.windowsupdate newsgroup.
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8747909 Wed, 10 Dec 2003 18:36:02 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8747794 mrgeek : I wish jbMSFT would stop by and clear this up for us.
--
A wise man is nothing more than an old fool]]> http://www.dslreports.com/forum/remark,8747794 Wed, 10 Dec 2003 18:24:15 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8747714 skj : When you click on "read more..." for the update it takes you to a page which states: " No Security Bulletins for December Monthly Release (December 9, 2003) " A bit confusing to say the least.]]> http://www.dslreports.com/forum/remark,8747714 Wed, 10 Dec 2003 18:12:31 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8747456 GuruGuy : Well now it's back again! Wish the hell they'd make up their mind...it's here, it's gone, it's here, it's gone.....
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8747456 Wed, 10 Dec 2003 17:46:16 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8746894 antdude : /. and CNET on new patches this week.

»slashdot.org/article.pl?sid=03/1···&tid=187
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8746894 Wed, 10 Dec 2003 16:48:57 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8746184 GuruGuy : This was an issue on our end. Yesterday we made changes to the detection
for this update and that's why Windows Update is offering the update today.
----------------

What does she mean that's why they are offering it today? I haven't seen it since it appeared lastnight and then disappeared..........
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8746184 Wed, 10 Dec 2003 15:36:48 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8746041 antdude : FYI! Two informative newsgroup replies from MS:

-------- Original Message --------
Subject: Re: KB810217 - MS03-051 - Appreared today via Windows Automatic Update - Why?
Date: Wed, 10 Dec 2003 11:55:29 -0800
From: Lucy [MS]
Newsgroups: microsoft.public.windowsupdate
References:

Hi Joe,

This was an issue on our end. Yesterday we made changes to the detection
for this update and that's why Windows Update is offering the update today.

Thanks,
Lucy [MS]

--

For those who use Windows XP Home SP1 and do not have FrontPage Server Extensions installed in Windows' Add/Remove Components.

-------- Original Message --------
Subject: Re: KB810217 - MS03-051 - Appreared today via Windows Automatic Update - Why?
Date: Wed, 10 Dec 2003 11:59:42 -0800
From: Lucy [MS]
Newsgroups: microsoft.public.windowsupdate
References:

Hi Ant,

Do you have the web server extensions?

C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin

fp4autl.dll

Thanks,
Lucy [MS]
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8746041 Wed, 10 Dec 2003 15:22:16 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8745893 MrFixIT : Thanks for the updates JmanB

!

BTW - did anyone else notice the cut and paste job at the end of first two answers?

quote:
Microsoft works to ensure the quality of all products, and a patch release is treated much like a small scale product release in terms of quality control. Microsoft would not release a product until it was tested and proven reliable, and patch releases are no different.

--
You are depriving some poor village of its idiot.]]> http://www.dslreports.com/forum/remark,8745893 Wed, 10 Dec 2003 15:10:00 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8745739 antdude : I noticed my office machine with Windows XP Home SP1 (Dell OEM; all updates except yesterday's update that is mentioned) showed this update. I cannot find this FrontPage Server Extensions package in Windows' Add/Remove Components list. I don't think XP Home even has this feature.

I am not going to get it until I hear words from Microsoft. :)
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8745739 Wed, 10 Dec 2003 14:54:27 EDT Still 19 vulnerabilities unpatched http://www.dslreports.com/forum/remark,8743285 jansson_mark : Couple ones fixed, 19 more to fix. And they dont care.
»www.safecenter.net/UMBRELLAWEBV4···dex.html]]> http://www.dslreports.com/forum/remark,8743285 Wed, 10 Dec 2003 10:15:11 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8742023 GuruGuy : Yep, I had 3 machines that had the KB810217 available. Installed 2 of them, one failed. After rebooting the failed machine and reattempting, it was no longer available for download, even though the history shows the failed install, I can't download it and it's not available........way to go MS$. Technet says nothing released on Dec 9, yet you have this listed as being a critical update on the Windows Update site, and on one machine with Auto Update turned on, the notification popped up stating that KB810217 was available.......after researching this, it appears that KB810217 was released in November! So what gives....is it a re-release or did someone screwup?
--
GuruGuy]]> http://www.dslreports.com/forum/remark,8742023 Wed, 10 Dec 2003 05:37:57 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8741671 anthrorules : Okay, re-booted (sorry, it took me awhile, I was installing an external hard drive) and haven't noticed anything out of the ordinary, I did install both updates that appeared in my updates list:

Update for Microsoft Windows XP (KB826942)
Security Update for Windows XP (KB810217)

I don't know if this makes any difference, but I've not noticed any crazy textbox scrolling since I updated, but that doesn't imply that the either of the above updates fixed the helicious update on November 11,2003 that raved havic on most people's computers running Windows.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 970 | Dell Dimension 4550 - WinXP Pro SP1 - 256MB Ram |ZA+ 4.5 | AVG 7.0 - Resident | BitDefender 7.1 Free - On-Demand |TDS3 | Ad-Aware | SpyBot S&D | MailWasher Pro]]> http://www.dslreports.com/forum/remark,8741671 Wed, 10 Dec 2003 02:53:42 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8741524 antdude :

said by mrgeek :
Windows update is giving me a security update, KB810217.

Me too! However, I don't have and never had FrontPage Server Extensions installed according to Windows' Add/Remove Components list in my Windows XP Professional SP1 system.

I think it's a problem!
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8741524 Wed, 10 Dec 2003 02:14:41 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740998 sashwa : Let us know how it goes. What I thought was strange is that there is no when click on "Read more" before you download nothing comes up and when you search for that KB number nothing is found and they say no Bulletins for December will be released. So maybe they aren't done with updating everything.

sash :)
--
Visit the San Francisco Bay Area Forum]]> http://www.dslreports.com/forum/remark,8740998 Wed, 10 Dec 2003 00:14:41 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740922 anthrorules : I just installed...haven't re-booted yet, but soon will.]]> http://www.dslreports.com/forum/remark,8740922 Wed, 10 Dec 2003 00:05:07 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740884 sashwa : I just checked and it's giving me the same critical update. Guess they changed their minds. Anyone going to try it???

sash :)
--
Visit the San Francisco Bay Area Forum]]> http://www.dslreports.com/forum/remark,8740884 Wed, 10 Dec 2003 00:00:41 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740737 mrgeek : Windows update is giving me a security update, KB810217.
--
A wise man is nothing more than an old fool]]> http://www.dslreports.com/forum/remark,8740737 Tue, 09 Dec 2003 23:44:45 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740492 Bubba :

said by R2 :
How about my TechNet and MSDN Deeptree bar?? Are they working on that yet?? ;)

Get in line ;)
--
"I R 1"]]> http://www.dslreports.com/forum/remark,8740492 Tue, 09 Dec 2003 21:06:42 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740253 Michael :

said by JmanB :
Our engineering team is aware of this issue. I don't have a status on a fix but a bug has been entered.

Thanks for the update JmanB

:)
--
For Optimized]]> http://www.dslreports.com/forum/remark,8740253 Tue, 09 Dec 2003 20:43:07 EDT CNET mentioned this... http://www.dslreports.com/forum/remark,8740236 antdude : »news.com.com/2100-7355_3-5118292···nefd_top

FYI.
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8740236 Tue, 09 Dec 2003 20:41:56 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8740123 R2 : How about my TechNet and MSDN Deeptree bar?? Are they working on that yet?? ;)]]> http://www.dslreports.com/forum/remark,8740123 Tue, 09 Dec 2003 20:33:01 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8739682 Marilla : Thanks for the info, JmanB

, and to the rest of you.. you are all nuts!!! :D]]> http://www.dslreports.com/forum/remark,8739682 Tue, 09 Dec 2003 19:56:11 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8738851 Bubba :

said by JmanB :
Our engineering team is aware of this issue. I don't have a status on a fix but a bug has been entered.

Thanks Jerry and I have to believe what you share until I see otherwise that they are indeed working this issue and not yanking my chain.

Thanks as always for the info.
--
"I R 1"]]> http://www.dslreports.com/forum/remark,8738851 Tue, 09 Dec 2003 18:45:16 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8738771 JmanB :

said by Bubba :
Disagree....I want my scroll bar back before they issue anymore updates ;)

Our engineering team is aware of this issue. I don't have a status on a fix but a bug has been entered.
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.]]> http://www.dslreports.com/forum/remark,8738771 Tue, 09 Dec 2003 18:37:58 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8738211 antiserious :
... good luck with that, Bubba ... :) ...

... if they fix it enough, we'll be back to pencil and paper ... then I can use up all those yellow legal pads that followed me home from work ...

... :D ...

--
... "Sometimes you're the Bird ... sometimes you're the Windshield" ...]]> http://www.dslreports.com/forum/remark,8738211 Tue, 09 Dec 2003 17:45:54 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8738022 Bubba :

said by antiserious :
I feel any additional comment is unnecessary ...

Disagree....I want my scroll bar back before they issue anymore updates ;)
--
"I R 1"]]> http://www.dslreports.com/forum/remark,8738022 Tue, 09 Dec 2003 17:29:09 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8737897 antiserious :

said by JmanB :
Security response requires a balance between time and testing, but Microsoft will only release a patch - when warranted – that is as well engineered and thoroughly tested as possible - whether that is a day, week, month or longer. In security response, an incomplete patch can be worse than no patch at all if it only serves to alert malicious hackers to a new issue.

... good one! ... :D ...

... I feel any additional comment is unnecessary ...
--
... "Sometimes you're the Bird ... sometimes you're the Windshield" ...]]> http://www.dslreports.com/forum/remark,8737897 Tue, 09 Dec 2003 17:17:29 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8737316 JmanB : Here's some Q&A that might help answer some questions:

Q: So, Microsoft is not releasing any patches today. Does this mean that there aren’t any known vulnerabilities that need patching?
A: Microsoft is committed to delivering security bulletins on the second Tuesday of each month and there are no bulletins ready for distribution at this time. Microsoft is almost always investigating potential and existing vulnerabilities in an effort to help protect our customers. Creating patches that effectively fix vulnerabilities is an extensive process involving a series of sequential steps. Microsoft works to ensure the quality of all products, and a patch release is treated much like a small scale product release in terms of quality control. Microsoft would not release a product until it was tested and proven reliable, and patch releases are no different.

Q: If you don’t have any patches to release today, then what has the Microsoft Security Response Center been working on for the last month?
A: Microsoft is almost always investigating potential and existing vulnerabilities in an effort to help protect our customers. Creating patches that effectively fix vulnerabilities is an extensive process involving a series of sequential steps. There are many factors that impact the length of time between the discovery of a vulnerability and the release of a patch, and every vulnerability presents its own unique challenges. When a potential vulnerability is reported, designated product specific security experts investigate the scope and impact of a threat on the affected product. Once the MSRC knows the extent and the severity of the vulnerability, they work to develop a patch for every supported version affected. Once the patch is built, it must be tested with the different operating systems and applications it affects, then localized for all markets and languages across the globe. In some instances, multiple vendors are affected by the same or similar issue, which requires a coordinated release. Microsoft works to ensure the quality of all products, and a patch release is treated much like a small scale product release in terms of quality control. Microsoft would not release a product until it was tested and proven reliable, and patch releases are no different.

Q: Several “critical” Internet Explorer vulnerabilities were released two weeks ago. Why aren’t you issuing patches to fix these vulnerabilities?
A: Microsoft is investigating public reports of possible vulnerabilities in Internet Explorer. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly patch release process or an out-of-cycle patch, depending on customer needs. Currently we have not been made aware of any active exploits of the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports.
Security response requires a balance between time and testing, but Microsoft will only release a patch - when warranted – that is as well engineered and thoroughly tested as possible - whether that is a day, week, month or longer. In security response, an incomplete patch can be worse than no patch at all if it only serves to alert malicious hackers to a new issue.

Bottom line: we care enough to make sure that our patches are tested as much as possible. We will only release a patch out of the monthly cycle if the situation requires it. Since we are not releasing any patches for the official December release date, the next scheduled patch release will be the second Tuesday in January 2004 (1/13/2004).

I would like to invite you to attend the following events where you can ask questions of Mike Nash who is the Vice President of the Microsoft Seucrity Business Unit (SBU):

1. Web Chat: Trustworthy Computing with Mike Nash
Thursday December 11, 2003 - 9:00 - 10:00 A.M. Pacific Time
Link to chat:
»communities2.microsoft.com/home/···34000081

2. Web Cast: Microsoft Executive Circle Webcast: Monthly Update from Microsoft's VP for Security: Securing the Perimeter through Best Practices and Increasing System Resiliency in Windows XP SP2
Tuesday, December 16, 2003 - 8:30 - 9:30 A.M. Pacific Time
Link to webcast:
»msevents.microsoft.com/CUI/Event···re=en-US
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.]]> http://www.dslreports.com/forum/remark,8737316 Tue, 09 Dec 2003 16:22:20 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736970 antdude :

said by JmanB :
As you may know, today is our scheduled day for the monthly security bulletin release. I'm just posting to clarify that we are NOT releasing any bulletins today.

Rats! I miss them. Just kidding. Thanks for the heads up.

Will there be one next week due to delays (assuming no emergency bulletins) or next month's second Tuesday?
--
-- Ant @ The Ant Farm: »antfarm.ma.cx]]> http://www.dslreports.com/forum/remark,8736970 Tue, 09 Dec 2003 15:49:44 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736958 Alwill : And there's still the Outlook Express address book tilde (~) file problem to be fixed.]]> http://www.dslreports.com/forum/remark,8736958 Tue, 09 Dec 2003 15:48:49 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736895 miketavares : what would be really helpful would be a timeframe when you suspect these patches will be released. This is a month in which many IT departments are short staffed due to the holidays and as in our case had arranged to coverage to have the people here to do do our testing and applying of the patches. Now that all goes by the wayside.
--
I was here]]> http://www.dslreports.com/forum/remark,8736895 Tue, 09 Dec 2003 15:42:23 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736806 Skipdawg : jbMSFT thanks for the heads up. I was going to go look after surfing BBR ;)
--
arf, bow wow, woof!]]> http://www.dslreports.com/forum/remark,8736806 Tue, 09 Dec 2003 15:32:56 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736749 dave : Brooke's law: adding manpower to a late project makes it later.

Gordon Bell also said something to the effect of 'doubling the manpower doubles the schedule'.]]> http://www.dslreports.com/forum/remark,8736749 Tue, 09 Dec 2003 15:26:42 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736589 AthlGrond :

said by Tablet :
I do not understand one thing. If it is so hard to fix and test security vulnerabilities, why doesn't Microsoft hire more staff to catch up? If thousand people is not enough, then hire ten thousand.

My guess would be that too many cooks spoil the broth.]]> http://www.dslreports.com/forum/remark,8736589 Tue, 09 Dec 2003 15:08:39 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8736414 Bubba :

said by R2 :
Waah!!! Can't they at least fix my Scroll bar and my TechNet Deeptree bar??? ;)

My chosen words have escalated every time I attempt to use the scroll bar and thu dang thing dances around out of control....Grrrrrrrrrrr ;)
--
"I R 1"]]> http://www.dslreports.com/forum/remark,8736414 Tue, 09 Dec 2003 14:49:53 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8735834 Tablet : I do not understand one thing. If it is so hard to fix and test security vulnerabilities, why doesn't Microsoft hire more staff to catch up? If thousand people is not enough, then hire ten thousand. I think money are not problem in this case. It's not that there is nothing to fix, it's just it appears MS doesn't care. :(]]> http://www.dslreports.com/forum/remark,8735834 Tue, 09 Dec 2003 13:35:34 EDT Re: Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8735697 R2 : Waah!!! Can't they at least fix my Scroll bar and my TechNet Deeptree bar??? ;)]]> http://www.dslreports.com/forum/remark,8735697 Tue, 09 Dec 2003 13:20:09 EDT Microsoft Security Bulletins for 12/9/2003 http://www.dslreports.com/forum/remark,8735604 JmanB : As you may know, today is our scheduled day for the monthly security bulletin release. I'm just posting to clarify that we are NOT releasing any bulletins today.

Thanks!
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.]]> http://www.dslreports.com/forum/remark,8735604 Tue, 09 Dec 2003 13:10:51 EDT