Windows Update flaw 'left PCs open' to MSBlast

flaw in Windows Update caused some organisations - including the US Army - to wrongly believe they were protected from MSBlast, according to a researcher

A flaw in Windows Update -- Microsoft's online tool that lets customers update their operating system with patches and fixes -- enabled the MSBlast worm to infect computers that apeared to have already been patched, according to a security expert.

The flaw led to a US Army server, among others, falling victim to MSBlast, according to Russ Cooper, chief scientist at security company TruSecure.

http://news.zdnet.co.uk/0,39020330,39115732,00.htm

This is outrageous......do everything "they" tell you to, and it STILL doesn't work?

Was thinking about Windows as a "backup" system, but maybe I'll just leave it off the machine altogether.

I'm near tears of total frustration trying getting the sin of a botch off of my son's computer.
Got the repair from Norton, and the patch from Microsoft, and apparently, that didn't do it.
Did a system restore, and it's still there?!-
Now frantically trying to go through the steps for the manual stuff before the system shuts itself down in .59 - .58 -
Taking a break right now to calm myself down.

They're also warning that this was a crude and amateurish 'code' (is that the correct word?) and the clones will be much nastier.
Ah, something to look forward to.

and I did not even get infected.

I was DLing the update from windows update and one of the DOS attacks hit in the middle of my download, my computer crashed and the partial update files tried to run and fucked up my whole OS.

sorry to hear that TLM. :-(

Hope everything is up and running fine, now.

My son is sitting on terminal 'switch and hold' with HP Support right now. We may end up having to do the same as you did.

apologies to all for side-tracking the thread.
Carry on.

And I can't remember it right now. You go to start/run and type in something like 'shutdown -a' and it keeps your computer from shutting down in 60 seconds so you have time to apply the fix. Arrgh. Somebody here must know it.

If you have, please explain why you believe Microsoft has done anything wrong, legally speaking.

But they are definately wrong.

I would call it bait and switch... or better yet, outright fraud. They continually sell these systems claiming, with each new OS that it is secure - "trust us." If average Joe Acme renting business space in your dying downtown tried to pass off a product that was safe, secure and reliable only to find out after purchasing it and using it that it wasn't, the FTC and any similar state and federal entities would fine them into bankruptcy.

MicroShaft has been given a free ride on a pack of lies for far too long.

Or get a class action suit going. All this talk but without accompanying legal action is just talk.

Win 98 and lower are not susceptible to this virus. Something about the NT nature of the later OSes?

to your drive to make sure you are not pirating anything of their software. Also, the 'good enough, get it to the market quick' mentality makes for bad products.

Microsoft gets nailed so often is percentage of people using Microsoft.

.

... is utter nonsense. Linux/Unix simply does not have all of the easily exploitable holes in security that MS does.

Sorry, I've used both for 18 years, I'm not buying it.

The problem with MS is that NT was written with little regard for security. It is very very hard to add security to a large piece of software, just as it is very very hard to add quality after the fact.

This particular hole is so stupid as to boggle the mind, essentially a wide open IP port.

MS is a great marketing company but don't be fooled, technically they are strictly bush league.

I think I know what I'm talking about.

Only one was infected. The one that my daughter has that hadn't had the patch from WU in July. This was her fault for being careless but it was easily repaired because I knew what it was immeadiatly and I knew how to remove it.

All the others were protected with the original patch that MS issued back in July. The people that were infected were to blame for their own stupidity and carelessness. The security patches for XP are free and available from WU. Good virus protection from various sources is an absolute must in today's environment. Regular maintenance is the responsiblity of the owner/user and not MS's.

I have my share of differences with Microsoft and I will not defend them when they are to blame but, in this instance, it is the irresponsiblilty of the computer owners/ users/ IT managers that has all the blame. There is no excuse for laziness or carlessness on the part of users and owners and IT techs and managers in todays internet environment.

ZERO got infected.