Enterprise applications Toolkit

Problem patches can cause mayhem

Tags:
Database,
Spyware

John McCormick Tech Republic

Published: 02 Nov 2005 12:05 GMT

Perhaps enacting its own version of trick-or-treat, Microsoft served up some tricks in this month's security updates. If you've dutifully applied the patch provided in Microsoft Security Bulletin MS05-051 and at some point changed the default access control list settings, your users have likely experienced serious problems with their PCs, including loss of network connections (as well as dialup configurations) and a failure to initiate the Windows Firewall. Microsoft has posted updates to the security bulletin and has published Knowledge Based article 909444, which addresses the problem.

In addition, a problem has cropped up in the DirectShow patch distributed with Microsoft Security Bulletin MS05-050. The threat stems from possible confusion over which patch to apply.

If you have DirectX versions 8.0 or 9.0 and apply the DirectX 7.0 patch by mistake, you won't actually fix the problem or protect your system. The patch doesn't cause any harm to your system; it just doesn't provide the protection you think you've added.

Redmond's not the only one dealing with tricky updates — Oracle users are struggling with problems with the most recent quarterly update from the software vendor. Apparently, the latest update didn't patch a number of serious vulnerabilities.

This is especially a concern considering that the vendor only releases four sets of patches each year, which means the company are not likely to fix these known flaws until next year. In addition, complaints about the quality and effectiveness of Oracle patches have also surfaced.

And if that's not bad enough, an exploit is reportedly now circulating on the Internet for one of the recently patched Oracle vulnerabilities. Oracle patched nearly 90 vulnerabilities in its recent round of fixes, and this is only the first of what's likely to be many exploits reverse-engineered from the patches.

Meanwhile, the popular BlackBerry device recently experienced a serious problem when the BlackBerry Enterprise Server's software version 4.02 allowed devices linked through the server to broadcast chunks of text to unintended recipients. The BBC's temporary ban of the use of BlackBerry devices last week helped highlight the problem.

While reporters always get very nervous about competitors learning their secrets, this threat should concern every user. Consider the implications if you were making snide comments about your boss or exchanging contract negotiating strategies!

Finally, Cisco considers the use of older versions of its ubiquitous Internetwork Operating System (IOS) to be so serious a security threat that the vendor's chief security officer, John Stewart, has issued a warning to users. Of course, the problem with Cisco is that — unlike many vendor patches — you can't just perform a quick upgrade to hardware. Instead, you must shut down...

For more, click here...