She ain't up on Windows Update yet... (At least for Win2K server)

Direct link to bulletin: [microsoft.com...]

Patches available there.

Edit 5:38 PM ET: It just went up on Windows Update.

its up for 2k server, i patched mine this morning.

It only effects you if you have a certain DLL installed

Patched WIN Server 2000 Advanced and XP Pro without problem.
Horror scenario: system crash with new OS installation, I got ISDN at home only, how many patches will I have to download, install then?
Would take me a week I think...

I downloaded the latest patches last night and now my Windows 2000 computer won't boot up, even in safe mode.

I guess my computer is finally secure - it won't work.

Thanks Bill!

"To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required."

It's on my w2k box: c:\winnt\system32\msasn1.dll

My server was hacked about about 12 hours ago, the hacker deleted my account and created a new user. I have to guess the password, and managed to get it correct.

Meanwhile, the recent IE patch is causing serious problems.

For example, AMS has told its buyers and vendors who install the patch may be taken to a screen saying that they are using an unsupported browser or shown a screen with the text "System Development Mode" on it, or may be given an "Internal Server Error" message when trying to respond to a quote.

They say:
"There is not an official Microsoft workaround available at this time. However, we have found that some users are able to return to (the site) by first clicking the browser "Refresh" button and then answering "Yes" when asked if they would like to 'Retry'.

AMS is working with Microsoft directly to determine what can be done to resolve this problem. Again, this is only a problem if a user has the patch installed on their computer. Users with Internet Explorer without the patch are NOT experiencing the problem.

Hmmmm, cause of critical problem? - Unchecked buffer.

Mr Gates, can you sack any employee who does not check there buffers correctly in future programs you write. Thank you.

silane

My server was hacked about about 12 hours ago

was that due to this particular vulnerability,
or another route?

+

not too sure, but I alway patch my server as soon as patches are released.

This time, I haven't got a chance to patch it, and the server was hacked.

Xoc said:

"The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system."

The really scary thing is Diebold, one of the world's largest maker of ATMs has incorporated Windows into their products. This makes me extremely nervous about keeping my money in the bank.

Wired News: Windows to Power ATMs in 2005 [wired.com]

They're reporting the first exploit from the source code:

[securitytracker.com...]

ATM's already use Windows NT.

They have in the past been hacked from internal
access paths. These boxes are network accessible
only through secure paths, *but* it was presumed
that the bank internal network was secure. A
trojaned system that was *not* an atm, but on the
internal network was used to access the atm.

+++