« Spybot S&D Definitions Updated on February 21, 2007 | Blog Home | Firefox Browser v 2.0.0.2 released on February 23, 2007 »

Sign-up for Bluehost Web Hosting, from $6.95/month

We use Bluehost to host all of our associated websites and many of our clients are hosted here as well. If you are seeking reliable web hosting, with all types of scripting options included, at a reasonable price, with US based phone and chat support, please give Bluehost a try.

Bookmark and Share

Microsoft Releases Flawed Windows Updates in Feb 13-16, 2007 Patch and Hardware Updates

Three flawed Windows security and driver updates were released on Patch Tuesday, February 13, and continued through Friday, February 16, 2007. The first one involves a defective "signed" VIA IDE driver update that places most computers into endless reboot cycles. The second involves installing an unnecessary Alps Pointing Device driver, on computers that don't have such a device. The third is a patch for PowerPoint that fails to fix the stated vulnerabilities it is meant to address.

The flawed VIA Primary IDE driver only appeared under optional Hardware Updates, if you ran manual updates, using the Custom Option. I first became aware of the problem on Friday, February 16, when I performed Windows Updates for a client, at his office. The first and second machines to receive updates had the VIA Primary IDE Driver listed under Hardware Updates, so I installed it and rebooted, and rebooted, and rebooted... After the third time I realized that there was a problem with that driver and I used F8 to get to the boot menu, where I selected "Last Known Good Configuration," which succeeded in getting back into Windows. From there I right-clicked on My Computer, selected Properties, then Hardware, then Device Manager > IDE ATA ATAPI Controllers, then rolled-back the VIA Primary Channel IDE driver update to the previous driver, rebooted, and all was well again.

Another one of the Hardware updates seems to have placed an unwanted and unneeded Alps Touchpad/Pointing device driver and icon on the computers that did not have an Alps Touchpad attached to them. Using Device Manager > Mice/Pointing Devices I rolled-back the driver and the touchpad icon and other pointer problems were resolved, after a reboot.

The third problem was just announced via Microsoft Technet, in this security re-release notice: http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx

Microsoft Security Bulletin MS06-058
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Published: October 10, 2006 | Updated: February 21, 2007

Recommendation: Customers should apply the update immediately

Security Update Replacement: This bulletin replaces a prior security update.

Why did Microsoft minor revise this bulletin on February 13, 2006?

Further investigation of CVE-2006-3877 as originally revealed that the update was not effective in removing the vulnerability from affected systems. The Microsoft Security bulletin, MS07-015 has been issued to properly address CVE-2006-3877 and customers should apply the updates in this bulletin immediately.

More information and links to download hotfixes are in the extended entry -->

Affected Software:
• Microsoft Office 2000 Service Pack 3 — Download the update (KB923093)
• Microsoft PowerPoint 2000
• Microsoft Office XP Service Pack 3 — Download the update (KB923092)
• Microsoft PowerPoint 2002
• Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
• Microsoft Office PowerPoint 2003
• Microsoft Office 2004 for Mac
• Microsoft PowerPoint 2004 for Mac - Download the update (KB924999)
• Microsoft Office v. X for Mac
• Microsoft PowerPoint v. X for Mac - Download the update (KB924998)

Full disclosure and details are on this Microsoft Security Bulletin page: http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx

Posted by Wiz on February 23, 2007 3:40 PM |

Bookmark and Share  

Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.

Subscribe to this blog's feed
[What is this?]
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.37
Try TypePad Now to Get a Hosted Blog with Powerful Features.

Get a Blogging Platform built to Grow with Your Business. Download Movable Type Now!

Use OpenDNS

Add to Technorati Favorites

Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security and combating spam. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

We are hosted on Bluehost and couldn't be happier!

Recent Posts

Popular Posts

Categories

Archives

Fight website spammers