Friday, 20 June 2008 04:13

Microsoft blames human error for critical security update failure

"Human issues" are being blamed for a Microsoft security update failing to protect users of Windows XP SP2 and SP3 from a critical vulnerability. The Bluetooth flaw could allow remote execution of code on a targeted computer.

Arriving as part of June's Patch Tuesday releases, MS08-030 was supposed to fix a flaw that could allow an attack via Bluetooth.

Such an attack could theoretically lead to the execution of arbitrary code, but Microsoft security specialists determined that the chance of a successful exploit were slight for several reasons, but largely because of a small timing window and the need to place the code in the correct location.

The flaw affects Windows XP SP2 and SP3, XP Professional x64 (including SP 2), and Vista (both x86 and x64, including SP1).

After the updates were release, Microsoft realised that XP SP2 and SP3 were not being protected, and began work on a revision, which has now been released.

The Microsoft Security Response Center recommends users of Windows SP2 or SP3 test and deploy the new version of the update. For most of us, that means running Windows Update again, or allowing Automatic Updates to do its thing.

The other versions of Windows do not require a further update.

But how did the XP problem occur, and what's Microsoft going to do about it? See page 2.

Once the XP update had been revamped, Microsoft began an investigation of the events leading up to the glitch.

According to security program manager Christopher Budd, "early on, it appears that there may have been two separate human issues involved. When we’re done with our investigation, we’ll take steps to better prevent it in the future."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments