On CBS MoneyWatch: 5 Things You Should Buy at Walmart
BNET Business Network:
BNET
TechRepublic
ZDNet

June 19th, 2008

Microsoft blames 'human issues' for Bluetooth patch hiccup

Posted by Ryan Naraine @ 2:06 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Hackers, Microsoft, Patch Watch, Viruses and Worms, Vulnerability research, Wi-Fi security, Wireless

Tags: Service Pack 2, SP3, Bluetooth, Microsoft Corp., Security Update, Bulletin, Microsoft Windows, Microsoft Windows XP Service Pack 2, Security Administration, Patches

Microsoft blames ‘human issues’ for Bluetooth patch hiccupMicrosoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that “two separate human issues” caused a major hiccup with the critical security patch.

The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

[ SEE: Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday ]

Budd said an initial investigation into the hiccup identified “human issues” but he did not elaborate.

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.

Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.

Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

It’s important to note that this re-release only applies to users running Windows XP SP2 or SP3.  “If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems,” Budd said.

Microsoft has had trouble in the past with faulty security updates but it’s somewhat rare for to see a bulletin re-release because the patch missed an entire OS version.  The very reason we have a Patch Tuesday release cycle is to avoid situations where IT admins cannot properly prepare for testing and deploying updates.

Having two Patch Days in a month is borderline unacceptable, especially when it involves the “human issues” excuse.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 5 Talkback(s)
yet another reason to use Vista
Vista is not affected by this problem. Yet another reason to use Vista. (Read the rest)
Posted by: qmlscycrajg Posted on: 06/23/08  (Edited: 06/23/08 @ 02:29) You are currently: a Guest | | Terms of Use
What a rich comment  croberts | 06/19/08
Gee, maybe you're right...  jasonp@... | 06/19/08
Are you serious?  croberts | 06/19/08
Yep  rkuhn040172@... | 06/20/08
yet another reason to use Vista  qmlscycrajg | 06/23/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads