ICF (firewall) enabled by the latest security patches (828028, 832894 - Feb 2004) with SUS server?

[TC]

Hi all,

We recently distributed the latest XP security patches (Feb 10, 2004) to
some of our XP desktops with SUS server on our internal network.

For no apparent reason, shortly after the patch was deployed, we discover
ICF (Internet Connection Firewall) was activated on some machines. This ONLY
happens to users who have administrative right on their own PC. (Of course,
ICF can only be enabled by administrators so normal users were not
affected).

Does the patches or the SUS server do this? Or the combination of both SUS
and the patches?

I understand XP SP2 will have ICF enabled by default....but I didn't think
MS is doing it already. I wonder if someone can answer this.


Thanks in advance for your help!


Terence

 

[MAP]

-----Original Message-----
Hi all,

We recently distributed the latest XP security patches (Feb 10, 2004) to
some of our XP desktops with SUS server on our internal network.

For no apparent reason, shortly after the patch was deployed, we discover
ICF (Internet Connection Firewall) was activated on some machines. This ONLY
happens to users who have administrative right on their own PC. (Of course,
ICF can only be enabled by administrators so normal users were not
affected).

Does the patches or the SUS server do this? Or the combination of both SUS
and the patches?

I understand XP SP2 will have ICF enabled by default....but I didn't think
MS is doing it already. I wonder if someone can answer this.


Thanks in advance for your help!


Terence


.
Hi Terence, This is from a newsletter that I recieve:

Problems with Latest IE 6.0 Patch
If you haven't installed Microsoft's latest patch for
Internet Explorer 6.0, then don't. The patch disabled the
use of my company's implementation of its content
management system, and I'm hearing from IT managers and
consultants that they've encountered problems too. The
patch in question is described this way in Automatic
Updates and Windows Update:

"Cumulative Security Update for Internet Explorer 6
Service Pack 1 (Q832894)" released Feb. 2, 2004.

If you've installed this thing, it is easy to uninstall.
You'll find an entry in the Add or Remove Programs
Control Panel that reads:

"Internet Explorer Q832894"

Simply click the Change/Remove button. You'll need to
restart your PC at the end of this brief process.

Note: Your system will be at increased risk for the
specific security flaws the patch addresses if you choose
not to install it or remove it your system. There's a
chance Microsoft may issue an update to this patch in the
future. This TechWeb story implies that it may have done
so already, in fact, though I can find no evidence of
that in tests on my systems.

I do not recommend deciding never to install this patch.
Moreover, the problems with the patch -- which appear to
affect Web authentication and Java apps -- may not affect
you at all. But on my systems, because of the work-
related issue, I am delaying Q832894's installation.

For more information about the Q832894 patch:


Microsoft's Knowledgebase Article Q832894
Microsoft Security Bulletin MS04-004