Please patch now, if you have not already done so...

[Bill Sanderson]

http://www.microsoft.com/technet/security/advisory/958963.mspx

Sample code utilizing the vulnerability patched in the recent Microsoft
security patch has been published.

The code is a long way from perfect, but it is likely that it will be
improved on. The possiblity of a "self-replicating" version (i.e. a worm)
is mentioned.

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

 

[RobbL]

I'm lost Bill, what are you telling us here???

 

[Robinb]

that was the out of sequence patch that microsoft just issued
robin

 

[Alan]

Hi Robb,

In case Bill doesn't read this until later, I believe he's saying that
people should ensure that they've downloaded/installed the Security Update
for Windows XP (KB958644) as described at
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx.

Alan

 

[RobbL]

AHHHHHhhh....well said! I now understand...as always, thank you!

 

[Alan]

Yes, you're right, Robin.

Last night -- right after I read Bill's post -- I went to the site and
installed it.

I forgot that I had already installed it back on October 23rd, but it
re-installed without any problems.

So maybe now I'm doubly protected.

Alan

 

[Robinb]

i am surprised it let you reinstall it since it was already there
robin

 

[Bill Sanderson]

Sorry for not being clearer! Yes- Alan and Robin were correct about what I
want everyone to do.



--

 

[Alan]

Hi Robin,

I just went to the site and "installed" it again. I have no idea if it's
actually re-installing again, but there are none of the usual nag messages
telling me that the installation already exists.

However, after the "install," I am NOT told that I need to re-boot. So maybe
it realizes that whatever needed to be fixed was all set from an earlier
time.

Alan

 

[Pat Willener]

It's always better to use Microsoft Update
(http://www.update.microsoft.com/) than downloading specific patches,
unless it's a hotfix. Explicitly downloading and installing patches may
actually wipe out newer updates (which will not happen when using
Microsoft Update).

 

[Alan]

Hi Pat,

I pretty much always do go through Windows Updates, although I do it
manually rather than via Automatic Updates.

But, when I did go to WU last night after I saw Bill's message, it didn't
show that I needed anything, so I went the manual route for the hotfix.

Of course, a little later when I went back to WU and checked my install
history I saw that KB 958644 had first been installed on October 23.

C'est la vie. ;->

Alan

 

[Stu]

Am I right in thinking that fix forms part of XP SP 3? I`m showing it on my
system but don`t recall specifically installing it thru WU.

Stu

 

[Pat Willener]

If you look at the date of folder %WINDIR%\$NtUninstallKB958644$ you
will know when it was installed.

Looking at http://support.microsoft.com/kb/958644 I see that it has a
revision number of 1.3 - meaning it had been issued previously, possibly
as part of SP3.

 

[Pat Willener]

P.S. on the other hand, http://support.microsoft.com/kb/946480/ does not
list 958644.

 

[Stu]

Thanks for the input Pat .. my prob is I reinstalled my system a few days
back so all fixes show 25 Oct which is/was synonomous with me installing
SP3... Anyway. It is on my system so thats reassuring.

Stu

 

[Bill Sanderson]

This is not SP3 related--but an entirely new fix to a file which may well
have also had a version rev in SP3.

 

[Dr.D]

Hi all,

Is this patch only for Vista or for all Windows?

Thanks

 

[Pat Willener]

If you read the article on the link, you will see (under "Related
Software") that it is for
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems

 

[19dilbert55]

Hi all,

is it still necessary to patch KB956644 or has that been covered already by
the latest SP3 Patch?

 

[Pat Willener]

I cannot find KB number 956644 - where did you get this number from...?