FuzionMan said:
Wait, I forgot to ask you, did you get that notification in an
e-mail?
Hahaha! I'm glad you caught that distinction, FuzionMan! You were a
little slow realizing that, but you caught it. That raises a good
point, too. I think that some folks could/do confuse Microsoft's
"Automatic Update Notification" with new incoming e-mail if they've
somehow got their mail reader configured to popup new incoming mail
messages.
Fortunately, I don't have that problem. My question is pretty much
exactly as stated and quoted below. However, FuzionMan, I did in fact
receive about 15 mail daemon 'undeliverable e-mail' notifications (for
e-mail messages I didn't send to folks that I don't know) and about
the same number of bogus/forged MS Critical Update e-mail (presumedly
containing a virus/worm) about 2 minutes after I posted my question to
this NG. That bogus traffic filled up 90% of a 4MB mailbox in a matter
of minutes. I'm assuming there's some sort of Bot(s) monitoring these
forums, harvesting e-mail addresses, and using them to mail out
'forged' e-mail and bogus updates. Yahoo mail did catch all of them
and place them in the "Bulk" folder.
But I digress. My question still pretty much stands up okay as
previously stated.
<...brevity snip...>
Another word or three of explanation and whatnot...
I'm one who has experienced aggravating and time consuming problems
with a number of installations of MS updates/patches actually
breaking/corrupting a relatively trouble-free WinXP operating system.
"System Restore" never seems to help me with that. So, I've started
choosing "Remind me later" when I receive an "Automatic Updates
Notification," so I can 'visit' Microsoft's Updates webpage and "Read
More" about the update/patch, if a "Read More" link is provided.
A number of critical updates are, in fact, conditionally critical. As
such, in some cases they turned out not to be critical for me to
install right away, because I could avoid the stated conditions, or
the conditions just weren't applicable, because of... whatever... the
particular firewall I use, or the fact that I've disabled HTML view
for all e-mail.
In that way I've avoided a number of 'quick fix' critical updates that
caused folks who installed them alot of problems. I've been able to
wait until the critical updates were adequately tested and modified,
before I finally installed them.
Anyway, that is how I discovered this puzzling 'suggestion,' to
install a critical update that I've already installed. I confirmed
I've already installed Q329390, in December 2002, by reviewing my "Add
or Remove Programs" dialog, and by reviewing my online 'install
history' on the Microsoft Updates webpage. Successfull installation of
Q329390 is noted in both.
Microsoft KBA-329390 contains "Last Reviewed: 4/29/2003 (2.1)" and
"Microsoft Security Bulletin MS02-072" contains "Revisions: * V1.0
(December 18, 2002): Bulletin Created." Neither document contains any
sort of explanation that I've been able to find, for why this
re-notification and 'suggestion' to re-install an old critical update
is taking place.
Furthermore, this has raised general questions in my mind, about what
possible effects re-installing old updates/patches may have on the
overall security of WinXP/IE6. I mean, what are the chances
re-installing old updates/patches may revert system files' progressive
security updates back to an unsecured state?
Maybe my question(s) will, in reality, at some point, become a
rhetorical question, but I certainly don't intend that. I really would
like to know, "Does anyone know what's going on with this
re-notification 'suggesting' that I re-install the old critical update
Q329390?" If so, please share the knowledge 'cause I'm baffled.
Cheers
