Early this morning I was logged on remotely to a Windows 2000
Server that I manage and a Windows XP box on the same network
checking their Windows Update status, and when I did a manual
WU scan, both of them needed a "critical" update to Windows
Installer 3.1 http://support.microsoft.com/kb/893803 (Last
Review: May 13, 2005). My own XP box needed that AND an
update to Microsoft .NET Framework 1.1 Service Pack 1,
http://support.microsoft.com/?kbid=867460 (Last Review: May
12, 2005). Both of these post-date the May Windows Update
release (last Tuesday, May 10), which all machines had already
had installed.
Neither of these shows up on the MS Security Bulletin page or
on the Security Advisories page.
Anyone else come across these? I have my systems set to
download updates automatically but not to install them, and
just as I was typing this message the Windows Installer 3.1
update appeared in the automatic-updates-are-ready- to-install
icon on my XP box. However, the update to .NET did NOT appear
in the automatic update while it DID appear when I did a
manual WU run.
Anyone else seen this or have more info?
Angus
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
