Patch Refresher

Okay, what else would follow a patch Tuesday, but a chaotic Wednesday. Just as a refresher on the patches were dealing with:

Bulletin   Severity    Impact



MS05-038   Critical    Elevation of Privilege                           

MS05-039   Critical    Remote Code Execution and                        

                       Elevation of Privilege                             

MS05-040   Important   Remote Code Execution

MS05-041   Moderate    Denial of Service                                

MS05-042   Moderate    Denial of Service,

                       Information Disclosure,

                       and Spoofing

MS05-043   Critical    Remote Code Execution                            

For a more in depth review, please see Cory's great diary from yesterday found at http://isc.sans.org/diary.php?date=2005-08-09

MS05-038 Issues

It seems that there are issues with downloading the MS05-038 patch and it appears as unavailable. Many thanks to Rick Hoppe who pointed us to the following information found at http://blogs.technet.com/msrc/default.aspx



"Not long after we released this morning, we found out that many of the digital signatures on some of the IE updates for MS05-038 were corrupted and were preventing install. This only impacts those downloading from the Download Center, not Windows Update, Microsoft Update, SUS, or WSUS. At least now we know what the problem is and it should be fixed soon. "

The message that I received when I tried to download it read:



"The download you requested is unavailable. If you continue to see this message when trying to access this download, go to the "Search for a Download" area on the Download Center home page."


We'll keep you posted as we learn more. It looks to be another interesting day in the world of network security.


Lorna Hutcheson

Handler on Duty

http://www.iss-md.com