Update IE on Wednesday - Critical

Look - I am a happy and proud computer doofus - I installed SP2 without incident, and have had no problems with it at all.

If I have found no troubles, I would be surprised if you need to fear it!

If one of the updates you installed was KB890175 (there's a link on the windows update site to show your installation history), then yes.

(As Craven said, however, SP2 fixes a bunch of things that are as important.)

There have been plenty of problems with SP2, believe me. Also, since it is so huge, I'd rather do it from a CD/DVD than try to download it, even over DSL. And I don't have one.

Yes, I got that one. Thanks.

Interesting - mine downloaded itself on dial up over several days.

I just kind of watched and wondered. I have automatic updates on - so I wasn't sure I knew what it was.

I wonder why it is fine on one computer, even with a doofus in charge, and not on others.....weird things, computers...

What you do is your choice of course, but the same thing is said about every service pack. E.g. XP's service pack 1 had more reported problems...but VERY few people would recommend against installing that now, though that wasn't the case right after it was released.

You can order the CD free from MicroSoft

See Here

For the record, I just downloaded the patch for ME, took all of about 3 minutes maybe less, Certainly a lot easier than spending hours cleaning crap of your system

That's funny, now the tray updater icon says I need some GDI detection tool, but nothing about SP2. The updater site says the "automatic" install of SP2 failed.

Weird.

BTW Thanks for the tip off Craven

ok so the windows up date told me to install SP1 when i went back through to check it again it said there were no available updates... so no SP2... is that a bad thing? how do i check to see if i have already downloaded it?

This exploit uses a maliciously configured help file to traverse zones and can then execute arbitrary code in the local zone.

Because it can execute code there is nothing this exploit can't do.

I have, in testing this exploit, erased files from the test computer at whim, and this exploit can be used to do anything that can be done from command line.

If you don't understand it here is the simple version:

If you visit a website that contains certain malicious code, it can do what it wants to your computer unless you patch it.

------------

The windows patch for this update downloads and installs in mere minutes, and doesn't need a post-patch reboot.

So upgrade people, there's no excuse. When the script kiddies figure out how to use this there is great potential for havok (the first people to use it will be people trying to get spyware onto your computer).

ah well i found the way my computer properities... it says service pack 2

ok - SP2 is complete now it wants to know about virus protection and firewall - said not to both

virus - already using Norton
firewall - one on router and mcafee on desktop

you thing I should only run:
1. current settings
2. all Microsoft
3. blended
4. differntt?

thanks


so far cannot see any problems - need to keep testing programs

sp2 does not offer virus protection, it is asking about it so that it can help alert you when your AV software is not running.

In any case none of those questions pertain to the exploit this thread is about, so please ask them in a new thread.

Years ago a coworker discovered an IBM MVS 370 JCL "ieb" command that essentially alllowed one to issue TSO commands as if you were sitting at the console of the mainframe. I believe it was called batch TSO, and it gave you full control. While the system admins were upset about him finding and exploiting it (harmlessly), it was really their fault for knowing about it and choosing to ignore it and hope no one ever found out about it.

So - now that I have installed the patch - can I return to my normal (medium) internet settings?

Interesting. I have SP2 and am set for automatic updates. This function has been working for several months now. But this time, until I went to the download link in this thread, I wasn't notified that I had new updates to install and this patch, as well as 2 others were not automatically installed as they should have been.

All patched up now. Thanks for the heads up.

I find that automatic updates tends to lag a bit - usually by a few days.

Soon as I booted up, I got the notification of the patch to download it. Mission accomplished. Craven-Thanks for the "heads up". If I did not realize how important it was, I would have waited awhile (translated- read through all the A2K stuff) before I had downloaded.

All secure here. Thanks, Craven.