Version 5-29-03 of 811493

Installed 811493 April 16 version.. no problems were caused by this update.
Received, NOT installed 811493 May 29 version.
Do I install the May 29 version of 811493.
If Yes... over the top of April 16 version.
If Yes, first remove April 16 version.
If No, will future updates know I'm running April 16 version and not May 29 version.

 

Hello Dennis,

If you didn't experience any problems, leave it alone. The patch is for anyone that had a problem.

Have a look at these MS articles

http://www.microsoft.com/technet/security/bulletin/ms03-013.asp and http://www.microsoft.com/security/security_bulletins/ms03-013.asp as well as article #819634 in the knowledge base.

In the bulletin itself one of the first paragraphs states:

Reason for Revision:
====================
Microsoft re-issued this bulletin on May 28, 2003 to advise on the
availability of an updated Windows XP Service Pack 1 patch. This
revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.

Regards - Charles

 

I view the re-release of said update differently. There has been some problems with the first release. Because one's system has not yet revealed a problem, it is still reasonable to believe that the unidentified variables that cause a problem on a system may at a later date under changed circumstances cause a problem in some other computer. Additionally, there is no harm to update to the 5/29 version.

My computer is set to automatically update. The re-released version has been installed over the old version. I hadn't had any problems with the old version, and the new version gives me some confidence of protection. Until the circumstances that make a computer vulnerable to a hacker with the old version, I will go with the new.

Additionally, MS advises to update to the new.

 

Hi KenKeith,

The following is from MS "read more" link on this patch.

"For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers. "

Would you explain why most users, especially home users, would first of all need this patch, and secondly, why on top of that, would someone be worried about secuity to the point that a second download, without need, of FIXING the first attempt is so urgent.

In light of the history of some updates causing problems, wouldn't it be prudent of a user to wait, say a week, two weeks, to see if MS hadn't caused more problems than it tried to solve?

Regards - Charles

 

Thanks Guys

If there is a issue, it's the Russian-roulette hoops one must pass through trying to achieve a stable and secure system. Who, what, how and when should not be the dialog when installing a "fix ". Will wait another 24 hours, see if any red flags appear before installing M$ updates.

 

I had the exact results as PeteC did. No slow down this version.

 

Hi Charles,

Would you explain why most users, especially home
users, would first of all need this patch, and secondly, why on top of that, would someone be worried about secuity to the point that a second download, without need, of FIXING the first attempt is so urgent.

In light of the history of some updates causing problems, wouldn't it be prudent of a user to wait, say a week, two weeks, to see if MS hadn't caused more problems than it tried to solve?
No problem waiting to install unless one's system is in the vulnerable category as disclosed by MS. I have not seen a decision that home versions do not have vulnerabilies. I can SAY, MS with their scanning abilities of user's system configuration and record of up-dates installed, sends home version users the re-release of said patch and by that action it is a recommended patch on the system.

I have installed up-dates after MS notifies me up-dates are ready to install. I install the critical up-dates (misguided trust) and review and decide on other up-dates.

 

Hi Ken,

"I have not seen a decision that home versions do not have vulnerabilies. "

Agreed, and we are discussing a particular patch, are we not?

My position on this patch is its not needed for the home user based on MS's description of what its designed to fix. Correct if I'm wrong, your basic argument is that because MS says to download, one should, no matter what the individual circumstances of a user is. Fair enough. Lots of companies make blanket recomendations of this type, software or otherwise.

I quess the basic differences between our position is summed up in your last sentence of your last post about trusting MS with "critical" updates. I do not. I look at their critical updates as I do their "non-critical" updates, I think about!

Regards - Charles

 

Most recommendations from a business or elswhere have a profit motive. Lack of credibility due to profit motive is understandable.

The exact opposite exists for MS. There is no financial gain. Any gain for MS may/does come from early releases of software to the consumer and then they react to problems. In a sense the consumer is doing final testing. M$ has one's money and now they will fix any problems the consumer finds. A good deal for M$, but it may also have a beneficial side effect for the consumer with lower prices.

This situation for the patch in question corrects a security problem. Their recommmendation to install stems from a body of knowledge of the users' system (if registered) and what updates have been installed on the users' system (keeps a running record). They now know the problem and the solution. With more to lose vs. no gain, gives MS more credibility, and it is in their best financial interest to fix.

The update in question has MS's admonition to immediately install due to a security risk. If unable to install, it is advised to uninstall current patch. And the security risk exists for all installations, but dependant on configuration.

MS has done their duty; they informed the user of the problem and they have provided a solution. What is the recourse against MS if one has a loss. There is no defense if one hasn't followed MS's advise.

Additionally, MS states there is a performance benefit overriding some problems with SP1.

 

Very well said Ken!!

mike

 

Ken & Mike, as much as I respect the knowledge and experience of both of you, I don't agree.

This issue is really one of attitude. I have mine, you guys have yours.

Regards - Charles

 

Hi Charles

I'll drink to that!

You have my respect yourself; you do a great service for this BBS.

But I do not disagree with either of you at all! Both have valid points.

My "well said" was directed specifically at Ken's last message not to the entire thread!

I just think Ken painted and excellent picture of M$ Philosophy. He pegged it and very well.

As for when to do these updates patches and fixes? For me it is not a hard call. I just usually wait a week or so and keep my finger on the pulse of those that do do it. Before I do it. And when I do it, I watch it closely for a while. And if it breaks I can fix it.

Some users can’t fix it and probably would be better off to never do them.

Some users are addicted to them and I sometimes think wait on pins and needles to get them. Just get them because M$ says so!

Mike