GR8PCDR, Inc.

Listed below for you convenience various Service Pack and Security Patch Announcements for Microsoft and Symantec Products.

It seems that whenever a  new release of Windows is issued, it is touted as the latest and greatest Windows ever. Claims are made about it making computers faster, more reliable and more secure. More often than not this is not the case when it comes to security. The "crackers" and "hackers" (not all bad people) find the security flaws.  Once a security flaw is identified word travels fast and generally these holes are exploited resulting in sometimes devastating breaches in security.

Microsoft is quite good about developing "patches"  for these exploits or "holes" in their operating system. Usually within hours they develop and post a "patch" or upgrade to the software.  These "patches" are available through the Windows Update website.

Security Patches for known exploits and maintenance patches that prevent such exploits are made available on a regular basis.  You should follow a regular schedule to check that the Critical Updates available at Windows Update website have been downloaded and installed onto your computer.

It is wise to be choosy about which updates you download and install.  Many times they will offer you a Critical Update that may not be as urgently needed as it is made out to be.  For example when Internet Explorer 6 became available and I installed it I could no longer log into my online banking site.  Within a few weeks my online banking site supported the new browser.  I should have waited for support before updating.  That is why I have two computers - and I generally use one of them as a guinea pig to test such things out prior to making a global commitment.

"Recommended Updates" at the site should be scrutinized prior to download. Be careful ensure that it  something you need. Read the details specified in the description and make a wise choice.

"Driver Updates" NEVER unless you SPECIFICALLY have been instructed to download and install one by a Vendor or your Support Professional because it is needed to resolve a specific issue.   More times than not a driver update will cause more harm than good.

Unchecked Buffer in Universal Plug and Play can Lead to System Compromise:

Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if the Universal Plug and Play service is installed and running.

Affected Software:

• Microsoft Windows 98
• Microsoft Windows 98SE
• Microsoft Windows ME
• Microsoft Windows XP

Download Here:  Universal Plug and Play Patch

Office XP Service Pack 1:

Microsoft Office XP Service Pack 1 (SP-1) provides the latest updates to Office XP. Office XP SP-1 contains significant security enhancements, as well as improvements in stability and performance. Some of the fixes that are included with Office XP SP-1 were released earlier as separate updates. This service pack combines the updates into one integrated package and includes a number of other changes that are designed to improve the reliability and performance of your Office XP programs.

Download Here: Office XP Service Pack 1

Use your Windows Update feature often!

The Windows Update feature is available in the Start Menu List or by opening Internet Explorer - clicking on Tools and then Windows Update.  At the site click on Product Updates [if prompted to allow - click yes] once the analysis is performed you can pick items from the presented list.  Always install the recommended Security Updates.

Symantec LiveUpdate Can Allow a Hacker Through

Symantec’s LiveUpdate looks for the server update.symantec.com when loaded. It’s possible for a hacker to redirect users to their own server by compromising a DNS server and creating a master zone for symantec.com. Version 1.4 of LiveUpdate will allow malicious code to be downloaded on the user’s machine. Version 1.6 is not as vulnerable as 1.4 but can be prevented from downloading virus updates. Version 1.4 has not been shipped since Norton AntiVirus 5.x .Version 1.6 is currently shipping with Norton AntiVirus 2001. Users should get the latest version of LiveUpdate at:  http://www.symantec.com/techsupp/files/lu/lu.html

Use Search or File Find to locate the LUALL.EXE file.  Once this file is located Right Click on the filename and select Properties from the drop down menu.  Click on the Version Tab, select File Version Description (as shown below) to check the version of your installed copy of LiveUpdate.  Update accordingly at:  http://www.symantec.com/techsupp/files/lu/lu.html

Unplug n Pray:  Read about it at Gibson Research 

On Thursday, December 20, 2001 Microsoft revealed that the hackers at eEye had discovered multiple critical security flaws in all versions of Windows using Universal Plug and Play

Steve Gibson of Gibson Research has written a utility to disable the Network Plug n Play service on computers running the Windows OS. (not just Windows XP).  The FBI has warned about this vulnerability in Windows XP and has advised users to turn this service off.  Steve Gibson has written a program to make this task quick and easy to perform.  You can read the information about the vulnerability and download the utility from GRC now.

What are you waiting for?  Steve said: "The most troubling aspect of this issue is that the POTENTIAL for this insecurity was intentionally and needlessly designed into Windows XP from the start. ALMOST NO ONE uses or needs to have Universal Plug and Play enabled today. Yet every copy of Windows XP sold has it enabled and running by default."

Something Called TopText: