MS08-030 Re-released for Windows XP SP2 and SP3


Hello, this is Christopher Budd.


 


I wanted to let folks know that we’ve just re-released MS08-030. This is to let you know there’s a new version of this security update available for Windows XP SP2 and SP3 customers and to encourage them to deploy these new updates. There are no new updates for the other versions of Windows discussed in the bulletin.


 


After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.


 


Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.


 


Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.


 


If you’re running Windows XP SP2 or SP3, you should go ahead and test and deploy these new security updates. If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems.


 


Our focus has been on delivering new versions of these updates to protect customers as quickly as possible. Now that that’s done, as part of our standard process, we’re beginning an investigation into how this happened. We’re just starting this investigation, but early on, it appears that there may have been two separate human issues involved. When we’re done with our investigation, we’ll take steps to better prevent it in the future.


 


Thanks.


 


Christopher


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (3)

  1. Anonymous says:

    重新发布不是第一次,看到内部一直在讨论也只是扫了一眼没细看。刚刚看到Sowhat的blog,真的大汗了一下,这个 重新发布 实在是该受BS,谢谢 TK 和 Sowhat ,没有Bin Diff就不会发现此问题。缺陷自身是内部发现、内部修复的,却最终也因为内部人为的疏忽犯了可笑的错误。把Beta版Update交给发现者去测试,本该解决此问题。这个错误同时也是里程碑式的,从此若其他厂商有类似错误,不必太过羞愧

  2. Anonymous says:

    • Mars Phoenix Tweets: "We Have ICE!" — Momentuous announcement first made via Twitter. • Confessions of a Wi-Fi Thief — 53 percent of Wi-Fi users say they’ve jacked into unencrypted networks that weren’t theirs. Also On The Criminality Of..