Smokey's Security Weblog

veritas odium parit

Microsoft pulls faulty patch MS10-025, plans re-release

Read for you on CNet – InSecurity Complex:

April 23, 2010 12:35 PM PDT

A critical vulnerability affecting Microsoft Windows 2000 Server will remain unfixed until Microsoft re-releases a patch for it, the company said on Friday.

A patch for the hole, which could allow an attacker to take control of a system running Windows Media Services, was released during Patch Tuesday last week. However, Microsoft pulled the patch this week because it failed to work.

“We pulled the update because it was determined that it did not address the underlying vulnerability,” Microsoft said in a statement. “We cannot give a specific day yet, but we are planning to re-release the update next week. That is our first priority right now. After that, we will be able to investigate the issue further.”

Jerry Bryant, group manager of response communications for the Microsoft Security Response Center, notified customers in a blog post on Wednesday that the security update for MS10-025 was being withdrawn.


April 23, 2010 Posted by | Uncategorized | , , , , , , , | Leave a comment

HP (Hewlett-Packard Company) Smokey’s Security Weblog 2010/2011 Hall of Shame Awardee

Are you opinion that only shabby, (many times) small companies have doubtful practices? That well-known, established companies can be trusted?
Let’s wake you up: even established companies with an apparently fine reputation can and will perform actions that are wrong, indecent, intolerable and/or condemnable. One of these questionable companies is, regrettably, Hewlett-Packard Company. For reason of what happened in the past, and also for current occurrences, I have the honor to announce that

HP (Hewlett-Packard Company) is Smokey’s Security Weblog Hall of Shame 2010/2011 Awardee

Like all other Hall of Shame Awardees, it is not without good reason that Hewlett Packard received this prestigious Award.

Motivation to grant Hewlett-Packard Company the Award:

– the pre-install of BETA Microsoft Windows service packs on their boxes, especially the pre-install of Vista SP2 EVALUATION COPY.BUILD 6002. Microsoft stressed that the general public should not install it until it is done being tested, it’s obvious that HP ignored the valid Microsoft advice and installed the beta Vista SP2 on an overwhelming amount of HP boxes. Despite the fact we all know that NO beta version of any services pack should be installed on any production machine, HP is apparently different opinion. In this way HP sold boxes with pre-installed OS and SP to faithful customers, with as result that all those boxes can be considered as crippled.

– the incredible miserable support of HP to their customers. ‘After Sales’ is an unknown expression to HP, they treat their customers like a bunch of nasty, unknowing and condemnable people, and have no interest at all in their problems. HP is also not prepared to solve issues caused by wrong, indecent or questionable HP policies in a fast and uncomplicated way.

– supplying boxes with pre-installed OS without delivering of installation or rescue discs for Operating Systems.


If you consider to buy a HP box, please also consider that HP is Hall of Shame Awardee. Evaluate the motivation to grant HP that Award, and subsequent be very well convinced about where to acquire a new machine. Same is valid for any other HP device.


I contacted HP Headquarters before granting them the Smokey’s Security Weblog Hall of Shame Award, regrettably they refused to listen. They didn’t answer any of my questions, HP also promised to contact me via a phone call. Superfluous to say that HP also didn’t accomplished what they promised: calling me. Common HP behavior so to speak, I didn’t expected anything else.


April 3, 2010 Posted by | Advisories, Alerts, News, Recommended External Security Related Links, Vulnerabilities | , , , , , | 8 Comments