5

Do you have KB941644 Installed?

We bought to your attention the other day that the vulnerabilities detailed in the MS08-001 security bulletin also affect Windows Home Server.

The security bulletin which was first issued on January 8th was revised on January 25th when Microsoft announced that Windows Small Business Server and Windows Home Server was also at risk, neither of which had been mentioned in the original bulletin.

Windows Small Business Server and Windows Home Server both have IGMP (Internet Group Management Protocol) enabled by default and this results in a greater exposure to the same vulnerability. That’s why for these two operating systems Microsoft has given the vulnerability a severity rating of “Critical”.

An attacker could exploit the vulnerability by sending specially crafted ICMP packets to a computer over the network and could cause the computer to stop responding and automatically restart. An attacker could also take complete control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights.

The update will be installed as part of Windows/Microsoft Update, as long as you have it set to automatically do so, of course. Otherwise the update will be listed as KB941644 on the Update Website, which you can access on the server machine directly. Or you can install all updates requires for WHS via the Console,Settings, General tab and pressing Update Now. All Windows Home Server users should apply this update to remain secure.

Share this WHS Article with Others:

| |

About the Author

Comments (5)

Trackback URL | Comments RSS Feed

  1. Steve says:

    Does anybody know of a way to check if this patch has already been downloaded and installed, say overnight or some time when you’re not looking?

    The other day after I saw this vulnerability listed and I did a “Console, Settings, General tab, Update Now” but all I got was a .Net update.

    Thus, I don’t know if I already have the update or not?

    Thanks!

  2. Hi Steve,
    You’ll need to Remote Desktop into your Server machine and goto Start, All Programs, Windows Update and under Options on the left click on Review Update History. From here you will see if KB941644 is installed or not.

  3. Steve says:

    Philip,

    Thanks for the info!

    Steve

  4. Ethan says:

    Philip,
    I’m using Vista Ultimate SP1.
    Is there other alternative way to remove windows update ?
    Specially KB941644.

    If possible, pls reply via email.

    Thanks

  5. Hi Ehan,
    Why do you need to uninstall it?
    Do do so you will need to Remote Desktop Connection into your server machine from your Vista computer, then goto the Control Panel, Add or Remove Programs and tick the Show Updates box then remove it from there or you can use the Spuninst.exe utility, located in the %Windir%\$NTUninstallKB941644$\Spuninst folder.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.