Window Manager

SAN MATEO (03/13/2000) - With all of the hacker exploits we've heard about lately, it's becoming more important than ever to install upgrades to Microsoft Corp.'s Windows as soon as they become available on Microsoft's Web site. These upgrades often protect you from security holes that have been found in Windows or major applications.

Are you up to date?

You probably already know about Microsoft's Windows Product Updates page. In Windows 2000 and Windows 98, you can click Start, Windows Update to begin. Or simply set your browser to windowsupdate.microsoft.com. Click Product Updates once you're there. (This also works in Windows NT 4.0 and Windows 95 if you've installed Microsoft Internet Explorer 5.0 or higher.)The Product Updates page automatically displays "critical" and "recommended" upgrades that your particular machine doesn't already have. If you haven't visited lately, I recommend you drop by soon.

For Windows 2000 users this is one way to get Microsoft's first major Win2000 patch, which was released even before the operating system itself was. This patch corrects flaws in Index Server, a service that provides full-text searching for Web sites, including searches of Word, Excel, and PowerPoint documents.

Index Server comes in Windows 2000 and Windows NT 4.0's Option Pack. In case you've already patched its flaws, you should still apply an update that Microsoft released on Feb. 17. The new update improves Microsoft's hotfix.exe utility. The improvements will be used by all future Microsoft patches, so it's worth the time to run the update now. For more information, see www.microsoft.com/technet/security/bulletin/ms00-006.asp.

Another fix provided in the Feb. 17 patch involves the Office 2000 versions of Word and Excel. These applications may damage files you save in HTML format to an HTTP server. See support.microsoft.com/support/kb/articles/q252633.asp.

Get notified with Critical Update

If you'd like to receive word of new Windows updates that Microsoft considers important, then you should get Critical Update Notification. This small application contacts Microsoft to see if there are new critical updates whenever you connect to the Internet. To get it, go to the Windows Update page using the machine for which you want updates.

Watch those upgrade interactions

Reader Phill Oliff brought to my attention a weird interaction between two related Microsoft upgrades. One upgrade is the 128-bit encryption feature that can be added to Internet products. The other upgrade is a new Schannel.dll file, which secures communications from Microsoft Internet server software.

Please allow me to explain.

Upgrading to 128-bit encryption. Microsoft's original versions of several Internet products included relatively weak, 40-bit encryption. Add-on software was required to convert Microsoft products to stronger, 128-bit encryption.

On servers, the software affected by encryption-strength issues is Microsoft's Internet Information Server (IIS) 3.0 and higher with NT Service Pack 3 and higher. Client software that is affected includes Internet Explorer 3.02 and higher and Microsoft Money 98 and higher. For more information, see www.microsoft.com/windows/ie/security/sgc.asp.

Upgrading Schannel.dll. Meanwhile, Microsoft included a flawed Schannel.dll file in IE 5.0 and a version of IE 5.01 that was posted on its Web site. The problem can cause a connection failure between browsers and servers that require a secure channel. To fix this error, Microsoft released a patch file that updates Schannel.dll. Details and a link to the upgrade are available at support.microsoft.com/support/kb/articles/q249/8/63.asp. So far, so good.

Don't upgrade Schannel over 128-bit. The problem is that both the Schannel.dll upgrade and the 128-bit upgrade appear on the Windows Update page, as well as on the IE security page at www.microsoft.com/windows/ie/security/default.asp.

(The 128-bit upgrade is at the very bottom of that lengthy page, if you're looking for it.)The security page clearly states that users who have installed the 128-bit upgrade "do not need to install this update" to Schannel.dll. But Oliff says the Windows Update page instead recommended that his machine run the Schannel.dll upgrade.

Oliff did so, and was plagued with crashes and the Blue Screen of Death as a result. He fixed the situation by reinstalling Internet Explorer and the 128-bit upgrade, but he won't soon forget the experience.

Reader Oliff will receive a free copy of Windows 2000 Secrets for being the first to send me a tip that I printed.

Brian Livingston's latest book is Windows 2000 Secrets (IDG Books). Send tips to brian_livingston@infoworld.com. He regrets that he cannot answer individual questions.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about LivingstonMicrosoft

Show Comments