In this BLOG entry, I recently wrote how my system was infected with this Blaster worm, despite the fact that I thought I installed all patches from Microsoft.
Well, this article in ComputerWorld seems to back up my theory. If your system gets hosed up, as mine was because of a bogus video driver, it might report that you have installed all critical updates even though your system is still vulnerable.
I don’t appreciate the denial from Microsoft:
Stephen Toulouse, a security program manager at Microsoft, dismissed Cooper’s claims and insisted that Windows Update has “for several months” been checking for file versions in addition to registry keys when scanning for patches.
Citing the patch for the latest Windows remote procedure call vulnerability (MS03-026), Toulouse said there have been “tens of millions of successful implementations of this patch, and we haven’t heard of a situation where customers think they have installed the patch and then find out they haven’t.”