GuruGuy
join:2002-12-16
Atlanta, GA | reply to JmanB
Re: Microsoft Security Bulletins for 12/9/2003
The knowledge base article still have a November date on it and does NOT reflect the updated December date......the technet article DOES have the updated date stamp on it....someone needs to update the KB.
--
GuruGuy |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
2 edits | reply to JmanB
>On Wednesday 10 December 2003, Windows Update and Software Update Services (SUS) prompted some Windows XP users who were not at risk to install the security update MS03-051. This was due to a change in the Windows Update detection mechanism. This is being updated to ensure that Windows Update and SUS only prompts those Windows XP users who need it to install the security update MS03-051.
I have XP Pro SP1 and I was NOT offered this patch in November. I am now offered it. From your statement above, I gather that the current offer of the patch is erroneous because if I needed it I would have been offered it in November. Fine.
However, the updated MS03-051 states that:
>If you have the fp4awel.dll file on your system, you have FrontPage Server Extensions 2000 installed.
I have this file so I conclude I DO need the patch. Correct?
However, the bulletin also states that:
>Windows XP does not have FrontPage Server Extensions installed by default
I did not install FrontPage Server Extensions. But I have the file indicating the extensions are installed.
This is all about as clear as mud. Do I or don't I need this patch???
One more thing:
> However, those customers who determine that they do not need the Windows XP update for MS03-051 and want to remove it can do so as discussed in the "Security Update Information" section of the Security Bulletin.
Windows Update informs me that "once you have installed this item, it cannot be removed". So which is correct? Windows Update that says it cannot be removed or the Security Bulletin that says it can be removed?????
Third edit...Ahhhh...I think I finally understand. I checked in add/remove programs and I do NOT have the extensions installed. (I looked in the right place under details in IIS and the box for the extensions is not checked). So, why is the fp4awel.dll file being used as the way to determine if the extensions are installed? I have the file, but the extensions are NOT installed so I don't need the patch. Simple as that. Why does MS03-051 make it so confusing?
I guess I'll know if I figured this out correctly if Windows Update stops offering me the patch. 
--
"Everything can be taken from a man or woman
but one thing: the last of the human freedoms
- to choose one's attitude in any given set of
circumstances, to choose one's destiny."
Victor Frankl - Man's Search for Meaning
|
|
JmanB
Premium,VIP
join:2003-08-27
Redmond, WA
 ·Vonage
| reply to JmanB
I'll make a seperate post on this but since the MS03-051 (KB810217) issue is being dicussed in this thread, I'll go ahead and post it here as well:
On Wednesday 10 December 2003, Windows Update and Software Update Services (SUS) prompted some Windows XP users who were not at risk to install the security update MS03-051. This was due to a change in the Windows Update detection mechanism. This is being updated to ensure that Windows Update and SUS only prompts those Windows XP users who need it to install the security update MS03-051.
Customers who installed the security update MS03-051 do not need to take any action; the update is fully tested and supported on Windows XP. However, those customers who determine that they do not need the Windows XP update for MS03-051 and want to remove it can do so as discussed in the "Security Update Information" section of the Security Bulletin.
More information is available in the FAQ section of the Security Bulletin.
»www.microsoft.com/technet/securi···-051.asp
If you have any questions regarding this alert after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs: 
 ·Comcast
·Alameda Power & Te..
Host:
Broadband Modem (H..
MSN
DSL Extreme
Windstream
Southeast Asian Br..
| reply to skj
Thanks, skj, for finding that. It must have come out late today. I had given up looking. I haven't gotten the Security Bulletin yet.
sash 
--
Visit the San Francisco Bay Area Forum |
|
skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Atlanta, GA
Host:
Charter HSI/CATV
Earthlink DSL
Embarq
ISP b2b etc
Cisco
2 edits | reply to JmanB
Something with today's date:
From: »www.microsoft.com/technet/treevi···-051.asp
Microsoft Security Bulletin MS03-051
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Issued: November 11, 2003
Updated: December 10, 2003
Version: 1.4
V1.4 December 10, 2003: Updated the FAQ section to reflect a new Windows Update offering on Windows XP. |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| reply to GuruGuy
said by GuruGuy  :
It's been available (AGAIN) for several hours....
...late bloomer, I am! |
|
GuruGuy
join:2002-12-16
Atlanta, GA | reply to JmanB
It's been available (AGAIN) for several hours....
--
GuruGuy |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
1 edit | reply to JmanB
One Critical Update Available Now.
»v4.windowsupdate.microsoft.com/e···ault.asp |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to JmanB
Here is the KB....as you can see, it was released in NOV 2003 and there is no modification to the date....still says NOV 2003. Is it being re-released? Did they forget to release it in Nov? WTH?
»support.microsoft.com/?kbid=810217
--
GuruGuy |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to skj
>When you click on "read more..." for the update it takes you to a page which states: " No Security Bulletins for December Monthly Release (December 9, 2003)
I just ran Windows Update and the critical patch is shown, but I have no "read more" place to click! I have never, ever before seen a critical patch on Windows Update site where I could not learn more about the patch! If I hadn't just read the Cnet article and what Lucy had to say via antdude's post, I would be wondering if someone had hacked into Windows Update and was spoofing us! I'd say Cnet's characterization of Microsoft confusing itself is a bit mild!
I checked and I do have the web server extensions that Lucy mentions located where she indicates. I guess I am one of those to whom the update was supposed to be offered in November but was not. However, I do NOT have XP home edition. I have XP Pro version SP1a. Lucy says this fix is for those with XP HOME SP1 who don't have FrontPage Server Extension in Add/remove. Well I have XP PRO and I don't have this extension in Add/remove but I have it nonetheless. So, where do I fit in this scenario?
To confuse matters further, where is the Microsoft Security Bulletin for this? I received nothing in my email yesterday or today. I do not have automatic update turned on. I rely on the Security Bulletin List serve and this site for notifications. So where is the security bulletin for this? Even if this patch is just a reissue for those who were not offered the patch last month for some strange reason, then why is there not a Bulletin explaining this and why have I not received this Bulletin in my email?
--
"Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| reply to GuruGuy
Very confusing! Even on a clean XP Professional!
I asked Lucy if this update was an error to show up:
"No, it's not an error. This is a valid update. If you have the web server extensions then Windows Update will offer the update to install."
Anyways, share your finds on msnews.microsoft.com newsgroup server in microsoft.public.windowsupdate newsgroup.
--
-- Ant @ The Ant Farm: »antfarm.ma.cx |
|
mrgeek
Premium
join:2002-12-13
Dundee, IL
clubs:
1 edit | reply to JmanB
I wish jbMSFT would stop by and clear this up for us.
--
A wise man is nothing more than an old fool |
|
skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Atlanta, GA | reply to JmanB
When you click on "read more..." for the update it takes you to a page which states: " No Security Bulletins for December Monthly Release (December 9, 2003) " A bit confusing to say the least. |
|
GuruGuy
join:2002-12-16
Atlanta, GA | reply to JmanB
Well now it's back again! Wish the hell they'd make up their mind...it's here, it's gone, it's here, it's gone.....
--
GuruGuy |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  reply to JmanB
/. and CNET on new patches this week.
»slashdot.org/article.pl?sid=03/1···&tid=187
--
-- Ant @ The Ant Farm: »antfarm.ma.cx |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to JmanB
This was an issue on our end. Yesterday we made changes to the detection
for this update and that's why Windows Update is offering the update today.
----------------
What does she mean that's why they are offering it today? I haven't seen it since it appeared lastnight and then disappeared..........
--
GuruGuy |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  reply to GuruGuy
FYI! Two informative newsgroup replies from MS:
-------- Original Message --------
Subject: Re: KB810217 - MS03-051 - Appreared today via Windows Automatic Update - Why?
Date: Wed, 10 Dec 2003 11:55:29 -0800
From: Lucy [MS]
Newsgroups: microsoft.public.windowsupdate
References:
Hi Joe,
This was an issue on our end. Yesterday we made changes to the detection
for this update and that's why Windows Update is offering the update today.
Thanks,
Lucy [MS]
--
For those who use Windows XP Home SP1 and do not have FrontPage Server Extensions installed in Windows' Add/Remove Components.
-------- Original Message --------
Subject: Re: KB810217 - MS03-051 - Appreared today via Windows Automatic Update - Why?
Date: Wed, 10 Dec 2003 11:59:42 -0800
From: Lucy [MS]
Newsgroups: microsoft.public.windowsupdate
References:
Hi Ant,
Do you have the web server extensions?
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
fp4autl.dll
Thanks,
Lucy [MS]
--
-- Ant @ The Ant Farm: »antfarm.ma.cx |
|
MrFixIT
Premium
join:2002-04-12
here
| reply to JmanB
Thanks for the updates JmanB !
BTW - did anyone else notice the cut and paste job at the end of first two answers?
quote:
Microsoft works to ensure the quality of all products, and a patch release is treated much like a small scale product release in terms of quality control. Microsoft would not release a product until it was tested and proven reliable, and patch releases are no different.
--
You are depriving some poor village of its idiot. |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  reply to mrgeek
I noticed my office machine with Windows XP Home SP1 (Dell OEM; all updates except yesterday's update that is mentioned) showed this update. I cannot find this FrontPage Server Extensions package in Windows' Add/Remove Components list. I don't think XP Home even has this feature.
I am not going to get it until I hear words from Microsoft.
--
-- Ant @ The Ant Farm: »antfarm.ma.cx |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland | reply to JmanB
Still 19 vulnerabilities unpatched
Couple ones fixed, 19 more to fix. And they dont care.
»www.safecenter.net/UMBRELLAWEBV4···dex.html |
|
