MS01-013 revised

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 10/12/01

Message-ID:  <>
Date:         Fri, 12 Oct 2001 11:34:23 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      MS01-013 revised


Numerous people reported seeing MS01-013 show up in HFNetchk scans on
their systems as being needed, or "Not Found". They were sure they
had applied it.

MS01-013 was revised due to what Microsoft calls a "packaging error"
in pre-Windows 2000 SP3 fixes. The packaging error is understandable.
When MS develops SPs they do a code freeze at a given point in time
to ensure the SP doesn't cause errors. From the code freeze date to
the release of the SP, MS still issues Hotfixes and PSS QFE fixes as
needed. Anything done after the code freeze goes into the next SP.

What's not readily understandable is why it has taken 7 months to
revise the Hotfix.

According to;

you must get the revised version of these Hotfixes (assuming you
applied the *preliminary*, unfixed, version) to ensure that you do
not "cause the loss of some of the fixes that are included in SP2".
The KB article states that if you have a pre-SP3 fix dated prior to
May 16, 2001, then it is a *preliminary* version and needs to be
updated. Check the KB article for the full list of affected fixes
(most you never needed).

Unfortunately, there doesn't appear to be any details as to what
"loss" we may have been seeing during these past 7 months. I had
thought that the problems were strictly related to the ability for
the next SP to be applied properly, but the KB article seems to
suggest other, possibly more important, issues.

In addition, the KB article refers to a total of *98* fixes that have
been released which contain these packaging errors, any of them
potentially causing a "loss of some of the fixes that are included in

On my systems it appears that MS01-013 is the only Security Bulletin
that is affected by this, but your mileage may vary. If you find that
a Security Bulletin shows up in HFNetchk which you know you have
applied, double-check the Microsoft Security Bulletin to see if it
was revised due to a packaging error (check the revision history at
the bottom of the bulletin). Microsoft are still having problems with
their Security Website in that information gets into the XML before
it goes onto the Bulletin webpage.

Hopefully the Microsoft Security Response Center will provide some
clarification as to specifically what sort of "loss of some of the
fixes that are included in SP2" we're talking about, and which
Security Bulletins are affected.

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Version: PGP Personal Privacy 6.5.2


Delivery co-sponsored by Trend Micro, Inc.
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:;=245&UL;=http://www.ant