Windows Critical Update

From: Bil Corry (bil@BILCORRY.COM)
Date: 12/19/01 

Date:         Wed, 19 Dec 2001 08:41:15 -0800
From: Bil Corry <bil@BILCORRY.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ,

This is odd. I have the Windows Critical Updates Alert installed on my W2K box (which directs you to windowsupdate.microsoft.com when a "critical update" is available). It just alerted me to install:

> Security Update, November 13, 2001 (Internet Explorer 6)
> 447 KB/ Download Time: 1 min
> This update resolves the "13 November 2001 Cumulative Patch for Internet Explorer"
> security vulnerability in Internet Explorer 6, and is discussed in Microsoft
> Security Bulletin MS01-055. Download now to prevent a malicious user from reading
> or altering the cookies on your computer.

However, HFNETCHK shows that I'm fully patched:

> * Internet Explorer 6 Gold
>
> INFORMATION
> All necessary hotfixes have been applied.

Yesterday I installed IE6.0 (upgraded from IE5.5) then installed MS01-58. I never did install MS01-55 since MS01-58 was "Cumulative" and HFNETCHK showed that I was patched.

So which is right? Critical Update or HFNETCHK?

<sigh>

- Bil

======================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
======================================
Protect your servers with 128-bit SSL encryption!
Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will
learn everything you need to know about using SSL to encrypt your e-commerce
transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016065650057000
======================================

Relevant Pages

  • [NT] Microsoft Agent Remote Code Execution (MS07-020)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Outlook Express open HTML e-mail messages in the Restricted sites zone. ... section for more information about Internet Explorer Enhanced Security ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft Agent Allows Code Execution (MS06-068)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... for more information about Internet Explorer Enhanced Security ... Configure Internet Explorer to prompt before running ActiveX Controls ...
    (Securiteam)
  • [NT] Vulnerability in Microsofts HTML Converter Could Allow Code Execution
    ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... Internet Explorer on Windows Server 2003 runs in Enhanced ... all intranet Web sites and all Universal Naming Convention paths ...
    (Securiteam)
  • [NT] Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (MS06-073)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... allow-list for ActiveX controls in Internet Explorer 7. ...
    (Securiteam)
  • [NT] Cumulative Patch for Internet Explorer (MS03-040)
    ... Get your security news from a reliable source. ... all previously released patches for Internet Explorer 5.01, ... * A vulnerability that occurs because Internet Explorer does not properly ... could be possible for an attacker who exploited this vulnerability to run ...
    (Securiteam)