Re: windows update on XP Pro and MS02-013

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 10/31/02 

Date:         Wed, 30 Oct 2002 18:21:33 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Microsoft have published;

http://support.microsoft.com/default.aspx?scid=kb;en-us;q331663

regarding this issue. Basically, the Sun JRE modifies a registry key which Windows Update relies upon to determine whether MS02-013 was installed. Its not the same key used to verify MS02-052 installation. Because the key is modified, Windows Update says its not installed (I won't go back into my feelings about this form of problem).

MS' recommendation is to re-apply MS02-013.

The KB is very confusing;

1. On systems which have had MS02-052 installed, it seems reasonable to assume that despite Windows Update prompting you to install MS02-013 you are protected against vulnerabilities described in MS02-013 and MS02-052

2. On systems which have had only MS02-013 installed, you are still protected against that vulnerability, however, without re-applying MS02-013, you won't be able to get MS02-052 offered via Windows Update or Automatic Updates. I haven't checked to see if downloading the VM patch on its own and then running it will actually get it to apply (I doubt it).

3. However, if you re-apply MS02-013 on a system which already had MS02-052 then you'd also have to re-apply MS02-052, I would think, yet the KB article makes no mention of this.

4. They also don't make it clear whether or not there are any problems having the bits from MS02-052 on a system with Sun's JRE (the one that modifies the registry key).

Until its clearer, I'd recommend (if you can) holding off re-applying MS02-013 and put up with being told you need to re-apply it. Either the KB needs to be clearer, or WU/AU needs to look at another key for verification.

Of course HFNetchk and MBSA get it right, as would any other patch-checking program which doesn't rely entirely upon registry keys.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Relevant Pages

  • Re: Fax service dont send delivery receipt.
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Check the registry key to see if the Start value exists with the data ... >> Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: VSS Errors after disk clone
    ... I would like to confirm that after modifying the registry key, ... restart the server and try disabling and re-enabling Shadow Copy service? ... Microsoft Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Applying zone settings on Pop-up Blocker
    ... If you can find the registry key, and it was set correctly (including the ... Please note that the newsgroups are staffed weekdays by Microsoft Support ... >> It seems that the Pop-up policy has been enabled successfully from DC, ... >> Microsoft Windows XP - Nslookup subcommands ...
    (microsoft.public.windows.group_policy)
  • RE: .net runtime event log error 0
    ... Please try to add permission to the following registry key: ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... <Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: missing system.mdw file
    ... It's most likely a registry permissions issue. ... See if the following registry key is missing ... Microsoft Access Support ... Running the SCAN program from the Windows Update site will help ...
    (microsoft.public.access.setupconfig)