Re: Problems with MS05-013
From: John Groth (johng_at_PURDUE.EDU)
Date: 02/25/05
- Previous message: Russ: "Re: Firescrolling [Firefox 1.0]"
- In reply to: Ian Hayes: "Problems with MS05-013"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 11:47:07 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Ian Hayes wrote:
> ? As part of our patch management process, we have as part of our
> login scripts a control that verifies that various patches and
> hotfixes have been installed by checking file version numbers.
Not a bad plan, but if you were really paranoid maybe check the file
hashes against hashes from trusted binaries too.
> I'm seeing a problem with MS05-013. According to the KB article for this
> hotfix, the updated file provided for his fix is dhtmled.ocx, and
> should be at version 6.1.0.9232. After installing the hotfix, I was
> suprised to see that our hotfix checker still tagged my computer.
> Lookint at the file properties, my version of dhtmled.ocx has a value
> of 6.1.0.8244. Clicking on the actual File Version property shows a
> very different 6.01.8244.
You've found your discrepancy, now it is time to further investigate.
Verify the file information that is displayed on Microsoft's KB article.
Download the patch from Microsoft and execute "patch.exe /extract"
From there you can verify the actual file versions that are included in
the patch. Sometimes Microsoft makes an error and the actual version
distributed in the patch binaries is different than what they say in
their bulletins and KB articles. Usually someone, like me, will report
a discrepancy in the bulletin/KB information shortly after the patch
release. Verify the file version information in the actual patch binary
you used to install on that machine. If the patch is good and your
machine is not being updated properly - find out why the patch is
failing. Is the update process getting killed or interrupted somehow?
Does that machine need a reboot after the patch?
> While it's easy for me to change the expected version number in our
> checker, I'd like to make sure that this hotfix is actually being
> applied and the correct file is being installed.
Verify the file versions against what is in the patch binary along with
what Microsoft says. You will then know the proper version number you
should have in your script.
If you are having trouble applying a security patch from Microsoft you
should be able to open up a free ticket with their product support
services group to resolve the issue.
cheers,
~johng
-- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --
- Previous message: Russ: "Re: Firescrolling [Firefox 1.0]"
- In reply to: Ian Hayes: "Problems with MS05-013"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
