RE: NT Users SHOULD be CAREFULL when applying NT hotfixes "Multip le version problem inside NT Hotfixes"

From: Russ (Russ.Cooper@rc.on.ca)
Date: 10/05/01


Message-ID: <E9A01F52DC939448BBDE44ED2E1C468F1F179A@muskie.rc.on.ca>
From: Russ <Russ.Cooper@rc.on.ca>
To: BUGTRAQ <BUGTRAQ@SECURITYFOCUS.COM>
Subject: RE: NT Users SHOULD be CAREFULL when applying NT hotfixes "Multip le version problem inside NT Hotfixes"
Date: Thu, 4 Oct 2001 19:47:10 -0400 

1. There is no "patch" for MS00-078. The patch for that vulnerability was
the patch released for MS00-057. MS00-057 was superceded by MS00-060. Ergo,
if you have MS00-060 then you don't need MS00-057, and don't need anything
from MS00-078.

In the case of NT, if you try to install MS00-057 over MS00-060 then you
will be told you're attempting to overwrite newer files with older files. In
the case of Windows 2000, this cannot be done at all.

Also, in your reference to the MS00-057 patch you reference the Alpha
download binary but include the intel binary name. How'd you construct this
URL?

2. In the case of MS00-090, the KB article associated with the patch refers
to the version number 6.4.7.1113, not 6.4.9.1110;

http://support.microsoft.com/support/kb/articles/q280/4/19.asp

dxmasf550.dll has the correct version number, whereas dxmasf.dll has a
different number (the 6.4.9.1110 that you mention). I suspect that
dxmasf550.dll is implement in certain scenarios, and dxmasf.dll is
implemented in others. Chances are dxmasf550 is used when IE 5.5 is
installed, but that's only a guess.

Either way, have you verified that the Media Player is still vulnerable
after applying the patch. I've had no reports indicating that it is.

Cheers,
Russ - NTBugtraq Editor



Relevant Pages

  • Re: HfNetChk and Q299444 problem
    ... You are running HFNetChk with the -a m switch to show missing hotfixes, ... Just because one rollup patch delivers all the fixes contained in earlier ... each patch irregardless of the supersedences, and as you've seen below, it ...
    (Focus-Microsoft)
  • HfNetChk and Q299444 problem
    ... after installing this package ... HfNetChk reports missing hotfixes, ... patch to be considered installed. ...
    (Focus-Microsoft)
  • Re: neues IE-Update "KB867801"
    ... Hotfixes werden *nicht* über Windows Update angeboten. ... Zeit auch im Download Center von Microsoft zum öffentlichen ... einen älteren Patch mit installieren, ...
    (microsoft.public.de.german.inetexplorer.ie6)
  • Re: Security Updates...
    ... Die wenigsten dieser Hotfixes sind Sicherheitshotfixes. ... dass solche Hotfixes nur über den Microsoft ... Da die Hotfixes nicht für alle Umgebungen getestet worden ... Issues That Are Resolved in SQL Server 2000 Patch ...
    (microsoft.public.de.sqlserver)
  • Re: MS02-059 Security Bulletin
    ... Surely if this Bulletin is for a security vunerablility in ... >Hotfixes require a call, and the tech has to be ... >> mention in the security Bulletin MS02-059, ... >> to him all I wanted was the patch to download, ...
    (microsoft.public.security)