RE: NT Users SHOULD be CAREFULL when applying NT hotfixes "Multip le version problem inside NT Hotfixes"

From: Russ (Russ.Cooper@rc.on.ca)
Date: 10/05/01


Message-ID: <E9A01F52DC939448BBDE44ED2E1C468F1F179A@muskie.rc.on.ca>
From: Russ <Russ.Cooper@rc.on.ca>
To: BUGTRAQ <BUGTRAQ@SECURITYFOCUS.COM>
Subject: RE: NT Users SHOULD be CAREFULL when applying NT hotfixes "Multip le version problem inside NT Hotfixes"
Date: Thu, 4 Oct 2001 19:47:10 -0400 

1. There is no "patch" for MS00-078. The patch for that vulnerability was
the patch released for MS00-057. MS00-057 was superceded by MS00-060. Ergo,
if you have MS00-060 then you don't need MS00-057, and don't need anything
from MS00-078.

In the case of NT, if you try to install MS00-057 over MS00-060 then you
will be told you're attempting to overwrite newer files with older files. In
the case of Windows 2000, this cannot be done at all.

Also, in your reference to the MS00-057 patch you reference the Alpha
download binary but include the intel binary name. How'd you construct this
URL?

2. In the case of MS00-090, the KB article associated with the patch refers
to the version number 6.4.7.1113, not 6.4.9.1110;

http://support.microsoft.com/support/kb/articles/q280/4/19.asp

dxmasf550.dll has the correct version number, whereas dxmasf.dll has a
different number (the 6.4.9.1110 that you mention). I suspect that
dxmasf550.dll is implement in certain scenarios, and dxmasf.dll is
implemented in others. Chances are dxmasf550 is used when IE 5.5 is
installed, but that's only a guess.

Either way, have you verified that the Media Player is still vulnerable
after applying the patch. I've had no reports indicating that it is.

Cheers,
Russ - NTBugtraq Editor