RE: Microsoft Security Bulletin MS01-022
From: Mike Robertson (Mike@bsi.com)Date: 04/19/02
- Previous message: Davis, Matt: "URLScan 2.5 SRP"
- Maybe in reply to: Jeff Cox: "Microsoft Security Bulletin MS01-022"
- Next in thread: Shawn Fabbro: "RE: Microsoft Security Bulletin MS01-022"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike Robertson" <Mike@bsi.com> To: "JaVa_BoY" <java.boy@optushome.com.au>, "Jeff Cox" <jcox@docucorp.com>, <focus-ms@lists.securityfocus.com> Date: Fri, 19 Apr 2002 12:37:46 -0400
Brief from Q306460:
Windows 2000 and Windows NT 4.0 Computers
MS01-022 (Q296441) : This patch updates the Msdaipp.dll file to version
8.103.4004. In a typical patch situation, the Mssecure.xml file would
contain this file name, file version and checksum. If the system that is
being scanned contained this file, but didn't match the exact file
version and checksum, the patch would be considered to be not found.
However, with respect to this particular patch, these details cannot be
stored in the XML file without generating false positives during the
scan. Specifically, several Microsoft Office programs include
non-vulnerable versions of this file that are versioned greater than
8.103.4004. Hfnetchk.exe would interpret this higher version number as a
fileversion and checksum mismatch and would report a WARNING message
that states that the fileversion was greater than expected. To reduce
the number of false positive WARNING messages that are generated by this
tool, the file details were not entered into the XML database. To verify
that you are not vulnerable to this issue, you should verify that you
are running a version of this file that is 8.103.4004 or greater. If
this is the case, you may ignore this NOTE message.
Full Story:
This article pointer was forwarded to you from the Microsoft Online
Support site.
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q306460
-----Original Message-----
From: JaVa_BoY [mailto:java.boy@optushome.com.au]
Sent: Thursday, April 18, 2002 7:39 PM
To: Jeff Cox; focus-ms@lists.securityfocus.com
Subject: Re: Microsoft Security Bulletin MS01-022
I seem to have the same problem
MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in
Authorization Data
MS01-022 WebDAV Service Provider Can Allow Scripts to Levy Requests as
User
The first, according to
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
bulletin/MS02-001.asp, is in the Rollup Package which I have installed.
The second I have downloaded
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity
/bulletin/MS01-022.asp) and installed but still shows up.
----- Original Message -----
From: "Jeff Cox" <jcox@docucorp.com>
To: <focus-ms@lists.securityfocus.com>
Sent: Friday, April 19, 2002 4:22 AM
Subject: Microsoft Security Bulletin MS01-022
> I ran the MBSA pgm and it said I need to run the update from this
bulletin.
> However, I have run this rbupdate several times and it doesn't seem to
take.
> Any ideas?
>
> Jeff
>
>
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.350 / Virus Database: 196 - Release Date: 4/17/2002--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.350 / Virus Database: 196 - Release Date: 4/17/2002
- Previous message: Davis, Matt: "URLScan 2.5 SRP"
- Maybe in reply to: Jeff Cox: "Microsoft Security Bulletin MS01-022"
- Next in thread: Shawn Fabbro: "RE: Microsoft Security Bulletin MS01-022"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
