Re: HFNETCHK -v

From: Charles Otstot (saries@nc.rr.com)
Date: 11/21/02 

From: "Charles Otstot" <saries@nc.rr.com>
Date: Thu, 21 Nov 2002 08:51:13 -0500

Hi Stephan,

Q306460 hasn't been updated to include references to the later patches, my
apologies.
The only way to know how to interpret the output for those patches is
double-checking the security bulletin for which you are being alerted. The
bulletin will give you information on what is required for patching and how
to verify installation (assuming a patch and not a configuration change).
For example, we know (both from the original bulletin and Q306460) that
MS01-022 has multiple versions of msdaipp.dll considered "appropriate", but
the xml file cannot check against all the versions, so we get a Note
message. Checking the FAQ section of the bulletin reveals that there are
three affected versions of msdaipp.dll. If you have one of the affected
versions, you need to apply the patch, if not you're ok (the default install
of Windows 2000 installs an affected version, btw).

"Stephen Pak" <asiats@hotmail.com> wrote in message
news:eAXMA9PkCHA.1988@tkmsftngp08...
> Charles,
>
> Thank you for your response.
>
> I did use hfnetchk with "-v" already. However, it always gives me the
> following message:
>
> I copy and paste the result from hfnetchk in here.
>
> * WINDOWS 2000 SERVER SP3
>
> Note MS01-022 Q296441
> Please refer to Q306460 for a detailed explanation.

See Above (SP3 does NOT patch this).

>
> Warning MS02-008 Q318203
> File C:\WINNT\system32\msxml3.dll has a file version that is
> greater than what is expected.

This looks like you have IE 6 SP1 installed. If so, your output is correct
*and* you are patched.
>
> Note MS02-053 Q324096
> Please refer to Q306460 for a detailed explanation.

Again, multiple products with multiple patches, refer to MS02-053 to see if
you have applied the appropriate patch or if you even need to patch. (This
one gives a Note even if you don't have Front Page extensions installed).

>
> Note MS02-064 Q327522
> Please refer to Q306460 for a detailed explanation.

This is a configuration change rather than a patch. The xml file does not
check for the change.

>
>
> * INTERNET INFORMATION SERVICES 5.0
>
> Information
> All necessary hotfixes have been applied.
>
> * INTERNET EXPLORER 6 SP1
>
> Note MS02-065 Q329414
> Please refer to Q306460 for a detailed explanation.

Multiple versions of MDAC, you'll need to check the security bulletin to see
which applies to your server.
>
>
> * SQL SERVER 2000 SP2
>
> Note MS02-030 Q321858
> Please refer to Q306460 for a detailed explanation.
>
> Note MS02-030 Q321858
> Please refer to Q306460 for a detailed explanation.
>
> Note MS02-030 Q321460
> Please refer to Q306460 for a detailed explanation.
>
> Note MS02-030 Q320833
> Please refer to Q306460 for a detailed explanation.

Multiple versions of SQLXML may be involved, check the bulletin and your
system to make sure you have the right version.

>
> Note MS02-035 Q263968
> Please refer to Q306460 for a detailed explanation.
>
This refers to a utility to remove passwords for files that may or may not
exist, the bulletin will give you the files to check. If the passwords are
not in the files you're ok.

> Note MS02-039 Q323875
> Please refer to Q306460 for a detailed explanation.
The xml is not checking this one, refer to the security bulletin and Q323875
to verify installation.

>
> Note MS02-040 Q326573
> Please refer to Q306460 for a detailed explanation.
>
> Note MS02-040 Q326573
> Please refer to Q306460 for a detailed explanation.

MDAC again, this is probably covered by MS02-065, but you'll need to verify
(as I have not verified this yet).
>
> Note MS02-061 Q316333
> Please refer to Q306460 for a detailed explanation.
There are SQL procedures to run as well as file changes, refer to the
security bulletin and Q316333 to verify your installation.

Hope this clears the current output up for you and gives you a handle on
checking and verifying future results.

Charlie

Relevant Pages