New MSSecure.XML Version 2005.08.09.0 Now Available

From: Doug Neal [MSFT] (dugn_at_online.microsoft.com)
Date: 08/09/05 

Date: Tue, 9 Aug 2005 10:01:48 -0700

MBSA 2.0 detection is based strictly on Microsoft Update, so all inquiries
regarding MBSA 2.0 patch detection for this month's release should by sent
to the public microsoft.public.softwareupdatesvcs newsgroup. This
announcement is specific to MBSA 1.2.1 and the underlying MSSecure.XML file
that services the MBSA 1.2.1 tool.

MSSECURE.XML Data Version 2005.08.09.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, August 9, 2005, and is now available
for all supported languages (English, French, German and Japanese). Today's
release contains 6 new bulletins and 2 re-releases. All 6 new bulletins are
fully supported by MBSA 1.2.

The first re-release, MS05-032 (MSAgent) requires no change in
previously-released MBSA 1.2 detection since it affects 64-bit only
(MS05-032 - MSAgent). The second re-release, MS05-023 (Word Viewer 2003) is
supported by a revised (v2) version of the April Enterprise Scan Tool
(EST) - which also enables this bulletin for automatic deployment through
Microsoft's Systems Management Server (SMS) using the SUS Feature Pack.

August Re-releases

1) MS05-023 (Word Viewer 2003) - 880169 - not supported by MBSA, but
supported by revised (v2) April edition of the EST Tool.

2) MS05-032 (MSAgent re-release) - 890046 - this patch replaces the
original MS05-032 release for 64-bit platforms only. No changes have been
made to the 32-bit platforms. Since MBSA 1.2 only supports 32-bit
platforms, there is no change to MBSA 1.2 or SMS SUS Feature Pack detection.

New August Bulletins

3) MS05-038 (IE Cumulative) - 896727. This patch replaces the
previous IE Cumulative Patch (MS05-025) and the JView Profiler patch
(MS05-037) for supported platforms.

4) MS05-039 (SMB/PNP) - 899588.

5) MS05-040 (TAPISRV) - 893756.

6) MS05-041 (TS/RDP) - 899591.

7) MS05-042 (Kerberos) - 899587.

8) MS05-043 (SpoolSV) - 896423.

Additional Technical Issues for this release:

· MS05-037 (JView) replaced by MS05-038 (IE Cumulative Patch): Today's
MS05-038 Internet Explorer Cumulative Patch contains a superset of the
single registry key used to resolve the MS05-037 (JView) vulnerability. If
MS05-037 is removed from a machine, it will remove a registry key that is
required for MS05-038 to be considered fully installed. This is expected
and correct.

· MDAC 2.8 Gold, SP1 and SP2: For customers with MDAC 2.8, the
'latest service pack' warning has been re-instated. Although SP2 comes
bundled with other releases, since SP1 is the latest downloadable service
pack that can be installed separate for other products, MBSA 1.2 will report
MDAC 2.8 SP1 as the latest available service pack. For customers on MDAC
2.8 SP2, the warning stating "MDAC 2.8 SP2 is installed, SP1 is the latest
available service pack for this product," can be ignored

· MS05-004 (MDAC): MBSA was not reporting the need for MS05-004 on
platforms where MDAC 2.8 Gold was installed. This has been fixed with this
release.

----------------------------

What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://support.microsoft.com/default.aspx?id=894193 

-- 
Doug Neal [MSFT]
dugn@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft 
Baseline
Security Analyzer (MBSA). Information is available at the following link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.

Relevant Pages

  • Re: New MSSecure.XML Version 2005.07.12.0 Now Available
    ... >>> release contains 3 new bulletins, all 3 of which are fully supported by ... >>> scans only when using MBSA. ... >>> As part of an ongoing commitment to provide detection tools for complex ... >>> provide detection support based on the specifics of each release. ...
    (microsoft.public.security)
  • New MSSecure.XML Version 2005.06.14.0 Now Available
    ... 7 of which are fully supported by MBSA. ... There are also 3 re-releases for previously released bulletins listed below: ... As part of an ongoing commitment to provide detection tools for complex ... feel free to contact PSS for support on the Microsoft ...
    (microsoft.public.security)
  • New MSSecure.XML Version 2005.07.12.0 Now Available
    ... MSSECURE.XML Data Version 2005.07.12.0 (for use by MBSA 1.2 and SMS SUS ... There is also a single re-release for previously released bulletins listed ... Full support in SMS. ... As part of an ongoing commitment to provide detection tools for complex ...
    (microsoft.public.security)
  • Re: MS04-027 and MS04-028 not detected
    ... MBSA only has local detection capability for those 6 office products through its ... >> MBSA does not support either of these patches for patch detection, ... Cross-posting to SMS ...
    (microsoft.public.sms.tools)
  • Re: New MSSecure.XML Version 2005.07.12.0 Now Available
    ... feel free to contact PSS for support on the Microsoft ... Security Analyzer (MBSA). ... >> release contains 3 new bulletins, all 3 of which are fully supported by ... >> As part of an ongoing commitment to provide detection tools for complex ...
    (microsoft.public.security)
Quantcast