Re: MS09-032 Installation
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Sun, 19 Jul 2009 12:17:48 -0400
QED: Will MS09-032 be offered by Automatic Updates or Windows Update if the work-around is in place or the now-withdrawn FixIt was applied?
ET wrote:
It is recommended to install the update even if you have done the work
around.
"FromTheRafters" wrote:Regarding that particular vulnerability, yes.
It is still a good idea to get the update rather than to rely on only
the workaround. The update does other things as well as address that
vulnerability.
"Sandy Wood" <sandy.wood@xxxxxxxxxx> wrote in message
news:46A498EB-F6D7-424B-A10E-4B53C4EBAC03@xxxxxxxxxxxxxxxx
So it sounds like the update does the same thing as the workaround!
--
Sandy Wood
Orange County District Attorney
"FromTheRafters" wrote:
"Sandy Wood" <sandy.wood@xxxxxxxxxx> wrote in message
news:A3737A7F-81DA-49E0-A6E5-43A6B4CC9CBA@xxxxxxxxxxxxxxxx
The security bulletin for MS09-032 fixes an ActiveX vulnerability
first
described in Security Advisory 972890. We applied the workaround
described
there for our XP and Windows 2003 systems.
Apparently the "workaround" does the same thing that the "update"
does
regarding that vulnerability. The update addresses other items
though,
and should be taken advantage of.
Now that the Security Bulletin is
released we're wondering what would happen should we apply MS09-032
and then
undo the fix in 927890.
You would be "updated" but then you would be undoing that part of the
update that addresses that particular issue. You would then no longer
be
offered that update because it is already installed - and remain
vulnerable do to your manual mis-configuration.
MS09-032 answers the question by describing a
scenario of Vista and Win 2008 systems, not XP or Win 2003. Here's
the
FAQ
I'm talking about:
What would happen if I install this update and then undo the
workaround from
Microsoft Security Advisory 972890?
In this scenario, customers of Windows Vista and Windows Server
2008
install
this security update for defense-in-depth and then either manually
undo the
workaround from Microsoft Security Advisory 972890, or use the
automated
Microsoft Fix it solution in Microsoft Knowledge Base Article
972890
to
disable the workaround. Such customers will no longer prevent the
Microsoft
Video ActiveX Control from running in Internet Explorer, making
their
systems
vulnerable. Also, such systems will not be reoffered this update
since
future
detection results will yield the successful installation that was
undone by
workaround.
Clear as mud...
For people between the ages of 20 and 57, it is not a good idea to
stick
your fingers in an energized lightbulb socket.
.
- References:
- MS09-032 Installation
- From: Sandy Wood
- Re: MS09-032 Installation
- From: Sandy Wood
- Re: MS09-032 Installation
- From: ET
- MS09-032 Installation
- Prev by Date: Re: MpsSvc service?
- Next by Date: Re: MpsSvc service?
- Previous by thread: Re: MS09-032 Installation
- Next by thread: Re: MS09-032 Installation
- Index(es):
Relevant Pages
|
