Re: Why isn't KB925902 a re-release of MS07-008?



Sorry about that. I'll try to scratch that question and start over again.

Its the patch referred to in 935448 (replaces Hhctrl.ocx) that looks like a
re-release of MS07-008 (replaces Hhctrl.ocx), but isn't treated as a
re-release of MS07-008.

I wish I had been as rigorous in my question as you were with your response.

I'll start over again.

"Wesley Vogel" wrote:

"The update number listed on the security bulletins corresponds to the
Microsoft Knowledge Base (KB) article ID number."
from...
http://www.microsoft.com/security/bulletins/update_number.mspx

"Microsoft Knowledge Base articles that are associated with security updates
that have been released since October 15, 2003, provide a link to the
corresponding security bulletin without duplicating some of the same
information in the security bulletin. All information that was previously
available only in the Knowledge Base article (such as file information) is
now provided in the security bulletin."
from...
http://support.microsoft.com/kb/824689

MS07-017 and KB925902 are the same thing. MS07-008 and KB928843 are the
same thing. KB925902 and KB928843 are NOT the same thing.

Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

MS07-017: Vulnerability in GDI could allow remote code execution
http://support.microsoft.com/kb/925902

Microsoft Security Bulletin MS07-008
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution
(928843)
http://www.microsoft.com/technet/security/bulletin/MS07-008.mspx

MS07-008: A vulnerability in the HTML Help ActiveX control could allow
remote code execution
http://support.microsoft.com/kb/928843

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:250158F6-2F3D-4453-94B6-E6637C85C760@xxxxxxxxxxxxx,
pen <pen@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
More precisely, why isn't the security patch referred to by KB925902
treated as a re-release of the XP SP2 security patch referred to by
MS07-008? Sure, it fixes no new vulnerabilities; if you've already
installed MS07-008 and are having no problems with it (such as installing
the XP SP2 patch referred to by MS07-017), then there is no security
concern to address by installing the new patch (the patch currently
available from KB925902).

We've seen that before; we've seen patches re-released even though there
is no security benefit to the new patch.

What is different this time?


.



Relevant Pages

  • Microsoft Security Bulletin Severity Rating System Changes
    ... >scheme for Microsoft issued security bulletins. ... Severity Rating System ... >The MSRC issues a bulletin for any product vulnerability ... >presents our security bulletin severity rating system. ...
    (microsoft.public.security)
  • Re: Virus or from Microsoft?
    ... > to alert you of this Security Bulletin. ... > and a patch regarding a vulnerability in the ... > likelihood of the exploitation of this vulnerability. ...
    (microsoft.public.windowsxp.security_admin)
  • Is this email the real thing?
    ... Microsoft customers to alert you of this Security ... critical security bulletin and a patch ... likelihood of the exploitation of this vulnerability. ...
    (microsoft.public.security)
  • Recieved email today
    ... to alert you of this Security Bulletin. ... and a patch regarding a vulnerability in the ... likelihood of the exploitation of this vulnerability. ...
    (microsoft.public.security)
  • SSRT051030 rev.0 - HP OpenView Event Correlation Services (OV ECS) Remote Unauthorized Privileged Ac
    ... The information in this Security Bulletin should be acted upon ... A potential vulnerability has been identified with OpenView Event ... B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux. ...
    (comp.sys.hp.hpux)