Re: Why isn't KB925902 a re-release of MS07-008?



Its the patch referred to in 935448 (replaces Hhctrl.ocx) that looks like
a re-release of MS07-008 (replaces Hhctrl.ocx), but isn't treated as a
re-release of MS07-008.

Because it is not a re-release of MS07-008.

<quote>
CAUSE
This problem may occur after you install security update 925902 (MS07-017) and security update 928843 (MS07-008). The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.
<quote>
from...
Certain third-party applications may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation"
http://support.microsoft.com/kb/935448

KB935448 is a Hotfix not a Security Update.

Update for Windows XP (KB935448)
http://www.microsoft.com/downloads/details.aspx?familyid=74AD4188-3131-429C-8FCB-F7B3B0FD3D86&displaylang=en

A Hotfix is a patch to fix a bug in some file. In this case KB935448 is a Hotfix to fix a bug in Hhctrl.ocx that was also somehow compounded by the User32.dll file that is included in security update 925902. Also a problem if you have Realtek HD Audio Control Panel, ElsterFormular 2006/2007, TUGZip or CD-Tag installed.

Hotfix
Definition: A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a product and are cumulative at the binary and file level. A hotfix addresses a specific customer situation and may not be distributed outside the customer's organization.

Security Update
Definition: A security update is a broadly released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:4CEB634F-870D-4B29-B7BC-64F4DA968E6F@xxxxxxxxxxxxx,
pen <pen@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Sorry about that. I'll try to scratch that question and start over again.

Its the patch referred to in 935448 (replaces Hhctrl.ocx) that looks like
a re-release of MS07-008 (replaces Hhctrl.ocx), but isn't treated as a
re-release of MS07-008.

I wish I had been as rigorous in my question as you were with your
response.

I'll start over again.

"Wesley Vogel" wrote:

"The update number listed on the security bulletins corresponds to the
Microsoft Knowledge Base (KB) article ID number."
from...
http://www.microsoft.com/security/bulletins/update_number.mspx

"Microsoft Knowledge Base articles that are associated with security
updates that have been released since October 15, 2003, provide a link
to the corresponding security bulletin without duplicating some of the
same information in the security bulletin. All information that was
previously available only in the Knowledge Base article (such as file
information) is now provided in the security bulletin."
from...
http://support.microsoft.com/kb/824689

MS07-017 and KB925902 are the same thing. MS07-008 and KB928843 are the
same thing. KB925902 and KB928843 are NOT the same thing.

Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

MS07-017: Vulnerability in GDI could allow remote code execution
http://support.microsoft.com/kb/925902

Microsoft Security Bulletin MS07-008
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code
Execution (928843)
http://www.microsoft.com/technet/security/bulletin/MS07-008.mspx

MS07-008: A vulnerability in the HTML Help ActiveX control could allow
remote code execution
http://support.microsoft.com/kb/928843

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:250158F6-2F3D-4453-94B6-E6637C85C760@xxxxxxxxxxxxx,
pen <pen@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
More precisely, why isn't the security patch referred to by KB925902
treated as a re-release of the XP SP2 security patch referred to by
MS07-008? Sure, it fixes no new vulnerabilities; if you've already
installed MS07-008 and are having no problems with it (such as
installing the XP SP2 patch referred to by MS07-017), then there is no
security concern to address by installing the new patch (the patch
currently available from KB925902).

We've seen that before; we've seen patches re-released even though there
is no security benefit to the new patch.

What is different this time?

.



Relevant Pages

  • Re: KB978207 wont install, yep I searched
    ... There is no-charge for support calls that are associated with security updates. ... When you call, clearly state that your problem is related to a Security Update and cite the update's KB number. ... I've been having lots of trouble installing updates lately, ...
    (microsoft.public.windowsupdate)
  • Re: Apt-get upgrade for security announcement
    ... >> machine with the latest security fixes as advertised in the ... The emails imply that there are unstable packages avaialble. ... is for installing security updates to stable, ... version mentioned in the security update, ...
    (Debian-User)
  • Re: Problems with installation of security update kb969615
    ... powerpoint viewer does *not* show in add/remove programs. ... any security update listed in Add/Remove Programs can be ... Microsoft Update describes that I can remove installed security updates ... a security update Microsoft has released May ...
    (microsoft.public.windowsupdate)
  • Re: Downloaded Windows Updates fail to install in Windows Update
    ... MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ... Install Installation Ready: ... Update for Windows XP - Security Update for Windows XP ...
    (microsoft.public.windowsupdate)
  • Re: UPDATE ERROR- 80070643 & 80071A91
    ... no-charge support is available by calling 1-866-PCSAFETY in the United States and in Canada or by contacting your local Microsoft subsidiary. ... There is no-charge for support calls that are associated with security updates. ... When you call, clearly state that your problem is related to a Security Update and cite the update's KB number. ... Security Update for Windows Media Format Runtime 11 for Windows Vista ...
    (microsoft.public.windowsupdate)