Discussion:
New MSSecure.XML Version 2005.02.08.0 Now Available
(too old to reply)
Doug Neal [MSFT]
2005-02-08 19:06:43 UTC
Permalink
MSSECURE.XML Data Version 2005.02.08.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February 8, 2004, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 12 new bulletins and 1 re-release - 10
of which are fully supported for MBSA detection and SMS deployment.

This release fully supports the following new bulletins:

MS04-035 (Exchange) - re-release to add Exchange 2000 SP3 support
MS05-004 (ASP .Net) - Not supported by MBSA, but supported by EST
MS05-005 (Word) - supported by MBSA (using ODT) for local scans only
MS05-006 (SharePoint) - STS supported by MBSA (using ODT) for local scans
only. WSS supported by EST

MS05-007 (Session Link) - 888302.
MS05-008 (Shell) - 890047.
MS05-009 (LibPNG) - WMP portion supported, Messenger variants not
supported. EST supports all aspects of LibPNG

MS05-010 (License Logging) - 885834. Also includes Windows NT 4.0 Server
and Windows NT 4.0 TSE support

MS05-011 (SMB) - 885250.
MS05-012 (OLE) - 873333.
MS05-013 (DHTML) - 891781.
MS05-014 (IE) - 867282.
MS05-015 (HLINK) - 888113.

There are a number of technical issues with today's release that may be
valuable to enterprise administrators:

LibPNG and WMP / Messenger Support
The LibPNG vulnerability spans products supported by MBSA (WMP9) and
products not supported by MBSA (Windows and MSN Messenger). Usually,
unsupported products would not generate a warning in MBSA (no 'less than'
warning, no note message - nothing. See KB306460 for details). Since this
could mislead customers with the WMP patch applied to believe they are
patched for all known vulnerabilities (since no message would appear for
vulnerable Messenger versions), the 'Windows OS' security check will report
a Note Message for all potentially affected platforms (i.e., any platform
where an affected version of Messenger could be installed). This is
expected behavior. This Note Message will appear regardless of whether an
affected version of Messenger is installed as a precaution to alert
customers to manually check the applicability of their systems for the
Messenger-based versions of this fix. The Enterprise Scan Tool (EST) can be
used as a single tool to scan for LibPNG vulnerabilities that MBSA cannot
detect.

MS04-044 fix
The December 2004 MSSECURE file included unnecessary detection for the
optional KDCSVC.DLL file. This caused the MS04-044 patch to never indicate
it was fully installed for MBSA users and could cause SMS to potentially
re-deploy the package. This issue has been fixed with today's release

MS04-037 no longer replaces (supersedes) MS04-024
In addition to correctly removing the supersedence between MS04-024 and
MS04-037, previously-released MSSECURE files lacked detection for a critical
Security Zone setting detailed in the MS04-024 bulletin.

Internet Explorer 6.0 SP1 no longer supported on NT 4.0
Although MBSA will scan for all Internet Explorer issues detailed in
MS05-014, it will not distiguish between Internet Explorer 6.0 SP1 installed
on a supported Windows operating system and when it is installed on Windows
NT 4.0 platforms that are no longer in support.

More information can be found in the MS05-014 bulletin under the section
titled, "Extended security update support for Microsoft Windows NT 4.0
Workstation Service Pack 6a and Windows 2000 Service Pack 2 ended on June
30, 2004. Extended security update support for Microsoft Windows NT 4.0
Server Service Pack 6a ended on December 31, 2004." You may also refer to
the Microsoft Supported Service Packs page at
http://support.microsoft.com/gp/lifesupsps


What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://www.microsoft.com/downloads/details.aspx?FamilyId=84B16991-032F-4FF1-8144-57C867FFABFF&displaylang=en
--
Doug Neal [MSFT]
***@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
Security Analyzer (MBSA) at the following link:
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Greg
2005-02-08 22:16:10 UTC
Permalink
Doug,

There appears to be a problem with the new XML file and Windows XP SP2
machines.

I scanned my machine using the command line utility and it reported all the
correct items as missing, but it did not tell me that I had Internet
Explorer SP2 installed or that I had Windows Media Player 10 installed. All
the missing items were shown under the OS category.

I checked some W2K machines and XP SP1 machines and both the IE and MP
categories were listed.

Not a huge problem by any means, I just though you might like to know.

Greg
Post by Doug Neal [MSFT]
MSSECURE.XML Data Version 2005.02.08.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February 8, 2004, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 12 new bulletins and 1 re-release - 10
of which are fully supported for MBSA detection and SMS deployment.
MS04-035 (Exchange) - re-release to add Exchange 2000 SP3 support
MS05-004 (ASP .Net) - Not supported by MBSA, but supported by EST
MS05-005 (Word) - supported by MBSA (using ODT) for local scans only
MS05-006 (SharePoint) - STS supported by MBSA (using ODT) for local scans
only. WSS supported by EST
MS05-007 (Session Link) - 888302.
MS05-008 (Shell) - 890047.
MS05-009 (LibPNG) - WMP portion supported, Messenger variants not
supported. EST supports all aspects of LibPNG
MS05-010 (License Logging) - 885834. Also includes Windows NT 4.0 Server
and Windows NT 4.0 TSE support
MS05-011 (SMB) - 885250.
MS05-012 (OLE) - 873333.
MS05-013 (DHTML) - 891781.
MS05-014 (IE) - 867282.
MS05-015 (HLINK) - 888113.
There are a number of technical issues with today's release that may be
LibPNG and WMP / Messenger Support
The LibPNG vulnerability spans products supported by MBSA (WMP9) and
products not supported by MBSA (Windows and MSN Messenger). Usually,
unsupported products would not generate a warning in MBSA (no 'less than'
warning, no note message - nothing. See KB306460 for details). Since this
could mislead customers with the WMP patch applied to believe they are
patched for all known vulnerabilities (since no message would appear for
vulnerable Messenger versions), the 'Windows OS' security check will report
a Note Message for all potentially affected platforms (i.e., any platform
where an affected version of Messenger could be installed). This is
expected behavior. This Note Message will appear regardless of whether an
affected version of Messenger is installed as a precaution to alert
customers to manually check the applicability of their systems for the
Messenger-based versions of this fix. The Enterprise Scan Tool (EST) can be
used as a single tool to scan for LibPNG vulnerabilities that MBSA cannot
detect.
MS04-044 fix
The December 2004 MSSECURE file included unnecessary detection for the
optional KDCSVC.DLL file. This caused the MS04-044 patch to never indicate
it was fully installed for MBSA users and could cause SMS to potentially
re-deploy the package. This issue has been fixed with today's release
MS04-037 no longer replaces (supersedes) MS04-024
In addition to correctly removing the supersedence between MS04-024 and
MS04-037, previously-released MSSECURE files lacked detection for a critical
Security Zone setting detailed in the MS04-024 bulletin.
Internet Explorer 6.0 SP1 no longer supported on NT 4.0
Although MBSA will scan for all Internet Explorer issues detailed in
MS05-014, it will not distiguish between Internet Explorer 6.0 SP1 installed
on a supported Windows operating system and when it is installed on Windows
NT 4.0 platforms that are no longer in support.
More information can be found in the MS05-014 bulletin under the section
titled, "Extended security update support for Microsoft Windows NT 4.0
Workstation Service Pack 6a and Windows 2000 Service Pack 2 ended on June
30, 2004. Extended security update support for Microsoft Windows NT 4.0
Server Service Pack 6a ended on December 31, 2004." You may also refer to
the Microsoft Supported Service Packs page at
http://support.microsoft.com/gp/lifesupsps
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://www.microsoft.com/downloads/details.aspx?FamilyId=84B16991-032F-4FF1-8144-57C867FFABFF&displaylang=en
--
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Doug Neal [MSFT]
2005-02-08 22:35:10 UTC
Permalink
Greg - thanks for writing to us so quickly to report this issue.

MBSA will not report that you have Internet Explorer 6.0 SP2 in your machine
because there is actually a specific, customized version of Internet
Explorer 6.0 for Windows XP SP2 and another for Windows Server 2003 that is
not available as a separate download. For this reason, there is actually no
'IE 6.0 SP2' per se, but actually an 'Internet Explorer 6.0 for Windows
Server 2003' and 'Internet Explorer 6.0 for Windows XP SP2.' If you look at
the TechNet Bulletin Search, it calls out these versions under the 'Product
/ Technology' drop-down list. In MBSA results, your Internet Explorer
bulletins will be found under the OS-based heading in command-line (HF) mode
or under the 'Windows Security Updates' section in the graphical interface
(GUI).

As for Media Player, MBSA supports Windows Media Player 6.4, 7, 8 and 9 -
but not Windows Media Player 10 (see KB306460 for details). There are
currently no vulnerabilities against WMP10, but even if there were - MBSA
would not be able to provide a patch detection result since it is an
unsupported product.

I hope that helps...
--
Doug Neal [MSFT]
***@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
Security Analyzer (MBSA) at the following link:
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by Greg
Doug,
There appears to be a problem with the new XML file and Windows XP SP2
machines.
I scanned my machine using the command line utility and it reported all
the correct items as missing, but it did not tell me that I had Internet
Explorer SP2 installed or that I had Windows Media Player 10 installed.
All the missing items were shown under the OS category.
I checked some W2K machines and XP SP1 machines and both the IE and MP
categories were listed.
Not a huge problem by any means, I just though you might like to know.
Greg
Post by Doug Neal [MSFT]
MSSECURE.XML Data Version 2005.02.08.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February 8, 2004, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 12 new bulletins and 1 re-release - 10
of which are fully supported for MBSA detection and SMS deployment.
MS04-035 (Exchange) - re-release to add Exchange 2000 SP3 support
MS05-004 (ASP .Net) - Not supported by MBSA, but supported by EST
MS05-005 (Word) - supported by MBSA (using ODT) for local scans only
MS05-006 (SharePoint) - STS supported by MBSA (using ODT) for local scans
only. WSS supported by EST
MS05-007 (Session Link) - 888302.
MS05-008 (Shell) - 890047.
MS05-009 (LibPNG) - WMP portion supported, Messenger variants not
supported. EST supports all aspects of LibPNG
MS05-010 (License Logging) - 885834. Also includes Windows NT 4.0 Server
and Windows NT 4.0 TSE support
MS05-011 (SMB) - 885250.
MS05-012 (OLE) - 873333.
MS05-013 (DHTML) - 891781.
MS05-014 (IE) - 867282.
MS05-015 (HLINK) - 888113.
There are a number of technical issues with today's release that may be
LibPNG and WMP / Messenger Support
The LibPNG vulnerability spans products supported by MBSA (WMP9) and
products not supported by MBSA (Windows and MSN Messenger). Usually,
unsupported products would not generate a warning in MBSA (no 'less than'
warning, no note message - nothing. See KB306460 for details). Since this
could mislead customers with the WMP patch applied to believe they are
patched for all known vulnerabilities (since no message would appear for
vulnerable Messenger versions), the 'Windows OS' security check will report
a Note Message for all potentially affected platforms (i.e., any platform
where an affected version of Messenger could be installed). This is
expected behavior. This Note Message will appear regardless of whether an
affected version of Messenger is installed as a precaution to alert
customers to manually check the applicability of their systems for the
Messenger-based versions of this fix. The Enterprise Scan Tool (EST) can be
used as a single tool to scan for LibPNG vulnerabilities that MBSA cannot
detect.
MS04-044 fix
The December 2004 MSSECURE file included unnecessary detection for the
optional KDCSVC.DLL file. This caused the MS04-044 patch to never indicate
it was fully installed for MBSA users and could cause SMS to potentially
re-deploy the package. This issue has been fixed with today's release
MS04-037 no longer replaces (supersedes) MS04-024
In addition to correctly removing the supersedence between MS04-024 and
MS04-037, previously-released MSSECURE files lacked detection for a critical
Security Zone setting detailed in the MS04-024 bulletin.
Internet Explorer 6.0 SP1 no longer supported on NT 4.0
Although MBSA will scan for all Internet Explorer issues detailed in
MS05-014, it will not distiguish between Internet Explorer 6.0 SP1 installed
on a supported Windows operating system and when it is installed on Windows
NT 4.0 platforms that are no longer in support.
More information can be found in the MS05-014 bulletin under the section
titled, "Extended security update support for Microsoft Windows NT 4.0
Workstation Service Pack 6a and Windows 2000 Service Pack 2 ended on June
30, 2004. Extended security update support for Microsoft Windows NT 4.0
Server Service Pack 6a ended on December 31, 2004." You may also refer to
the Microsoft Supported Service Packs page at
http://support.microsoft.com/gp/lifesupsps
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://www.microsoft.com/downloads/details.aspx?FamilyId=84B16991-032F-4FF1-8144-57C867FFABFF&displaylang=en
--
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Greg
2005-02-09 19:04:00 UTC
Permalink
Doug,

Thanks for filling in the blanks as to why my output looked like it did.

While I suppose I understand the decisions from a high level, it just gets
very frustrating to have to remember

all these special situations. I just wish it worked the same all the time.
But hey if it were easy then they

would not need people like us!!

Greg
Post by Doug Neal [MSFT]
Greg - thanks for writing to us so quickly to report this issue.
MBSA will not report that you have Internet Explorer 6.0 SP2 in your
machine because there is actually a specific, customized version of
Internet Explorer 6.0 for Windows XP SP2 and another for Windows Server
2003 that is not available as a separate download. For this reason, there
is actually no 'IE 6.0 SP2' per se, but actually an 'Internet Explorer 6.0
for Windows Server 2003' and 'Internet Explorer 6.0 for Windows XP SP2.'
If you look at the TechNet Bulletin Search, it calls out these versions
under the 'Product / Technology' drop-down list. In MBSA results, your
Internet Explorer bulletins will be found under the OS-based heading in
command-line (HF) mode or under the 'Windows Security Updates' section in
the graphical interface (GUI).
As for Media Player, MBSA supports Windows Media Player 6.4, 7, 8 and 9 -
but not Windows Media Player 10 (see KB306460 for details). There are
currently no vulnerabilities against WMP10, but even if there were - MBSA
would not be able to provide a patch detection result since it is an
unsupported product.
I hope that helps...
--
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by Greg
Doug,
There appears to be a problem with the new XML file and Windows XP SP2
machines.
I scanned my machine using the command line utility and it reported all
the correct items as missing, but it did not tell me that I had Internet
Explorer SP2 installed or that I had Windows Media Player 10 installed.
All the missing items were shown under the OS category.
I checked some W2K machines and XP SP1 machines and both the IE and MP
categories were listed.
Not a huge problem by any means, I just though you might like to know.
Greg
Post by Doug Neal [MSFT]
MSSECURE.XML Data Version 2005.02.08.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February 8, 2004, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 12 new bulletins and 1 re-release - 10
of which are fully supported for MBSA detection and SMS deployment.
MS04-035 (Exchange) - re-release to add Exchange 2000 SP3 support
MS05-004 (ASP .Net) - Not supported by MBSA, but supported by EST
MS05-005 (Word) - supported by MBSA (using ODT) for local scans only
MS05-006 (SharePoint) - STS supported by MBSA (using ODT) for local scans
only. WSS supported by EST
MS05-007 (Session Link) - 888302.
MS05-008 (Shell) - 890047.
MS05-009 (LibPNG) - WMP portion supported, Messenger variants not
supported. EST supports all aspects of LibPNG
MS05-010 (License Logging) - 885834. Also includes Windows NT 4.0 Server
and Windows NT 4.0 TSE support
MS05-011 (SMB) - 885250.
MS05-012 (OLE) - 873333.
MS05-013 (DHTML) - 891781.
MS05-014 (IE) - 867282.
MS05-015 (HLINK) - 888113.
There are a number of technical issues with today's release that may be
LibPNG and WMP / Messenger Support
The LibPNG vulnerability spans products supported by MBSA (WMP9) and
products not supported by MBSA (Windows and MSN Messenger). Usually,
unsupported products would not generate a warning in MBSA (no 'less than'
warning, no note message - nothing. See KB306460 for details). Since this
could mislead customers with the WMP patch applied to believe they are
patched for all known vulnerabilities (since no message would appear for
vulnerable Messenger versions), the 'Windows OS' security check will report
a Note Message for all potentially affected platforms (i.e., any platform
where an affected version of Messenger could be installed). This is
expected behavior. This Note Message will appear regardless of whether an
affected version of Messenger is installed as a precaution to alert
customers to manually check the applicability of their systems for the
Messenger-based versions of this fix. The Enterprise Scan Tool (EST) can be
used as a single tool to scan for LibPNG vulnerabilities that MBSA cannot
detect.
MS04-044 fix
The December 2004 MSSECURE file included unnecessary detection for the
optional KDCSVC.DLL file. This caused the MS04-044 patch to never indicate
it was fully installed for MBSA users and could cause SMS to potentially
re-deploy the package. This issue has been fixed with today's release
MS04-037 no longer replaces (supersedes) MS04-024
In addition to correctly removing the supersedence between MS04-024 and
MS04-037, previously-released MSSECURE files lacked detection for a critical
Security Zone setting detailed in the MS04-024 bulletin.
Internet Explorer 6.0 SP1 no longer supported on NT 4.0
Although MBSA will scan for all Internet Explorer issues detailed in
MS05-014, it will not distiguish between Internet Explorer 6.0 SP1 installed
on a supported Windows operating system and when it is installed on Windows
NT 4.0 platforms that are no longer in support.
More information can be found in the MS05-014 bulletin under the section
titled, "Extended security update support for Microsoft Windows NT 4.0
Workstation Service Pack 6a and Windows 2000 Service Pack 2 ended on June
30, 2004. Extended security update support for Microsoft Windows NT 4.0
Server Service Pack 6a ended on December 31, 2004." You may also refer to
the Microsoft Supported Service Packs page at
http://support.microsoft.com/gp/lifesupsps
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://www.microsoft.com/downloads/details.aspx?FamilyId=84B16991-032F-4FF1-8144-57C867FFABFF&displaylang=en
--
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Loading...