Doug Neal [MSFT]
2006-02-14 18:04:59 UTC
MBSA 2.0 detection is based directly on Microsoft Update, so all inquiries
regarding MBSA 2.0 patch detection for this month's release should by sent
to the public microsoft.public.softwareupdatesvcs newsgroup. This
announcement is specific to MBSA 1.2.1 and the underlying MSSecure.XML file
that services the MBSA 1.2.1 tool.
MSSECURE.XML Data Version 2006.02.14.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February, 14, 2006, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 7 new bulletins which are fully
supported by MBSA 1.2 for detection with the one exception for Windows Media
Player 10 which is not supported by MBA 1.2.1:
New February Bulletins
1) MS06-004 (IE Cumulative for IE 5.01 only) - 910620. This patch
affects Windows 2000 SP4 only when IE 5.01 is installed (IE 6.01 is not
affected). This bulletin supersedes MS05-054 for IE 5.01 only.
2) MS06-005 (Windows Media Player) - 911565. This patch affects
Windows Media Player 7.1 (W2K), 8.0 (WinXP SP1), 9.0 (W2K, WinXP SP1/SP2,
and W2003 RTM), and WMP 10 when installed on any platform except W2003 SP1.
Detection for WMP 7.1, 8.0 and 9.0 is provided by MBSA 1.2.1. Detection for
cases where vulnerable versions of WMP 10 are installed is provided by the
Enterprise Scan Tool (EST). Only the WMP 9 instances of this patch replace
MS05-009.
3) MS06-006 (Windows Media plug-in) - 911564. The patch affects all
supported Windows platforms and does not supersede any previous patch.
4) MS06-007 (IGMP) - 913446. This patch affects Windows XP SP1/SP2
and Windows Server 2003 RTM/SP1 and supersedes MS05-019 for all affected
platforms except Windows Server 2003 SP1
5) MS06-008 (WebClient) - 911927. This patch affects Windows XP
SP1/SP2 and Windows Server 2003 RTM/SP1 and supersedes MS05-028 in all
cases.
6) MS06-009 (Korean IME) - 901190 and 905645. This patch affects
Windows XP SP1/SP2 and Windows Server 2003 RTM/SP1 as well as instances
where Office 2003 MUI has been installed. Windows-based detection is
provided by MBSA 1.2.1. Office product detection is provided by the
integrated version of the Office Detection Tool (ODT) which supports local
scans only.
7) MS06-010 (PowerPoint 2000) - 828040. This patch affects platforms
where PowerPoint 2000 is installed. Detection is provided by the integrated
version of ODT built-into MBSA 1.2.1 and supports local scans only. This
patch does not supersede any previous patch.
----------------------------
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA 1.2, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://support.microsoft.com/default.aspx?id=894193
NOTE: Customers who have upgraded to MBSA 2.0 (or SMS ITMU) already have
full detection for all bulletins released this month without the limitations
in MBSA 1.2. There is no EST tool available for MBSA 2.0 since there is no
gap in MBSA 2.0 detection as there is for MBSA 1.2.
--
Doug Neal [MSFT]
***@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline
Security Analyzer (MBSA). Information is available at the following link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
regarding MBSA 2.0 patch detection for this month's release should by sent
to the public microsoft.public.softwareupdatesvcs newsgroup. This
announcement is specific to MBSA 1.2.1 and the underlying MSSecure.XML file
that services the MBSA 1.2.1 tool.
MSSECURE.XML Data Version 2006.02.14.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February, 14, 2006, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 7 new bulletins which are fully
supported by MBSA 1.2 for detection with the one exception for Windows Media
Player 10 which is not supported by MBA 1.2.1:
New February Bulletins
1) MS06-004 (IE Cumulative for IE 5.01 only) - 910620. This patch
affects Windows 2000 SP4 only when IE 5.01 is installed (IE 6.01 is not
affected). This bulletin supersedes MS05-054 for IE 5.01 only.
2) MS06-005 (Windows Media Player) - 911565. This patch affects
Windows Media Player 7.1 (W2K), 8.0 (WinXP SP1), 9.0 (W2K, WinXP SP1/SP2,
and W2003 RTM), and WMP 10 when installed on any platform except W2003 SP1.
Detection for WMP 7.1, 8.0 and 9.0 is provided by MBSA 1.2.1. Detection for
cases where vulnerable versions of WMP 10 are installed is provided by the
Enterprise Scan Tool (EST). Only the WMP 9 instances of this patch replace
MS05-009.
3) MS06-006 (Windows Media plug-in) - 911564. The patch affects all
supported Windows platforms and does not supersede any previous patch.
4) MS06-007 (IGMP) - 913446. This patch affects Windows XP SP1/SP2
and Windows Server 2003 RTM/SP1 and supersedes MS05-019 for all affected
platforms except Windows Server 2003 SP1
5) MS06-008 (WebClient) - 911927. This patch affects Windows XP
SP1/SP2 and Windows Server 2003 RTM/SP1 and supersedes MS05-028 in all
cases.
6) MS06-009 (Korean IME) - 901190 and 905645. This patch affects
Windows XP SP1/SP2 and Windows Server 2003 RTM/SP1 as well as instances
where Office 2003 MUI has been installed. Windows-based detection is
provided by MBSA 1.2.1. Office product detection is provided by the
integrated version of the Office Detection Tool (ODT) which supports local
scans only.
7) MS06-010 (PowerPoint 2000) - 828040. This patch affects platforms
where PowerPoint 2000 is installed. Detection is provided by the integrated
version of ODT built-into MBSA 1.2.1 and supports local scans only. This
patch does not supersede any previous patch.
----------------------------
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for complex
updates for bulletin-class issues that are not supported by MBSA 1.2, a
stand-alone tool may be provided for certain bulletins. Microsoft will
evaluate the detection and deployment complexity of each bulletin, and
provide detection support based on the specifics of each release. When a
detection tool is created for a specific bulletin, customers will be able to
script running the tool from a command line interface, and process the
results using an XML output file. Detailed documentation will be provided
with the tool to ensure customers can leverage it quickly. See the
following link for details
http://support.microsoft.com/default.aspx?id=894193
NOTE: Customers who have upgraded to MBSA 2.0 (or SMS ITMU) already have
full detection for all bulletins released this month without the limitations
in MBSA 1.2. There is no EST tool available for MBSA 2.0 since there is no
gap in MBSA 2.0 detection as there is for MBSA 1.2.
--
Doug Neal [MSFT]
***@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline
Security Analyzer (MBSA). Information is available at the following link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.