883 replies to this topic

[Peter]

sh1leshk4, on Dec 29 2007, 10:11 AM, said:

KB893357 has been replaced with KB917021, which current AP scripts already have.

Oops!

I think a previous version of 917021 only dealt with GPO changes and didn't include the line "This update replaces hotfix 893357"? And I see also that the filename for 893357 is WindowsXP-KB893357-v2-x86-ENU.exe while the filename for 917021 is WindowsXP-KB917021-v3-x86-ENU.exe. Maybe they rolled the two fixes into this "v3" version of 917021?

Anyway, sorry 'bout the confusion...

[Cristiano]

Peter, are you sure that you have the latest version for ENU script? the one that i have in here is dated of Dec 22 and already has this:
Item=WindowsXP-KB917021-v3-x86-ENU.exe

DetectFile=autopatcher:\modules\NonCritical\KB917021_xp_x86_enu.apm_files\WindowsXP-KB917021-v3-x86-ENU.exe
DetectHash=f38c970044529aabd481b7518e82af50
DownloadFrom=http://download.microsoft.com/download/a/b/5/ab58a702-eaed-4997-8027-c6bb61e6b503/WindowsXP-KB917021-v3-x86-ENU.exe
DownloadTo=autopatcher:\modules\NonCritical\KB917021_xp_x86_enu.apm_files\WindowsXP-KB917021-v3-x86-ENU.exe
ExpectedSize=1301304
ExpectedHash=f38c970044529aabd481b7518e82af50

so, it's v3, not v2

[Peter]

Cristiano, on Dec 29 2007, 11:49 AM, said:

Peter, are you sure that you have the latest version for ENU script? the one that i have in here is dated of Dec 22 and already has this:
Item=WindowsXP-KB917021-v3-x86-ENU.exe
[...]
so, it's v3, not v2

Sorry for not being clear... by "previous version" I was referring to Microsoft's versioning system, not the AP scripts. The filename for the 893357 executable is WindowsXP-KB893357-v2-x86-ENU.exe while the filename for 917021 is WindowsXP-KB917021-v3-x86-ENU.exe.

The problem here is that KB917021 is basically the third version of the patch that was originally named KB893357.

[Cristiano]

Peter, 3rd version from a single kb is easy thing. take a look:
KB893803-v2
KB885626-v2
KB908531-v2
KB911280-v2
KB925398-v2
KB931678-v2
KB886716-v2
KB896626-v2
KB896626-v2
KB898900-v2
KB900485-v2
KB904412-v2
KB904942-v2
KB906569-v2
KB912817-v2
KB924941-v2
KB936357-v2
KB917021-v3
KB889527-v3
KB927891-v3
KB918005-v4
KB896256-v4
KB928595-v5
KB319740-v5
KB922120-v5
KB918997-v6
KB914440-v12

[Cristiano]

microsoft... i was having an issue regarding detection for KB907306 and i realize that the version that i have installed in my pc is KeyValue=12.0.6215.1000 . then, at my virtual machine, i've found KeyValue=12.0.4518.1019. i was thinking that someday i had installed some english version by mistake, then, i've downloaded it and installed it at my virtual machine, and i realize that english version is even older (at least, it seems to be) than the one in my own language, because this: 12.0.4518.1014

i didn't found an download link for that version that i have in my own machine, so, i'm assuming that this one may be updated when i try ms office 2007. but there's an download link to that more up to date version?

[]s

[sh1leshk4]

Yeah...I think KB907306 has been superseded by an update in the Office 2007 SP1.
Mine also shows 12.0.6215.1000 in my {90120000-0010-0409-0000-0000000FF1CE} key.

I'll try to find which update in SP1 does this but if anyone has that info already please post here.
It's not that I'm trying to fix a script or something, just curious.

[Cristiano]

sh1leshk4, i've found the install source:
C:\Arquivos de programas\MSECache\Rosebud\1046\Rosebud.pt-br\

searching at google, in fact this one is an part of msoffice 2007

[sh1leshk4]

That one I already know.
In my case the directory is \Program Files\MSECache\Rosebud\1033\Rosebud.en-us\.

If you extract the RbudLR.cab file in that directory, you'll find that the file version of the DLLs still indicates 12.0.4518.1014.
In short, it's the older files.

That's why I wonder which KB that replaces KB907306...

[Cristiano]

office 2k7 sp1, maybe? ages after i remove it, WU said that i was needing that update. to my surprise, it installs fine (it was the very first time that i saw an sp allow installation without the main thing, but...)

[Cristiano]

KB890830 - updated by v1.37
KB917953 replaced by KB941644
KB943485 added

[PsiMoon314]

Hi,

There is a new WMP11 only fix available.

http://support.microsoft.com/default.aspx?...kb;en-us;944883

This is an optional fix to resolve issues when you minimise WMP 11 to the Taskbar.

I would suggest this be in the optional fixes section and not selected to install by default.

Kind Regards

Simon

[Cristiano]

PsiMoon314, this one is vista only, right?

[Pedro]

Still missing KB873374 Microsoft GDI+ Detection Tool (this is a security update)
http://www.microsoft.com/protect/computer/..._jpeg_tool.mspx

Edited by Pedro, 14 January 2008 - 10:17 PM.

[Cristiano]

Pedro, not missing. that one is not needed:
Important: Windows XP Service Pack 2 (SP2) is not affected by the GDI+ issue, and installing Windows XP SP2 eliminates the GDI+ issue in affected Microsoft developer tools and imaging software

AutoPatcher is for Windows XP post sp2. some updates for sp1 may be present, if needed in order to install sp2. this issue may be present not due an Windows Issue, but for some software. so, this one may be present for office xp update or something, but it is not needed to xp sp2

[sh1leshk4]

Then it probably should be put in the Office XP updates since SP3 is still affected by the GDI+ exploit.
Also, if there are users out there that somehow still uses IE6 SP1, this update should also be applied.

Well, Erik, another task to add to your to-do list?

[Cristiano]

sh1leshk4, if i'm not mistaken, this one is just an check tool and it doesn't fix anything. every single time that i've already run it at my job, it reported that you should update something. but you don't have that kind of warning if you do an silent update, like ap does. so, the user thinks that the issue is solved and isn't. that will be fixed only if the user update the software that need that

> IE6 SP1
yes, xp sp1 and maybe win 2k users too. but still, that thing about "just report"

[sh1leshk4]

Now that you mention it...

Quote

As part of the September, 2004 Microsoft Security Bulletin release process, we have created the Microsoft GDI+ Detection Tool that detects if you have any one of the Microsoft programs installed on your computer that are listed in the "Applies To" section. If the tool detects these programs, you will be redirected to a Web page that contains the latest security information and security bulletins.

...seems like I missed that bit from the KB info. =b

And that'd be why KB873374 won't be included in AP, Pedro.
It fixes nothing.

[Pedro]

It fixes nothing but it detects potential problems. It works as a detector. That is why it is a security update. But if you are definitely not including it, I can download it separately.

[sh1leshk4]

What it detects isn't the security exploit itself.
Rather it only shows which application(s) that might have the GDI+ exploit without checking whether said app is already patched or not.
Even if you have applied the latest updates to the apps that's listed as having a GDI+ exploit, it will still tell you that you have to go to the link you've posted a few posts before.

I just ran it and it still shows I need to go there even though I only have Office 2007 installed and my WinXP is already SP2.
It might've detected a previous installation of Office 2003 (which I've uninstalled), or the .NET Framework 1.1 in which I've installed all the latest updates for it.

The detector can't tell if an application have been updated or not.
But of course, you can just download it yourself like I did just now to test it a bit.

Edited by sh1leshk4, 15 January 2008 - 05:51 PM.

[Cristiano]

Pedro, with ap, it doesn't work even also a detector, unless that you remove that /silent or /quiet that all updates have and change it to /passive or something like (but just after that kb be installed, you will be redirected to something to fix that issue and ap may be on hold until you finish that)

> The detector can't tell if an application have been updated or not
that's right. even also a detector, this kb doesn't work, since you may very well have fixed the issue and this kb doesn't know nothing about