Re: << Internet Explorer "kill bit" on Windows Update>>
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/03/04
- Next message: Frank McCallister: "Re: Exchange set up newbie"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WHY???? Does no one respond to my questionsss?? :-)"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: << Internet Explorer "kill bit" on Windows Update>>"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 02 Jul 2004 17:15:51 -0700
Shavlik Technologies has released updated XML files for Shavlik HFNetChkPro.
XML data version = 1.1.2.118 Last modified on 7/2/2004
This update includes the following changes:
- added an additional checksum for one file in MS04-012 for Windows
Server 2003
- removed Windows 2000 Gold as an applicable product for MS00-079
- added an acceptable Windows 2000 SP4 file version for quartz.dll in
MS03-030
for DirectX 4.70 for Windows 2000
- updated file location for one file in MS01-041 for Windows NT 4.0
---------
Additionally,
- Support for automated download and deployment of Italian language
patches is
now available. Go to Tools-Options-Language Options to choose
default settings
to view Italian language patches.
Lastly:
Instructions for scanning and deploying the recently announced
ADODB.stream patch 877069
Microsoft has released a critical update to protect systems against a
recent Internet
threat. Adodb.stream provides a method for reading and writing files on
a hard
drive. This by-design functionality is sometimes used by web
applications. However,
when combined with known security vulnerabilities in Microsoft Internet
Explorer,
it could allow an internet web site to execute script from the Local
Machine Zone
(LMZ). This occurs because the ADODB.Stream object allows access to the
hard drive
when hosted within Internet Explorer.
Because this patch was not released as part of a security bulletin, this
patch is
not included as part of the default Shavlik HFNetChkPro assessment XML
file.
However, Shavlik has created an optional XML file that will specifically
scan for
and deploy this patch. To enable support for this patch download
https://xml.shavlik.com/optional.zip and expand this package to a
well-known
location on your Shavlik HFNetChkPro console. Next, create a scan
template that
points to the enclosed optional.xml file. Scans performed with this
template will
provide assessment results and deployment capabilities for this specific
issue.
Please note: you must be running Shavlik HFNetChkPro version 4.3 or
later to use
this optional XML file.
For more information on this patch, including known issues and caveats,
please
see Microsoft Knowledge Base article 870669.
- The Shavlik XML Team
---
You are currently subscribed to shavlik-xml as: sbradcpa@pacbell.net. To
unsubscribe send a blank email to
leave-shavlik-xml-220135N@listserv.shavlik.com
---
Please do not respond to this email as it was sent from an unmonitored
account.
---
If you need to contact the owner of this list, please send an email to
owner-shavlik-xml@listserv.shavlik.com.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> May or may not... they are still testing over there. I'd be patient a
> little longer.
>
> Trevor OE News wrote:
>
>> Thanks Susan.
>>
>> FYI... Shavlik is not pushing this patch, and they won't be in their
>> default template. Make sure you manually make the patch from windows
>> update or GPO.
>>
>> -Trevor
>>
>> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
>> <sbradcpa@pacbell.net> wrote in message
>> news:%23awmhFHYEHA.2672@TK2MSFTNGP09.phx.gbl...
>>
>>> On Friday, July 2, 2004, Microsoft is releasing a configuration change
>>> for Windows XP, Windows 2000, and Windows Server 2003, to address recent
>>> malicious attacks against Internet Explorer, also know as
>>> Download.Ject. More information is available at
>>> www.microsoft.com/presspass/press/2004/jul04/07-02configchange.asp
>>> <http://www.microsoft.com/presspass/press/2004/jul04/07-02configchange.asp>
>>>
>>>
>>> Microsoft has released a configuration change that addresses the recent
>>> malicious attack against Internet Explorer known as Download.Ject.
>>>
>>> In addition, Microsoft has released a Knowledge Base article, 870669,
>>> that provides information that administrators can use to implement this
>>> change manually in their environment and to deploy the change across
>>> their networks. This Knowledge Base article is available here:
>>>
>>> http://support.microsoft.com/default.aspx?kbid=870669
>>>
>>> Customers are advised to review the information in the Knowledge Base
>>> article, test and deploy the change immediately in their environments,
>>> if applicable.
>>>
>>> If you have any questions regarding the security updates or its
>>> implementation after reading the above listed bulletin you should
>>> contact Product Support Services in the United States at 1-866-PCSafety
>>> (1-866-727-2338). International customers should contact their local
>>> subsidiary.
>>>
>>> Thank you,
>>> Microsoft PSS Security Team
>>> --
>>> http://www.sbslinks.com/really.htm
>>>
>>
>>
>>
>
-- http://www.sbslinks.com/really.htm
- Next message: Frank McCallister: "Re: Exchange set up newbie"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WHY???? Does no one respond to my questionsss?? :-)"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: << Internet Explorer "kill bit" on Windows Update>>"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
