Re: Missing Windows update reported as a vulnerability by TMH and Bela
- From: "MowGreen [MVP]" <mowgreen@xxxxxxxxxxxxx>
- Date: Fri, 19 Oct 2007 13:08:53 -0700
Question is, since these updates werepublished on June 2006, how do i know if i have installed a more recent Windows update or Windows component which replace the missing updates, and are they really necessary? Is there the risk that they may deactivate or conflict with an already installed update? Why aren't they detected as priority updates to download in the Microsoft Update website?
Check the version of jscript.dll located in WINDOWS\system32
If it is at V.5.6.0.8831, then KB917344 is installed.
You can also check in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB917344\Filelist
There should be 3 subfolders under Filelist, 0,1, and 2
If the version of jscript.dll is not 5.6.0.8831, then suggest you reinstall KB917344:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D28C02BE-CAC3-4579-9B93-939FD5D3CDE6
As to the Cumulative Update for IE, it is just that, cumulative. If KB939653 is installed [the latest Cumulative update for IE] then there is no need to install KB916281.
Did you delete folders from/or have you deleted WINDOWS\$hf_mig$ ?
That *may* be why the updates are detected as not being applied by TMH and Belarc.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
Hugo_Pt wrote:
Hello. Trend Micro Housecall reported as a vulnerability in my system the missing update 'Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)'. See this screenshot: http://forum.avast.com/index.php?action=dlattach;topic=30962.0;attach=18579.
The link on Housecall report directs to the Microsoft Security Bulletin MS06-023, published in June 13, 2006. In the same Bulletin, under 'Affected components', the one that corresponds to my OS is 'Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2'. In Windows Control Panel>Add and Remove programs. I also downloaded and installed the utility 'Belarc Advisor', available in http://www.belarc.com/. It also detected the same vulnerability in my System:
«Installed Microsoft Hotfixes
...
X KB917344 on 06-08-2007 (details...) Reinstall!»
I searched through all of my Windows updates installed and didn't found KB917344. I also went to Microsoft Update Website and it doesn't detect any priority update missing in my system.
I don't know if i should install manually this update, alone or with 'Cumulative Security Update for Internet Explorer (916281)' -see Caveats in Microsoft Security Bulletin MS06-023. Question is, since these updates were published on June 2006, how do i know if i have installed a more recent Windows update or Windows component which replace the missing updates, and are they really necessary? Is there the risk that they may deactivate or conflict with an already installed update? Why aren't they detected as priority updates to download in the Microsoft Update website?
- Follow-Ups:
- Prev by Date: RE: windows modules installation has stopped working
- Next by Date: Re: Windows wont load after Windows Update Reboot
- Previous by thread: RE: windows modules installation has stopped working
- Next by thread: Re: Missing Windows update reported as a vulnerability by TMH and B.A.
- Index(es):
Relevant Pages
|
