• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
tommyp

Windows Updates

776 posts in this topic

6 new updates today on WU. kb923561, kb961373, kb956572, kb952004, kb960803, kb959426

0

Share this post


Link to post
Share on other sites

No issues here after integrating on Windows XP SP3 :thumbup

Add April 2009 security updates:
KB961373 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (supersedes KB951698)
KB963027 - Cumulative Security Update for Internet Explorer (supersedes KB963027)
KB960803 - Vulnerabilities in Windows HTTP services could allow remote code execution
KB956572 - Vulnerabilities in Windows Could Allow Elevation of Privilege (supersedes KB960419,KB960496)
KB952004 - Vulnerabilities in Windows Could Allow Elevation of Privilege
KB959426 - Blended threat vulnerability in SearchPath could allow elevation of privilege
KB890830 - Microsoft Windows Malicious Software Removal Tool

0

Share this post


Link to post
Share on other sites

Ah, patch week....:)

Acheron, minor thing, but I think you have a might have a couple of typos in your april changelog list...

Shouldn't the list go like this?

Add April 2009 security updates:

KB961373 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (supersedes KB951698)

KB963027 - Cumulative Security Update for Internet Explorer (supersedes
KB963027
KB961620
)

KB960803 - Vulnerabilities in Windows HTTP services could allow remote code execution

KB956572 - Vulnerabilities in Windows Could Allow Elevation of Privilege (supersedes
KB960419,KB960496
KB956841
)

KB952004 - Vulnerabilities in Windows Could Allow Elevation of Privilege

KB959426 - Blended threat vulnerability in SearchPath could allow elevation of privilege
(supercedes KB935839)

KB923561 - Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution

KB890830 - Microsoft Windows Malicious Software Removal Tool v2.9 (supercedes v2.8)

(great - the one person who's responded to my other post regarding the gpl and hfslip (my first post), and my second one is to turn around and try correct something they've done. Oh yeah, I'm winning the 'most popular on this forum' award for sure...<grin>)

0

Share this post


Link to post
Share on other sites

There seems to be a problem with Windows 2000 and the new DX9 hotfix (KB961373): hfslip 1.7.9_beta_h doesn't seem to recognize it as DX-specific while slipstreaming, i.e. unlike KB951698-v2 it will be extracted like a normal hotfix, and is also offered on Microsoft Update afterwards. The rest of this week's patchday seems to work fine though.

My config:

Win2k Pro German

IE6 SP1 + WMP 6.4

DX9c original release

MDAC 2.81 SP1

MSXML 4.0 SP2 + 6.0 SP2

Edited by Brimborium
0

Share this post


Link to post
Share on other sites

@Saladin

Corrections look good to me, except

KB963027 - Cumulative Security Update for Internet Explorer (supersedes KB963027 KB961620)
applies to IE 7 only. For IE 6 users (and on Windows 2000) supersedes KB958215 & KB960714.

@Brimborium

MSXML 4.0 SP2 + 6.0 SP2
MSXML 4.0 SP2 has been superseded by SP3.

.

0

Share this post


Link to post
Share on other sites
.... This thread is not intended as a game to who posts first on what replaces what on patch Tuesdays. If one needs to get information as early as possible on patch availability visit this site.

Sorry real life got in the way and was not able to touch my PC until today. Does someone else want to maintain the lists?

0

Share this post


Link to post
Share on other sites

Thanks for the new beta version to fix the DX9 issue, tommyp. KB961373 integrates without problems now, and the same goes for MSXML 4.0 SP3 (thanks James_A for the hint) if you replace msxml4-KB954430 with msxml.msi in the HF folder.

However, there is a small cosmetic glitch: HFSLIP.log and control panel still show 1.7.9_beta_h instead of i.

Edited by Brimborium
0

Share this post


Link to post
Share on other sites

Brimborium - Glad it worked out for you. The newest beta rev j is posted which fixes that revision issue. Thanks for the constructive criticism!

0

Share this post


Link to post
Share on other sites
.... This thread is not intended as a game to who posts first on what replaces what on patch Tuesdays. If one needs to get information as early as possible on patch availability visit this site.

Sorry real life got in the way and was not able to touch my PC until today. Does someone else want to maintain the lists?

I could help maintaining the xp list.

0

Share this post


Link to post
Share on other sites

On the Win2k page, then this link dosen't work: (page dosen't exist anymore)

IE6.0sp1-KB963027-Windows2000-x86-ENU.exe:

http://www.microsoft.com/downloads/details...c12f9d69b03b%5C

The correct link is:

http://www.microsoft.com/downloads/details...;displaylang=en

(I'm not using IE6 myself, but discovered the issue while updating the HFSLIP folder structure for my fathers PC, and he insists on keeping IE around for bad webpages)

Edited by Martin H
0

Share this post


Link to post
Share on other sites

About last patch week and MS09-12.

Why does this bulletin contain two updates for each affected operating system?

This bulletin contains two updates, identified by KB number, for all affected operating systems. Customers of Microsoft Windows 2000 only need to apply update package KB952004. Customers running other affected operating systems need to apply security update packages KB952004 and KB956572 for each operating system as applies in their environment.

The two updates are necessary for most affected operating systems because the modifications that are required to address the vulnerabilities are located in separate components. KB952004 addresses the publicly known issue in the MSDTC transaction facility. KB956572 provides the architectural changes needed to ensure proper service isolation across other services on Windows platforms.

So, XP hotfixes list needs to be updated:

+ KB956572

- KB956841 - MS08-064 (replaced by KB956572)

And, download link for WindowsXP-KB905474-ENU-x86-Standalone.exe has gone. Probably, file moved somewhere.

0

Share this post


Link to post
Share on other sites

Hi Tom :)

Two small things about your Win2k list:

Listed twice: Windows-KB909520-v1.000-x86-ENU.exe

Wrong description: Windows2000-KB967715-x86-ENU.EXE; it's marked as junk and described as "Autorun disable...", but by reading the KB article through, then it states that the update dosen't disable autorun, and i'm not sure that it's really "Junk":

"The updates that this article describes fix a problem with the disable Autorun feature. Without these updates, Autorun for a network drive cannot be disabled"

And:

Does this update change my current Autorun settings?

No. The update does not change the current Autorun settings on your system. Instead, the update lets users correctly enforce Autorun settings.

0

Share this post


Link to post
Share on other sites

I've just read Martin's post about KB967715 and I think that the same argument applies to the XP version of the hotfix. However, an additional reason for not describing the XP update as junk is as follows :-

KB967715 updates shell32.dll to version 6.0.2900.5622 and since hfslip uses the QFE version of this update it would effectively include the fix from KB949860 (shell32.dll version 6.0.2900.5555). KB949860 cures the longstanding windows explorer update bug which is most often seen if you use 'run as' to run Windows Exporer as admin for the purposes of carrying out maintenance. Without this hotfix automatic refresh would normally be impaired so that files/folders don't appear or disappear when moving/copying/deleting etc. Dialog boxes relying on the explorer shell which are called from within programs run under different user credentials are also affected.

I'm not sure if 2k was affected by this bug because KB949860 only applied to XP.

Edited by Muppet Hunter
0

Share this post


Link to post
Share on other sites

in the xp updates list, IE8 KB968220 (compatibility update) should be replaced with KB969497

I also think windows media 11 kb929399 should be removed, I ahve never installed it and WU has never asked for it. I think it's optional/not needed/non-critical.

Edited by jvidal
0

Share this post


Link to post
Share on other sites

Can someone else verify KB929399? This is one of those fixes that go on and off the list. Besides, it's a bugfix that will typically not get reported as a critical update.

0

Share this post


Link to post
Share on other sites
Can someone else verify KB929399? This is one of those fixes that go on and off the list. Besides, it's a bugfix that will typically not get reported as a critical update.

If I remove windowsmedia11-kb929399-v2-x86-intl.exe from HFSVCPACK_SW1 folder, Windows Update will prompt for download after boot to desktop. (tested in VM only).

0

Share this post


Link to post
Share on other sites

now, that's weird, I have NEVER included it and WU has NEVER asked for it.

BTW, it should go in HF, not HFSVCPACK_SW1.

Edited by jvidal
0

Share this post


Link to post
Share on other sites
now, that's weird, I have NEVER included it and WU has NEVER asked for it.

BTW, it should go in HF, not HFSVCPACK_SW1.

If WU never ask for update, then check file version for msscp.dll (located in system32).

For my case,

If I did not include windowsmedia11-kb929399-v2-x86-intl.exe, the file version is 11.0.5721.5145

If I include windowsmedia11-kb929399-v2-x86-intl.exe, the file version is 11.0.5721.5201

BTW, all my WMP11 hotfix is located in HFSVCPACK_SW1. (As long as it takes /quiet /norestart switch, I put it there)

I'm using hfslip-1.7.9_beta_k.cmd, with WMP11 slipstream method as per HFslip webpage. On XP Pro. WU has no complain about missing WMP11 hotfix so far.

Edit==>: I did another test, with windowsmedia11-kb929399-v2-x86-intl.exe in HF folder. Also works. (file version is 11.0.5721.5201 ). Hence either HF or HFSVCPACK_SW1 also works.

Edited by Geej
0

Share this post


Link to post
Share on other sites

@ Geej

What IE are you slipstreaming? What kind of XP do you have, volume license or retail/oem? Do you get any errors in setuperr.log?

0

Share this post


Link to post
Share on other sites
BTW, all my WMP11 hotfix is located in HFSVCPACK_SW1. (As long as it takes /quiet /norestart switch, I put it there)
You do now that the HFSVCPACK_SW1 folder is for unsupported Type-1 updates, right?
Edit==>: I did another test, with windowsmedia11-kb929399-v2-x86-intl.exe in HF folder. Also works. (file version is 11.0.5721.5201 ). Hence either HF or HFSVCPACK_SW1 also works.

All WMP11 updates on the update-list is listed to go in HF, so no surprice there ;)

PS: Please don't take this as me being a smartass, or something, because i assure you that this isn't my intention!

0

Share this post


Link to post
Share on other sites

I've got v5145 of msscp.dll, but still WU/MU doesn't ask for kb929399, neither via automatic updates, nor via mu page.

weird.

I guess this patch is not critical.

Or, maybe it's a locale problem, my windows is in spanish.

Oh, and BTW I see IE8 kb968220 hasn't been replaced with the newer kb969497 yet. It replaces it.

Edited by jvidal
0

Share this post


Link to post
Share on other sites

I've just sent an update to FDV for the IE compatibailty update. The 929399 update has always been listed as a bugfix, which is neither critical nor optional. SOME systems require it, some don't. It's up to the user of the HF lists to decide what they want to slipstream. WMP is a buggy software to begin with, I don't see the point of using it when there are far better programs out there. Anyway, let's not get too wrapped around the axle with a bugfix, the intent of the HF lists (and this thread) is for critical updates that I have missed.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.