Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits

Posted in Microsoft .NET Framework, Microsoft Exchange Server, Microsoft SQL Server | No Comments »

Article ID: 960715 – Last Review: February 10, 2009 – Revision: 1.0

Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits

View products that this article applies to.

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/960715.mspx (http://www.microsoft.com/technet/security/advisory/960715.mspx)
Back to the top

MORE INFORMATION

Download packages

The following files are available for download from the Microsoft Download Center:

Windows Server 2008 for 32-bit versions

Collapse this imageExpand this image
Download

Download the Windows Server 2008 32-bit package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=2b682903-e759-42f3-9c2c-d3073a8558c9)

Windows Server 2008 for 64-bit versions

Collapse this imageExpand this image
Download

Download the Windows Server 2008 x64 package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=e455dca5-b3fd-4845-9737-644325512ef6)

Windows Server 2008 for Itanium-based systems

Collapse this imageExpand this image
Download

Download the Windows Server 2008 Itanium package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=3306faec-aac7-414e-b33b-bff5eb9d95b8)

Windows Vista and Windows Vista Service Pack 1

Collapse this imageExpand this image
Download

Download the Windows Vista package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=437defa2-2d07-4718-a4e1-87f96dc73d44)

Windows Vista and Windows Vista Service Pack 1, 64-bit versions

Collapse this imageExpand this image
Download

Download the Windows Vista x64 Edition package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=8b4c63ae-726f-43ea-adfa-7c3a276a8f1b)

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2

Collapse this imageExpand this image
Download

Download the Windows Server 2003 package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=c5cb3b6b-ac54-4101-ae00-4fc443e927a8)

Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions

Collapse this imageExpand this image
Download

Download the Windows Server 2003 x64 Edition package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=b674ec69-373c-4b6c-ba8f-628906103650)

Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems

Collapse this imageExpand this image
Download

Download the Windows Server 2003 Itanium-based package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=d80cdf22-6550-4e91-b3d4-e331784ae5ba)

Windows XP Service Pack 2 and Service Pack 3

Collapse this imageExpand this image
Download

Download the Windows XP package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=18521f44-2861-4a3d-9605-3a9155a737a7)

Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions

Collapse this imageExpand this image
Download

Download the Windows XP Professional x64 Edition package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=ce780122-bf8f-4827-acb0-2223f63e3f56)

Microsoft Windows 2000 with Service Pack 4

Collapse this imageExpand this image
Download

Download the Windows 2000 package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=e31e223b-4352-4d54-9c51-e1c9f8afc6a9)

Release Date: February 10, 2009

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591  (/Feedback.aspx?kbNumber=119591/ ) How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Back to the top

Security Update Deployment

Back to the top

Windows 2000 (all versions)

Reference table

The following table contains the security update information for this software. You can find more information in the Deployment information section.

Collapse this tableExpand this table
Inclusion in future service packs The update for this issue may be included in a future update rollup
Deployment
Installing without requiring user intervention Windows 2000 with Service Pack 4:
Windows2000-KB960715-x86-ENU/quiet
Installing without restarting Windows 2000 with Service Pack 4:
Windows2000-KB960715-x86-ENU/norestart
Update log file Windows 2000 with Service Pack 4:
KB960715.log
More information See the Detection and Deployment Tools and Guidance section.
Restart requirement
Restart required? In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.
Hotpatching Not applicable
Removal Information Windows 2000 with Service Pack 4:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir% $NTUninstallKB960715$ Spuninst folder
Registry subkey verification Windows 2000 with Service Pack 4:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Updates Windows 2000 SP5 KB960715 Filelist

Deployment information

Installing the update

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684  (/Feedback.aspx?kbNumber=824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

This security update supports the following setup switches.

Collapse this tableExpand this table
Supported security update installation switches
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the/quiet switch or the/passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/overwriteoem Overwrites OEM files without prompting
/nobackup Does not back up files that are needed for uninstallation
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
/extract[:path] Extracts files, and the Setup program is not started
/ER Enables extended error reporting
/verbose Enables verbose logging. During installation, creates a %Windir% CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses.For more information about the installation switches that are supported, click the following article number to view the article in the Microsoft Knowledge Base:

262841  (/Feedback.aspx?kbNumber=262841/ ) Command-line switches for Windows software update packages
Removing the update

This security update supports the following setup switches.

Collapse this tableExpand this table
Supported Spuninst.exe switches
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
Verifying that the update was applied
  • Microsoft Baseline Security Analyzer

    To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the Detection and Deployment Tools and Guidance section for more information.

  • Registry subkey verification

    You may also be able to verify the files that this security update has installed by reviewing the registry subkeys that are listed in the reference table in this section.These registry subkeys may not contain a complete list of files that are installed. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.

Back to the top

Windows XP (all versions)

Reference table

The following table contains the security update information for this software. You can find more information in the Deployment information section.

Collapse this tableExpand this table
Inclusion in future service packs The update for this issue will be included in a future service pack or update rollup
Deployment
Installing without requiring user intervention Windows XP Service Pack 2 and Windows XP Service Pack 3:
Windowsxp-KB960715-x86-enu/quiet
Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:
WindowsServer2003.WindowsXP-KB960715-x64-enu/quiet
Installing without restarting Windows XP Service Pack 2 and Windows XP Service Pack 3:
Windowsxp-KB960715-x86-enu/norestart
Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:
WindowsServer2003.WindowsXP-KB960715-x64-enu/norestart
Update log file All supported versions of Windows XP and Windows XP Professional:
KB960715.log
More information See the Detection and Deployment Tools and Guidance section
Restart requirement
Restart required? In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.
Hotpatching Not applicable
Removal information All supported versions of Windows XP and Windows XP Professional:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir% $NTUninstallKB960715$ Spuninst folder
Registry subkey verification Windows XP Service Pack 2 and Windows XP Service Pack 3:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Updates Windows XP SP4 KB960715 Filelist
Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Updates Windows XP Version 2003 SP3 KB960715 Filelist

Note The security update for supported versions of Windows XP Professional x64 Edition is the same as the security update for supported versions of Windows Server 2003 x64 Edition.

Deployment information

Installing the update

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684  (/Feedback.aspx?kbNumber=824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

This security update supports the following setup switches.

Collapse this tableExpand this table
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/overwriteoem Overwrites OEM files without prompting
/nobackup Does not back up files that are needed for uninstallation
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
/integrate:path Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch.
/extract[:path] Extracts files, and the Setup program is not started
/ER Enables extended error reporting
/verbose Enables verbose logging. During installation, creates a %Windir% CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.

Note You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:

262841  (/Feedback.aspx?kbNumber=262841/ ) Command-line switches for Windows software update packages
Removing the update

This security update supports the following setup switches.

Collapse this tableExpand this table
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
Verifying that the update was applied
  • Microsoft Baseline Security Analyzer

    To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the Detection and Deployment Tools and Guidance section for more information.

  • Registry subkey verification

    You may also be able to verify the files that this security update has installed by reviewing the registry subkeys listed in the reference table in this section.These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.

Back to the top

Windows Server 2003 (all versions)

Reference table

The following table contains the security update information for this software. You can find more information in the Deployment information section.

Collapse this tableExpand this table
Inclusion in future service packs The update for this issue will be included in a future service pack or update rollup
Deployment
Installing with requiring user intervention Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
Windowsserver2003-KB960715-x86-enu /quiet
Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions:
WindowsServer2003.WindowsXP-KB960715-x64-enu /quiet
Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems:
Windowsserver2003-KB960715-ia64-enu /quiet
Installing without restarting Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
Windowsserver2003-KB960715-x86-enu /norestart
Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions:
WindowsServer2003.WindowsXP-KB960715-x64-enu /norestart
Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems:
Windowsserver2003-KB960715-ia64-enu /norestart
Update log file All supported Windows Server 2003 x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:
KB960715.log
More information See the Detection and Deployment Tools and Guidance section
Restart requirement
Restart required? In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.
Hotpatching This security update does not support HotPatching. For more information about HotPatching, see Microsoft Knowledge Base Article 897341.
Removal information All supported x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the Spuninst.exe utility that is located in the %Windir% $NTUninstallKB960715$ Spuninst folder
Registry subkey verification All supported versions of Windows Server 2003:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Updates Windows Server 2003 SP3 KB960715 Filelist

Deployment information

Installing the Update

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684  (/Feedback.aspx?kbNumber=824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

This security update supports the following setup switches.

Collapse this tableExpand this table
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/overwriteoem Overwrites OEM files without prompting
/nobackup Does not back up files that are needed for uninstallation
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
/integrate:path Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch.
/extract[:path] Extracts files, and the Setup program is not started
/ER Enables extended error reporting
/verbose Enables verbose logging. During installation, creates a %Windir% CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.

Note You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:

262841  (/Feedback.aspx?kbNumber=262841/ ) Command-line switches for Windows software update packages
Removing the update

This security update supports the following setup switches.

Collapse this tableExpand this table
Switch Description
/help Displays the command-line options
Setup modes
/passive Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.
/quiet Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.
Restart options
/norestart Does not restart the computer when the installation has completed
/forcerestart Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.
/warnrestart[:x] Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.
/promptrestart Displays a dialog box that prompts the local user to allow for a restart
Special options
/forceappsclose Forces other programs to close when the computer shuts down
/log:path Allows for the redirection of installation log files
Verifying that the update was applied
  • Microsoft Baseline Security Analyzer

    To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the Detection and Deployment Tools and Guidance section for more information.

  • Registry subkey verification

    You may also be able to verify the files that this security update has installed by reviewing the registry subkeys that are listed in the reference table in this section.These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.

Back to the top

Windows Vista (all versions)

Reference table

The following table contains the security update information for this software. You can find more information in the Deployment information section.

Collapse this tableExpand this table
Inclusion in future service packs The update for this issue will be included in a future service pack or update rollup
Deployment
Installing without requiring user intervention All supported 32-bit versions of Windows Vista:
Windows6.0-KB960715-x86/quiet
All supported 64-bit versions of Windows Vista:
Windows6.0-KB960715-x64/quiet
Installing without restarting All supported 32-bit versions of Windows Vista:
Windows6.0-KB960715-x86/quiet/norestart
All supported 64-bit versions of Windows Vista:
Windows6.0-KB960715-x64/quiet/norestart
Restart requirement
Restart required? In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.
Hotpatching Not applicable.
Removal Information WUSA.exe does not support the uninstallation of updates.To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
Registry subkey verification A registry subkey does not exist to validate the presence of this update.

Deployment information

Installing the Update

When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684  (/Feedback.aspx?kbNumber=824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

This security update supports the following setup switches.

Collapse this tableExpand this table
Supported security update installation switches
Switch Description
/?, /h, /help Displays help on supported switches.
/quiet Suppresses the display of status or error messages.
/norestart When this switch is combined with the /quiet switch, the system is not restarted after installation even if a restart is required to complete the installation.

For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:

934307  (/Feedback.aspx?kbNumber=934307/ ) Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista and in Windows Server 2008
Verifying that the update was applied

Microsoft Baseline Security Analyzer

To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the Detection and Deployment Tools and Guidance section for more information.

Back to the top

Windows Server 2008 (all versions)

Reference table

The following table contains the security update information for this software. You can find more information in the Deployment information section.

Collapse this tableExpand this table
Inclusion in future service packs The update for this issue will be included in a future service pack or update rollup
Deployment
Installing without requiring user intervention All supported 32-bit versions of Windows Server 2008:
Windows6.0-KB960715-x86/quiet
All supported 64-bit versions of Windows Server 2008:
Windows6.0-KB960715-x64/quiet
All supported Itanium-based versions of Windows Server 2008:
Windows6.0-KB960715-ia64/quiet
Installing without restarting All supported 32-bit versions of Windows Server 2008:
Windows6.0-KB960715-x86/quiet/norestart
All supported 64-bit versions of Windows Server 2008:
Windows6.0-KB960715-x64/quiet/norestart
All supported Itanium-based versions of Windows Server 2008:
Windows6.0-KB960715-ia64/quiet/norestart
More information See the Detection and Deployment Tools and Guidance section
Restart requirement
Restart required? In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.
Hotpatching Not applicable.
Removal Information WUSA.exe does not support the uninstallation of updates.To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
Registry subkey verification A registry subkey does not exist to validate the presence of this update.

Deployment information

Installing the Update

When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684  (/Feedback.aspx?kbNumber=824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

This security update supports the following setup switches:

Collapse this tableExpand this table
Switch Description
/?, /h, /help Displays help on supported switches.
/quiet Suppresses the display of status or error messages.
/norestart When you combine this switch with the /quiet switch, the system is not restarted after installation even if a restart is required to complete installation.

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

934307  (/Feedback.aspx?kbNumber=934307/ ) Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista and in Windows Server 2008
Verifying that the update was applied

Microsoft Baseline Security Analyzer

To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the Detection and Deployment Tools and Guidance section for more information.

Back to the top

Detection and Deployment Tools and Guidance

This section describes how to manage the software and security updates that you have to deploy to the servers, to the desktop computers, and to the mobile computers in your organization.For more information, visit the following Microsoft TechNet Update Management Center Web page:

http://technet.microsoft.com/en-us/updatemanagement/default.aspx (http://technet.microsoft.com/en-us/updatemanagement/default.aspx)

For more information about security in Microsoft products, visit the following Microsoft TechNet Security Web page:

http://technet.microsoft.com/en-us/security/default.aspx (http://technet.microsoft.com/en-us/security/default.aspx)

Security updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for security update.

Finally, security updates can be downloaded from the Microsoft Update Catalog. For more information, visit the following Microsoft Web page:

http://catalog.update.microsoft.com/v7/site/Home.aspx (http://catalog.update.microsoft.com/v7/site/Home.aspx)

The Microsoft Update Catalog provides a catalog of content that is searchable and that is available through Windows Update and through Microsoft Update. This content includes security updates, drivers, and service packs. By using a security bulletin number such as MS08-010 for your search, you can add all the applicable updates to your basket. You can also add different languages for an update to your basket, and you can download the content to any folder that you want.For more information about the Microsoft Update Catalog, visit the following Microsoft Update Catalog FAQ Web page:

http://catalog.update.microsoft.com/v7/site/faq.aspx (http://catalog.update.microsoft.com/v7/site/faq.aspx)

Detection and Deployment Guidance

Microsoft has provided detection and deployment guidance for this month’s security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update. These tools include Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), and the Extended Security Update Inventory Tool.For more information, click the following article number to view the article in the Microsoft Knowledge Base:

910723  (/Feedback.aspx?kbNumber=910723/ ) Summary list of monthly detection and deployment guidance articles

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates. The Microsoft Baseline Security Analyzer can also identify common security misconfigurations. For more information, visit the following Microsoft Baseline Security Analyzer Web page:

http://technet.microsoft.com/en-us/security/cc184924.aspx (http://technet.microsoft.com/en-us/security/cc184924.aspx)

The following table provides the MBSA detection summary for this security update:

Collapse this tableExpand this table
Software MBSA 2.1
Windows 2000 with Service Pack 4 Yes
Windows XP Service Pack 2 and Windows XP Service Pack 3 Yes
Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions Yes
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 Yes
Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions Yes
Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems Yes
Windows Vista and Windows Vista Service Pack 1 Yes
Windows Vista and Windows Vista Service Pack 1, 64-bit versions Yes
Windows Server 2008 for 32-bit systems Yes
Windows Server 2008 for 64-bit systems Yes
Windows Server 2008 for Itanium-based systems Yes

For more information about MBSA 2.1, visit the following Microsoft MBSA 2.1 Frequently Asked Questions Web page:

http://technet.microsoft.com/en-us/security/cc184922.aspx (http://technet.microsoft.com/en-us/security/cc184922.aspx)

Windows Server Update Services

By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Windows 2000 operating systems and later versions, for Microsoft Office XP and later versions, for Microsoft Exchange Server 2003, and for Microsoft SQL Server 2000 and later versions. For more information about how to deploy this security update by using Windows Server Update Services, visit the following Microsoft Windows Server Update Services Product Overview Web page:

http://technet.microsoft.com/en-us/wsus/bb466208.aspx (http://technet.microsoft.com/en-us/wsus/bb466208.aspx)

Systems Management Server

The following table provides the SMS detection and deployment summary for this security update.

Collapse this tableExpand this table
Software SMS 2.0 SMS 2003 with SUSFP SMS 2003 with ITMU SCCM 2007
Windows 2000 with Service Pack 4 Yes Yes Yes Yes
Windows XP Service Pack 2 and Windows XP Service Pack 3 Yes Yes Yes Yes
Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions No No Yes Yes
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 Yes Yes Yes Yes
Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions No No Yes Yes
Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems No No Yes Yes
Windows Vista and Windows Vista Service Pack 1 No No See the Note for Windows Vista and for Windows Server 2008 section later in this article Yes
Windows Vista and Windows Vista Service Pack 1, 64-bit versions No No See the Note for Windows Vista and for Windows Server 2008 section later in this article Yes
Windows Server 2008 for 32-bit systems No No See the Note for Windows Vista and for Windows Server 2008 section later in this article Yes
Windows Server 2008 for 64-bit systems No No See the Note for Windows Vista and for Windows Server 2008 section later in this article Yes
Windows Server 2008 for Itanium-based systems No No See the Note for Windows Vista and for Windows Server 2008 section later in this article Yes

For SMS 2.0 and for SMS 2003, the SMS SUS Feature Pack (SUSFP) that includes the Security Update Inventory Tool (SUIT) can be used by SMS to detect security updates. For more information, visit the following Microsoft Web page for Downloads for Systems Management Server 2.0:

http://technet.microsoft.com/en-us/sms/bb676799.aspx (http://technet.microsoft.com/en-us/sms/bb676799.aspx)

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services.For more information about the SMS 2003 ITMU, visit the following Microsoft Web page for SMS 2003 Inventory Tool for Microsoft Updates:

http://technet.microsoft.com/en-us/sms/bb676783.aspx (http://technet.microsoft.com/en-us/sms/bb676783.aspx)

SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.For more information, visit the following Microsoft Web pages:

System Center Configuration Manager (SCCM) 2007 uses WSUS 3.0 for detection of updates.For more information about SCCM 2007 Software Update Management, visit the following Microsoft Web page:

http://technet.microsoft.com/en-us/library/bb735860.aspx (http://technet.microsoft.com/en-us/library/bb735860.aspx)

Note for Windows Vista and for Windows Server 2008

Microsoft Systems Management Server 2003 with Service Pack 3 includes support for Windows Vista and for Windows Server 2008.For more information about SMS, visit the following Microsoft SMS Web page:

http://www.microsoft.com/smserver/default.mspx (http://www.microsoft.com/smserver/default.mspx)

For more information about detection and deployment guidance articles, click the following article number to view the article in the Microsoft Knowledge Base:

910723  (/Feedback.aspx?kbNumber=910723/ ) Summary list of monthly detection and deployment guidance articles
Back to the top

APPLIES TO
  • Microsoft Internet Explorer 5.01 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
  • Microsoft Internet Explorer 6.0 SP1, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Windows Internet Explorer 7, when used with:
    • Windows Server 2008 Datacenter without Hyper-V
    • Windows Server 2008 Enterprise without Hyper-V
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Standard without Hyper-V
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Back to the top
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB960715
Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

Related Articles or Pages

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image

Additional Articles From "Microsoft .NET Framework"

«
»