Does anyone know if KB923980 non-installation PREVENTS further secutiry updates?

Everyone seems to be asking about this flaw in WindowsUpdate which Microsoft
doesn't seem to be able to cure: If we are all continuously getting the
error message telling so many of us that KB923980 needs continuous
re-installation. I suppose if they cant cure it, it is something we will
just have to live with. (Unless the uninstall/reinstall from file with the
RUN procedure works with the /o parameter)

Although it is admittedly recent, since I have been having this problem, I
have noticed that no other updates seem to be being installed or holes/flaws
cured: Does anyone know if the improper installation procedure for KB923980
PREVENTS further security updates?

news.microsoft.com wrote:
> Everyone seems to be asking about this flaw in WindowsUpdate which
> Microsoft doesn't seem to be able to cure: If we are all
> continuously getting the error message telling so many of us that
> KB923980 needs continuous re-installation. I suppose if they cant
> cure it, it is something we will just have to live with. (Unless
> the uninstall/reinstall from file with the RUN procedure works with
> the /o parameter)
> Although it is admittedly recent, since I have been having this
> problem, I have noticed that no other updates seem to be being
> installed or holes/flaws cured: Does anyone know if the improper
> installation procedure for KB923980 PREVENTS further security
> updates?

The classic "everyone" ploy.
Those who are having trouble with KB923980 have posted their concerns here
and in various other places.
Others - who have not had problems with this particular KB article - have
not.

To be clearer:

Microsoft Security Bulletin MS06-066
Vulnerabilities in Client Service for NetWare
Could Allow Remote Code Execution (923980)
Published: November 14, 2006

http://www.microsoft.com/technet/sec.../ms06-066.mspx

Some points to understand...
----------
- Released 9 days ago. Determining whether or not there will be a fix now
is "jumping the gun" - at least.
- Being released in the last round of patches - yeah - you haven't seen
anymore patches. You won't usually until the second Tuesday of the next
month. These things are kept on a pretty strict release schedule when ever
prudent.
- Windows XP Home Edition (with service pack 2) is *not* vulnerable.
- Only people who manually install Client Service for NetWare are likely to
be vulnerable to this issue.
- There are work-arounds listed in the web page above if you are still
concerned. However, I will say that the work-arounds are probably already
in use by the majority of home users. (Remove the Client Service for
NetWare if you do not need it and Block TCP ports 139 and 445 at the
firewall.)

My advice:
----------
- If you have not installed and do not plan on installing the Client Service
for Netware - do not install this patch.
- You may uninstall it from add/remove programs control panel.
- Turn your automatic updates to "Download and Notify" and choose not to be
notified of this patch again.
- Visit http://windowsupdate.microsoft.com/ and make sure you tell it to
hide the update.
- Continue on normally.

To answer the direct question in the subject of the post:
No.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

> The classic "everyone" ploy.
The fact that so many people are asking HERE about this indicates to me that
lots of people are having problems with this patch.

> Those who are having trouble with KB923980 have posted their concerns here
> and in various other places.
and often not receiving a response in the various NGs where they have been
posted
> Others - who have not had problems with this particular KB article - have
> not.
>
> To be clearer:
>
> Microsoft Security Bulletin MS06-066
> Vulnerabilities in Client Service for NetWare
> Could Allow Remote Code Execution (923980)
> Published: November 14, 2006
>
> http://www.microsoft.com/technet/sec.../ms06-066.mspx
>
> Some points to understand...
> ----------
> - Released 9 days ago. Determining whether or not there will be a fix now
> is "jumping the gun" - at least.
> - Being released in the last round of patches - yeah - you haven't seen
> anymore patches. You won't usually until the second Tuesday of the next
> month.
I thought that they patched needed patches in prior patches immediately?
These things are kept on a pretty strict release schedule when ever
> prudent.
> - Windows XP Home Edition (with service pack 2) is *not* vulnerable.
If so, why am I continuously getting this erroneous message? AFTER i have
followed advice and done the MANUAL install followed by the reboot?
> - Only people who manually install Client Service for NetWare are likely
> to be vulnerable to this issue.
Yes, this isnt a major worry, I had noticed this, it is just an annoyance
> - There are work-arounds listed in the web page above if you are still
> concerned. However, I will say that the work-arounds are probably already
> in use by the majority of home users. (Remove the Client Service for
> NetWare if you do not need it and Block TCP ports 139 and 445 at the
> firewall.)
>
> My advice:
> ----------
> - If you have not installed and do not plan on installing the Client
> Service for Netware - do not install this patch.
> - You may uninstall it from add/remove programs control panel.
> - Turn your automatic updates to "Download and Notify" and choose not to
> be notified of this patch again.
(I tried this and it didnt work or the process is a bit too convoluted for
me to have concluded it effectively: I still keep getting told to install
this patch)
> - Visit http://windowsupdate.microsoft.com/ and make sure you tell it to
> hide the update.
> - Continue on normally.
>
> To answer the direct question in the subject of the post:
> No.
OK Thanks!
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Well I finally got mine to install - now even shows installed with MBSA
Been back and forth since the 17th
Rename the following in windows/sys32
nwapi32.dll to nwapi32.old MS told me to try this (by itself it didnt
work)
nwprovau.dll to nwprovau.old found another thread on another site
nwwks.dll to nwwks.old Noticed it was in the KB923980 update so I renamed
it

Unistalled the KB923980 update from add/remove programs
Rebooted (required)
Installed the update from the update shield.
Rebooted (required)
Now it shows installed and working..

Beats me why MS would make this required update when few of us use nor
plan to use Netware!!!! Maybe they could check to see if netware client was
installed before requiring the update. Sure has been a pain since its
release!


"Shenan Stanley" wrote:

> news.microsoft.com wrote:
> > Everyone seems to be asking about this flaw in WindowsUpdate which
> > Microsoft doesn't seem to be able to cure: If we are all
> > continuously getting the error message telling so many of us that
> > KB923980 needs continuous re-installation. I suppose if they cant
> > cure it, it is something we will just have to live with. (Unless
> > the uninstall/reinstall from file with the RUN procedure works with
> > the /o parameter)
> > Although it is admittedly recent, since I have been having this
> > problem, I have noticed that no other updates seem to be being
> > installed or holes/flaws cured: Does anyone know if the improper
> > installation procedure for KB923980 PREVENTS further security
> > updates?
>
> The classic "everyone" ploy.
> Those who are having trouble with KB923980 have posted their concerns here
> and in various other places.
> Others - who have not had problems with this particular KB article - have
> not.
>
> To be clearer:
>
> Microsoft Security Bulletin MS06-066
> Vulnerabilities in Client Service for NetWare
> Could Allow Remote Code Execution (923980)
> Published: November 14, 2006
>
> http://www.microsoft.com/technet/sec.../ms06-066.mspx
>
> Some points to understand...
> ----------
> - Released 9 days ago. Determining whether or not there will be a fix now
> is "jumping the gun" - at least.
> - Being released in the last round of patches - yeah - you haven't seen
> anymore patches. You won't usually until the second Tuesday of the next
> month. These things are kept on a pretty strict release schedule when ever
> prudent.
> - Windows XP Home Edition (with service pack 2) is *not* vulnerable.
> - Only people who manually install Client Service for NetWare are likely to
> be vulnerable to this issue.
> - There are work-arounds listed in the web page above if you are still
> concerned. However, I will say that the work-arounds are probably already
> in use by the majority of home users. (Remove the Client Service for
> NetWare if you do not need it and Block TCP ports 139 and 445 at the
> firewall.)
>
> My advice:
> ----------
> - If you have not installed and do not plan on installing the Client Service
> for Netware - do not install this patch.
> - You may uninstall it from add/remove programs control panel.
> - Turn your automatic updates to "Download and Notify" and choose not to be
> notified of this patch again.
> - Visit http://windowsupdate.microsoft.com/ and make sure you tell it to
> hide the update.
> - Continue on normally.
>
> To answer the direct question in the subject of the post:
> No.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

"tligon" <> wrote in message
news:15BD5312-7A72-4D59-A84F-...
> Well I finally got mine to install - now even shows installed with MBSA
> Been back and forth since the 17th
> Rename the following in windows/sys32
> nwapi32.dll to nwapi32.old MS told me to try this (by itself it didnt
> work)
> nwprovau.dll to nwprovau.old found another thread on another site
> nwwks.dll to nwwks.old Noticed it was in the KB923980 update so I
> renamed
> it
>
> Unistalled the KB923980 update from add/remove programs
> Rebooted (required)
> Installed the update from the update shield.
> Rebooted (required)
> Now it shows installed and working..
>
> Beats me why MS would make this required update when few of us use nor
> plan to use Netware!!!! Maybe they could check to see if netware client
> was
> installed before requiring the update. Sure has been a pain since its
> release!
Very annoying indeed but not much more than that: I had actually followed
some MS advice about downloading the update and installing it manually and
it didn't work, - But renaming the files and trying as you suggested seems
to have done the trick!

The nw_____.dll files are components of the OS. The update is offered
when the .dll files are detected by AU/WU/MU.
Whether the NetWare Client is ever used is not relevant to the update
being offered.
MS is trying to preclude a security issue for *IF* the service is ever used.
I know I never will use it and have declined/hidden the update.
YMMV

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============


tligon wrote:

> Well I finally got mine to install - now even shows installed with MBSA
> Been back and forth since the 17th
> Rename the following in windows/sys32
> nwapi32.dll to nwapi32.old MS told me to try this (by itself it didnt
> work)
> nwprovau.dll to nwprovau.old found another thread on another site
> nwwks.dll to nwwks.old Noticed it was in the KB923980 update so I renamed
> it
>
> Unistalled the KB923980 update from add/remove programs
> Rebooted (required)
> Installed the update from the update shield.
> Rebooted (required)
> Now it shows installed and working..
>
> Beats me why MS would make this required update when few of us use nor
> plan to use Netware!!!! Maybe they could check to see if netware client was
> installed before requiring the update. Sure has been a pain since its
> release!
>
>
> "Shenan Stanley" wrote:
>
>
>>news.microsoft.com wrote:
>>
>>>Everyone seems to be asking about this flaw in WindowsUpdate which
>>>Microsoft doesn't seem to be able to cure: If we are all
>>>continuously getting the error message telling so many of us that
>>>KB923980 needs continuous re-installation. I suppose if they cant
>>>cure it, it is something we will just have to live with. (Unless
>>>the uninstall/reinstall from file with the RUN procedure works with
>>>the /o parameter)
>>>Although it is admittedly recent, since I have been having this
>>>problem, I have noticed that no other updates seem to be being
>>>installed or holes/flaws cured: Does anyone know if the improper
>>>installation procedure for KB923980 PREVENTS further security
>>>updates?
>>
>>The classic "everyone" ploy.
>>Those who are having trouble with KB923980 have posted their concerns here
>>and in various other places.
>>Others - who have not had problems with this particular KB article - have
>>not.
>>
>>To be clearer:
>>
>>Microsoft Security Bulletin MS06-066
>> Vulnerabilities in Client Service for NetWare
>> Could Allow Remote Code Execution (923980)
>>Published: November 14, 2006
>>
>>http://www.microsoft.com/technet/sec.../ms06-066.mspx
>>
>>Some points to understand...
>>----------
>>- Released 9 days ago. Determining whether or not there will be a fix now
>>is "jumping the gun" - at least.
>>- Being released in the last round of patches - yeah - you haven't seen
>>anymore patches. You won't usually until the second Tuesday of the next
>>month. These things are kept on a pretty strict release schedule when ever
>>prudent.
>>- Windows XP Home Edition (with service pack 2) is *not* vulnerable.
>>- Only people who manually install Client Service for NetWare are likely to
>>be vulnerable to this issue.
>>- There are work-arounds listed in the web page above if you are still
>>concerned. However, I will say that the work-arounds are probably already
>>in use by the majority of home users. (Remove the Client Service for
>>NetWare if you do not need it and Block TCP ports 139 and 445 at the
>>firewall.)
>>
>>My advice:
>>----------
>>- If you have not installed and do not plan on installing the Client Service
>>for Netware - do not install this patch.
>>- You may uninstall it from add/remove programs control panel.
>>- Turn your automatic updates to "Download and Notify" and choose not to be
>>notified of this patch again.
>>- Visit http://windowsupdate.microsoft.com/ and make sure you tell it to
>>hide the update.
>>- Continue on normally.
>>
>>To answer the direct question in the subject of the post:
>>No.
>>
>>--
>>Shenan Stanley
>> MS-MVP
>>--
>>How To Ask Questions The Smart Way
>>http://www.catb.org/~esr/faqs/smart-questions.html
>>
>>
>>