MS06-034 (KB 917537)

This patch is being offered, erroneously I believe, to my Windows 2000
SP4 machine which does not have IIS installed. As per the caveate in
the KB document I checked the status using Add/Remove Windows
Components; IIS and none of its components, including Common Files, are
checked. There is one asp.dll located in the
\WINNT\ServicePackFiles\i386 directory. Application of the patch does
nothing (seemingly) and so was subsequently removed. Could someone
confirm this to be an error in Windows Update? TIA

Wrong assumption. From :
Microsoft Security Bulletin MS06-034
Vulnerability in Microsoft Internet Information Services using Active
Server Pages Could Allow Remote Code Execution
(917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx

Click the plus sign next to " Windows 2000 (all versions) "
Is Asp.dll version 5.0.2195.7084 ?
IF Asp.dll is the correct version, then the update is erroneously being
offered.
Whether IIS is installed or not is irrelevent, the version of the .dll
is what matters.


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============


noone wrote:

> This patch is being offered, erroneously I believe, to my Windows 2000
> SP4 machine which does not have IIS installed. As per the caveate in
> the KB document I checked the status using Add/Remove Windows
> Components; IIS and none of its components, including Common Files, are
> checked. There is one asp.dll located in the
> \WINNT\ServicePackFiles\i386 directory. Application of the patch does
> nothing (seemingly) and so was subsequently removed. Could someone
> confirm this to be an error in Windows Update? TIA

Thanks for the reply, MowGreen. The asp.ll in
\WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged AFTER
the application of the patch which strangely enough created yet another
version (5.0.2195.6982) of asp.dll in the the $NtUninstall directory.
To summarize: After the patch, I ended up with two asp.dll neither of
which is the correct version, 5.0.2195.7084. What should I do?

MowGreen [MVP] wrote:
> Wrong assumption. From :
> Microsoft Security Bulletin MS06-034
> Vulnerability in Microsoft Internet Information Services using Active
> Server Pages Could Allow Remote Code Execution
> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>
> Click the plus sign next to " Windows 2000 (all versions) "
> Is Asp.dll version 5.0.2195.7084 ?
> IF Asp.dll is the correct version, then the update is erroneously being
> offered.
> Whether IIS is installed or not is irrelevent, the version of the .dll
> is what matters.
>
>
> MowGreen [MVP 2003-2006]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> noone wrote:
>
>> This patch is being offered, erroneously I believe, to my Windows 2000
>> SP4 machine which does not have IIS installed. As per the caveate in
>> the KB document I checked the status using Add/Remove Windows
>> Components; IIS and none of its components, including Common Files,
>> are checked. There is one asp.dll located in the
>> \WINNT\ServicePackFiles\i386 directory. Application of the patch does
>> nothing (seemingly) and so was subsequently removed. Could someone
>> confirm this to be an error in Windows Update? TIA

Is the update listed as being installed in Add/Remove Programs in the
Control Panel ?
The KB article that discusses Known issues indicates that Asp.dll may be
locked if IIS is running, which is *not* the case in this situation.
Check in %systemroot%\system32\inetsrv for another copy of Asp.dll, please.

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============

noone wrote:

> Thanks for the reply, MowGreen. The asp.ll in
> \WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged AFTER
> the application of the patch which strangely enough created yet another
> version (5.0.2195.6982) of asp.dll in the the $NtUninstall directory. To
> summarize: After the patch, I ended up with two asp.dll neither of which
> is the correct version, 5.0.2195.7084. What should I do?
>
> MowGreen [MVP] wrote:
>
>> Wrong assumption. From :
>> Microsoft Security Bulletin MS06-034
>> Vulnerability in Microsoft Internet Information Services using Active
>> Server Pages Could Allow Remote Code Execution
>> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>>
>> Click the plus sign next to " Windows 2000 (all versions) "
>> Is Asp.dll version 5.0.2195.7084 ?
>> IF Asp.dll is the correct version, then the update is erroneously
>> being offered.
>> Whether IIS is installed or not is irrelevent, the version of the .dll
>> is what matters.
>>
>>
>> MowGreen [MVP 2003-2006]
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>
>>
>> noone wrote:
>>
>>> This patch is being offered, erroneously I believe, to my Windows
>>> 2000 SP4 machine which does not have IIS installed. As per the
>>> caveate in the KB document I checked the status using Add/Remove
>>> Windows Components; IIS and none of its components, including Common
>>> Files, are checked. There is one asp.dll located in the
>>> \WINNT\ServicePackFiles\i386 directory. Application of the patch
>>> does nothing (seemingly) and so was subsequently removed. Could
>>> someone confirm this to be an error in Windows Update? TIA

The update appeared in Add/Remove Programs after application but is no
longer there after removal, as expected. The only asp.dll on my system
at this time is in \WINNT\ServicePackFiles\i386\.

MowGreen [MVP] wrote:
> Is the update listed as being installed in Add/Remove Programs in the
> Control Panel ?
> The KB article that discusses Known issues indicates that Asp.dll may be
> locked if IIS is running, which is *not* the case in this situation.
> Check in %systemroot%\system32\inetsrv for another copy of Asp.dll, please.
>
> MowGreen [MVP 2003-2006]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
> noone wrote:
>
>> Thanks for the reply, MowGreen. The asp.ll in
>> \WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged
>> AFTER the application of the patch which strangely enough created yet
>> another version (5.0.2195.6982) of asp.dll in the the $NtUninstall
>> directory. To summarize: After the patch, I ended up with two asp.dll
>> neither of which is the correct version, 5.0.2195.7084. What should I
>> do?
>>
>> MowGreen [MVP] wrote:
>>
>>> Wrong assumption. From :
>>> Microsoft Security Bulletin MS06-034
>>> Vulnerability in Microsoft Internet Information Services using Active
>>> Server Pages Could Allow Remote Code Execution
>>> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>>>
>>> Click the plus sign next to " Windows 2000 (all versions) "
>>> Is Asp.dll version 5.0.2195.7084 ?
>>> IF Asp.dll is the correct version, then the update is erroneously
>>> being offered.
>>> Whether IIS is installed or not is irrelevent, the version of the
>>> .dll is what matters.
>>>
>>>
>>> MowGreen [MVP 2003-2006]
>>> ===============
>>> *-343-* FDNY
>>> Never Forgotten
>>> ===============
>>>
>>>
>>> noone wrote:
>>>
>>>> This patch is being offered, erroneously I believe, to my Windows
>>>> 2000 SP4 machine which does not have IIS installed. As per the
>>>> caveate in the KB document I checked the status using Add/Remove
>>>> Windows Components; IIS and none of its components, including Common
>>>> Files, are checked. There is one asp.dll located in the
>>>> \WINNT\ServicePackFiles\i386 directory. Application of the patch
>>>> does nothing (seemingly) and so was subsequently removed. Could
>>>> someone confirm this to be an error in Windows Update? TIA

Is hidden files, folders, and system files enabled ? :
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#4

noone wrote:

> The update appeared in Add/Remove Programs after application but is no
> longer there after removal, as expected. The only asp.dll on my system
> at this time is in \WINNT\ServicePackFiles\i386\.
>
> MowGreen [MVP] wrote:
>
>> Is the update listed as being installed in Add/Remove Programs in the
>> Control Panel ?
>> The KB article that discusses Known issues indicates that Asp.dll may
>> be locked if IIS is running, which is *not* the case in this situation.
>> Check in %systemroot%\system32\inetsrv for another copy of Asp.dll,
>> please.
>>
>> MowGreen [MVP 2003-2006]
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>
>> noone wrote:
>>
>>> Thanks for the reply, MowGreen. The asp.ll in
>>> \WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged
>>> AFTER the application of the patch which strangely enough created yet
>>> another version (5.0.2195.6982) of asp.dll in the the $NtUninstall
>>> directory. To summarize: After the patch, I ended up with two asp.dll
>>> neither of which is the correct version, 5.0.2195.7084. What should
>>> I do?
>>>
>>> MowGreen [MVP] wrote:
>>>
>>>> Wrong assumption. From :
>>>> Microsoft Security Bulletin MS06-034
>>>> Vulnerability in Microsoft Internet Information Services using
>>>> Active Server Pages Could Allow Remote Code Execution
>>>> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>>>>
>>>>
>>>> Click the plus sign next to " Windows 2000 (all versions) "
>>>> Is Asp.dll version 5.0.2195.7084 ?
>>>> IF Asp.dll is the correct version, then the update is erroneously
>>>> being offered.
>>>> Whether IIS is installed or not is irrelevent, the version of the
>>>> .dll is what matters.
>>>>
>>>>
>>>> MowGreen [MVP 2003-2006]
>>>> ===============
>>>> *-343-* FDNY
>>>> Never Forgotten
>>>> ===============
>>>>
>>>>
>>>> noone wrote:
>>>>
>>>>> This patch is being offered, erroneously I believe, to my Windows
>>>>> 2000 SP4 machine which does not have IIS installed. As per the
>>>>> caveate in the KB document I checked the status using Add/Remove
>>>>> Windows Components; IIS and none of its components, including
>>>>> Common Files, are checked. There is one asp.dll located in the
>>>>> \WINNT\ServicePackFiles\i386 directory. Application of the patch
>>>>> does nothing (seemingly) and so was subsequently removed. Could
>>>>> someone confirm this to be an error in Windows Update? TIA

Turns out the problem was due to operator failure. Doh!

I found an asp.dll (5.0.2195.6982) in \WINNT\system32\dllcache\ after
deselecting the setting to hide protected OS files. This must have been
the one that got copied to the $NtUninstall directory earlier. The
patch was reapplied and the the file in dllcache was updated. Strange
though that this patch, released last month, showed up amongst the
current month's updates and not those from last month.

Thank you very much for your help, MowGreen.

MowGreen [MVP] wrote:
> Is hidden files, folders, and system files enabled ? :
> http://www.xtra.co.nz/help/0,,4155-1916458,00.html#4
>
> noone wrote:
>
>> The update appeared in Add/Remove Programs after application but is no
>> longer there after removal, as expected. The only asp.dll on my
>> system at this time is in \WINNT\ServicePackFiles\i386\.
>>
>> MowGreen [MVP] wrote:
>>
>>> Is the update listed as being installed in Add/Remove Programs in the
>>> Control Panel ?
>>> The KB article that discusses Known issues indicates that Asp.dll may
>>> be locked if IIS is running, which is *not* the case in this situation.
>>> Check in %systemroot%\system32\inetsrv for another copy of Asp.dll,
>>> please.
>>>
>>> MowGreen [MVP 2003-2006]
>>> ===============
>>> *-343-* FDNY
>>> Never Forgotten
>>> ===============
>>>
>>> noone wrote:
>>>
>>>> Thanks for the reply, MowGreen. The asp.ll in
>>>> \WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged
>>>> AFTER the application of the patch which strangely enough created
>>>> yet another version (5.0.2195.6982) of asp.dll in the the
>>>> $NtUninstall directory. To summarize: After the patch, I ended up
>>>> with two asp.dll neither of which is the correct version,
>>>> 5.0.2195.7084. What should I do?
>>>>
>>>> MowGreen [MVP] wrote:
>>>>
>>>>> Wrong assumption. From :
>>>>> Microsoft Security Bulletin MS06-034
>>>>> Vulnerability in Microsoft Internet Information Services using
>>>>> Active Server Pages Could Allow Remote Code Execution
>>>>> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>>>>>
>>>>>
>>>>> Click the plus sign next to " Windows 2000 (all versions) "
>>>>> Is Asp.dll version 5.0.2195.7084 ?
>>>>> IF Asp.dll is the correct version, then the update is erroneously
>>>>> being offered.
>>>>> Whether IIS is installed or not is irrelevent, the version of the
>>>>> .dll is what matters.
>>>>>
>>>>>
>>>>> MowGreen [MVP 2003-2006]
>>>>> ===============
>>>>> *-343-* FDNY
>>>>> Never Forgotten
>>>>> ===============
>>>>>
>>>>>
>>>>> noone wrote:
>>>>>
>>>>>> This patch is being offered, erroneously I believe, to my Windows
>>>>>> 2000 SP4 machine which does not have IIS installed. As per the
>>>>>> caveate in the KB document I checked the status using Add/Remove
>>>>>> Windows Components; IIS and none of its components, including
>>>>>> Common Files, are checked. There is one asp.dll located in the
>>>>>> \WINNT\ServicePackFiles\i386 directory. Application of the patch
>>>>>> does nothing (seemingly) and so was subsequently removed. Could
>>>>>> someone confirm this to be an error in Windows Update? TIA

Glad to hear the issue is resolved ... and that's all that really
counts, right ?

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============

noone wrote:

> Turns out the problem was due to operator failure. Doh!
>
> I found an asp.dll (5.0.2195.6982) in \WINNT\system32\dllcache\ after
> deselecting the setting to hide protected OS files. This must have been
> the one that got copied to the $NtUninstall directory earlier. The
> patch was reapplied and the the file in dllcache was updated. Strange
> though that this patch, released last month, showed up amongst the
> current month's updates and not those from last month.
>
> Thank you very much for your help, MowGreen.
>
> MowGreen [MVP] wrote:
>
>> Is hidden files, folders, and system files enabled ? :
>> http://www.xtra.co.nz/help/0,,4155-1916458,00.html#4
>>
>> noone wrote:
>>
>>> The update appeared in Add/Remove Programs after application but is
>>> no longer there after removal, as expected. The only asp.dll on my
>>> system at this time is in \WINNT\ServicePackFiles\i386\.
>>>
>>> MowGreen [MVP] wrote:
>>>
>>>> Is the update listed as being installed in Add/Remove Programs in
>>>> the Control Panel ?
>>>> The KB article that discusses Known issues indicates that Asp.dll
>>>> may be locked if IIS is running, which is *not* the case in this
>>>> situation.
>>>> Check in %systemroot%\system32\inetsrv for another copy of Asp.dll,
>>>> please.
>>>>
>>>> MowGreen [MVP 2003-2006]
>>>> ===============
>>>> *-343-* FDNY
>>>> Never Forgotten
>>>> ===============
>>>>
>>>> noone wrote:
>>>>
>>>>> Thanks for the reply, MowGreen. The asp.ll in
>>>>> \WINNT\ServicePackFiles\i386\ is 5.0.2195.6672. It was unchanged
>>>>> AFTER the application of the patch which strangely enough created
>>>>> yet another version (5.0.2195.6982) of asp.dll in the the
>>>>> $NtUninstall directory. To summarize: After the patch, I ended up
>>>>> with two asp.dll neither of which is the correct version,
>>>>> 5.0.2195.7084. What should I do?
>>>>>
>>>>> MowGreen [MVP] wrote:
>>>>>
>>>>>> Wrong assumption. From :
>>>>>> Microsoft Security Bulletin MS06-034
>>>>>> Vulnerability in Microsoft Internet Information Services using
>>>>>> Active Server Pages Could Allow Remote Code Execution
>>>>>> (917537)http://www.microsoft.com/technet/sec.../ms06-034.mspx
>>>>>>
>>>>>>
>>>>>> Click the plus sign next to " Windows 2000 (all versions) "
>>>>>> Is Asp.dll version 5.0.2195.7084 ?
>>>>>> IF Asp.dll is the correct version, then the update is erroneously
>>>>>> being offered.
>>>>>> Whether IIS is installed or not is irrelevent, the version of the
>>>>>> .dll is what matters.
>>>>>>
>>>>>>
>>>>>> MowGreen [MVP 2003-2006]
>>>>>> ===============
>>>>>> *-343-* FDNY
>>>>>> Never Forgotten
>>>>>> ===============
>>>>>>
>>>>>>
>>>>>> noone wrote:
>>>>>>
>>>>>>> This patch is being offered, erroneously I believe, to my Windows
>>>>>>> 2000 SP4 machine which does not have IIS installed. As per the
>>>>>>> caveate in the KB document I checked the status using Add/Remove
>>>>>>> Windows Components; IIS and none of its components, including
>>>>>>> Common Files, are checked. There is one asp.dll located in the
>>>>>>> \WINNT\ServicePackFiles\i386 directory. Application of the patch
>>>>>>> does nothing (seemingly) and so was subsequently removed. Could
>>>>>>> someone confirm this to be an error in Windows Update? TIA