Update Caveats

In reading the details of some critical updates, I notice there are caveats
(e.g., MS05-001: Vulnerability in HTML Help could allow code execution). The
caveat explains that "Before you install security update 890175 (MS05-001),
you must install critical update 811630 for some operating systems". Would
this be automatically handled by Windows Update or must I go through each
critical update to determine if some required action must be performed first?

Bob

From KB811630 :

" Symptoms

• The URL that is specified by the window.showHelp method does not
appear in the HTML Help window after you install the February 2003
Cumulative Patch for Internet Explorer (MS03-004).
• If you have not installed the February 2003 Cumulative Patch for
Internet Explorer (MS03-004), an attacker may be able to host a Web page
that calls the window.showHelp method to open an URL in another domain
in the HTML Help window. This may permit the attacker access the data
that the Web site of that URL contains. "

Windows Update did offer the February 2003 Cumulative Patch for Internet
Explorer (MS03-004), KB810847 from Windows Update. If it was installed
then KB811630 would *not* be offered by Windows Update. If KB810847 was
not installed, then KB811630 *would* be offered by WU and would *have*
to be installed prior to KB890175.

" For these operating systems, installing critical update 811630 after
installing security update 890175 might cause reduced functionality in
HTML Help if security update 890175 is later uninstalled.

From http://support.microsoft.com/?id=890175 :
" Note The reduced HTML Help functionality occurs only if security
update 890175 is uninstalled. For additional information about this
issue, click the following article number to view the article in the
Microsoft Knowledge Base:
892641 HTML Help files do not work correctly after you uninstall
security update 890175 (MS05-001)
• Certain kinds of Web-based programs may not function correctly after
you install security update 890175. For additional information about
this issue, click the following article number to view the article in
the Microsoft Knowledge Base:
892675 You cannot access HTML Help functionality on some Web sites after
installing security update MS05-001 "

Whew. No wonder some folks are confused. It's as clear as mud, no ?

MowGreen [MVP 2004-2005]
===============
*-343-* FDNY
Never Forgotten
===============


bobspicks wrote:
> In reading the details of some critical updates, I notice there are caveats
> (e.g., MS05-001: Vulnerability in HTML Help could allow code execution). The
> caveat explains that "Before you install security update 890175 (MS05-001),
> you must install critical update 811630 for some operating systems". Would
> this be automatically handled by Windows Update or must I go through each
> critical update to determine if some required action must be performed first?
>
> Bob

MowGreen:

Thanks for indicating that the issue is confusing. I see neither of
KB810847 nor KB811630 listed in my list of updates or my Installation History.

The example I gave is related to only one of the 19 critical updates listed
for me to apply. Should I read each one to check for prerequisites or other
information provided in the details or can I just click on Install?

Bob

"MowGreen [MVP]" wrote:

> From KB811630 :
>
> " Symptoms
>
> • The URL that is specified by the window.showHelp method does not
> appear in the HTML Help window after you install the February 2003
> Cumulative Patch for Internet Explorer (MS03-004).
> • If you have not installed the February 2003 Cumulative Patch for
> Internet Explorer (MS03-004), an attacker may be able to host a Web page
> that calls the window.showHelp method to open an URL in another domain
> in the HTML Help window. This may permit the attacker access the data
> that the Web site of that URL contains. "
>
> Windows Update did offer the February 2003 Cumulative Patch for Internet
> Explorer (MS03-004), KB810847 from Windows Update. If it was installed
> then KB811630 would *not* be offered by Windows Update. If KB810847 was
> not installed, then KB811630 *would* be offered by WU and would *have*
> to be installed prior to KB890175.
>
> " For these operating systems, installing critical update 811630 after
> installing security update 890175 might cause reduced functionality in
> HTML Help if security update 890175 is later uninstalled.
>
> From http://support.microsoft.com/?id=890175 :
> " Note The reduced HTML Help functionality occurs only if security
> update 890175 is uninstalled. For additional information about this
> issue, click the following article number to view the article in the
> Microsoft Knowledge Base:
> 892641 HTML Help files do not work correctly after you uninstall
> security update 890175 (MS05-001)
> • Certain kinds of Web-based programs may not function correctly after
> you install security update 890175. For additional information about
> this issue, click the following article number to view the article in
> the Microsoft Knowledge Base:
> 892675 You cannot access HTML Help functionality on some Web sites after
> installing security update MS05-001 "
>
> Whew. No wonder some folks are confused. It's as clear as mud, no ?
>
> MowGreen [MVP 2004-2005]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> bobspicks wrote:
> > In reading the details of some critical updates, I notice there are caveats
> > (e.g., MS05-001: Vulnerability in HTML Help could allow code execution). The
> > caveat explains that "Before you install security update 890175 (MS05-001),
> > you must install critical update 811630 for some operating systems". Would
> > this be automatically handled by Windows Update or must I go through each
> > critical update to determine if some required action must be performed first?
> >
> > Bob
>

If this update is listed in Add/Remove Programs than there is nothing to
be concerned with :

MS05-020: Cumulative security update for Internet Explorer
http://support.microsoft.com/?kbid=890923

It will be listed as Internet Explorer Q890923
Since all updates for IE are cumulative, KB810847 is included in it.

MowGreen [MVP 2004-2005]
===============
*-343-* FDNY
Never Forgotten
===============

bobspicks wrote:

> MowGreen:
>
> Thanks for indicating that the issue is confusing. I see neither of
> KB810847 nor KB811630 listed in my list of updates or my Installation History.
>
> The example I gave is related to only one of the 19 critical updates listed
> for me to apply. Should I read each one to check for prerequisites or other
> information provided in the details or can I just click on Install?
>
> Bob
>
> "MowGreen [MVP]" wrote:
>
>
>> From KB811630 :
>>
>>" Symptoms
>>
>>• The URL that is specified by the window.showHelp method does not
>>appear in the HTML Help window after you install the February 2003
>>Cumulative Patch for Internet Explorer (MS03-004).
>>• If you have not installed the February 2003 Cumulative Patch for
>>Internet Explorer (MS03-004), an attacker may be able to host a Web page
>>that calls the window.showHelp method to open an URL in another domain
>>in the HTML Help window. This may permit the attacker access the data
>>that the Web site of that URL contains. "
>>
>>Windows Update did offer the February 2003 Cumulative Patch for Internet
>>Explorer (MS03-004), KB810847 from Windows Update. If it was installed
>>then KB811630 would *not* be offered by Windows Update. If KB810847 was
>>not installed, then KB811630 *would* be offered by WU and would *have*
>>to be installed prior to KB890175.
>>
>>" For these operating systems, installing critical update 811630 after
>>installing security update 890175 might cause reduced functionality in
>>HTML Help if security update 890175 is later uninstalled.
>>
>> From http://support.microsoft.com/?id=890175 :
>>" Note The reduced HTML Help functionality occurs only if security
>>update 890175 is uninstalled. For additional information about this
>>issue, click the following article number to view the article in the
>>Microsoft Knowledge Base:
>>892641 HTML Help files do not work correctly after you uninstall
>>security update 890175 (MS05-001)
>>• Certain kinds of Web-based programs may not function correctly after
>>you install security update 890175. For additional information about
>>this issue, click the following article number to view the article in
>>the Microsoft Knowledge Base:
>>892675 You cannot access HTML Help functionality on some Web sites after
>>installing security update MS05-001 "
>>
>>Whew. No wonder some folks are confused. It's as clear as mud, no ?
>>
>>MowGreen [MVP 2004-2005]
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>
>>bobspicks wrote:
>>
>>>In reading the details of some critical updates, I notice there are caveats
>>>(e.g., MS05-001: Vulnerability in HTML Help could allow code execution). The
>>>caveat explains that "Before you install security update 890175 (MS05-001),
>>>you must install critical update 811630 for some operating systems". Would
>>>this be automatically handled by Windows Update or must I go through each
>>>critical update to determine if some required action must be performed first?
>>>
>>>Bob
>>