!KB904706 conflicting info on MS websites..

Discussion in 'Windows Update' started by Max Burke, Oct 12, 2005.

  1. Max Burke

    Max Burke Guest

    KB904706 is one of today's monthly updates...

    On this MS page it says [clearly] it's for:

    Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows XP
    Service Pack 1
    http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx

    [nothing about Windows XP service pack 2 at all]


    While the monthly email notification security bulletin says:

    Title: Microsoft Security Bulletin Summary for October 2005
    Issued: October 11, 2005
    Version Number: 1.0
    Bulletin: http://go.microsoft.com/fwlink/?LinkId=54789
    ********************************************************************

    Summary:
    ========
    This advisory contains information about all security updates
    released this month. It is broken down by security bulletin severity.

    Critical Security Bulletins
    ===========================

    MS05-050 - Vulnerability in DirectShow Could Allow Remote Code
    Execution (904706)

    - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1

    ===> - Windows XP Service Pack 2 <===

    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems
    - Windows Server 2003 x64 Edition
     
    Max Burke, Oct 12, 2005
    #1
    1. Advertisements

  2. Hi,

    Security Bulletin MS05-050 (KB904706) also have the following text:

    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and on
    Microsoft Windows XP with Service Pack 2 – Download the update

    This is very confusing text, as SP2 for WinXP installs DirectX 9.0c.


    It should have been something like this:

    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and
    Microsoft DirectX 9.0c on Microsoft Windows XP with Service Pack 2 –
    Download the update

    or maybe better split it on two lines, one for WinXP SP1 and one for
    WinXP SP2:

    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1
    – Download the update
    • Microsoft DirectX 9.0c on Microsoft Windows XP Service Pack 2
    – Download the update

    where both points to the same download link.

    Regards,
    Torgeir


     
    Torgeir Bakken \(MVP\), Oct 12, 2005
    #2
    1. Advertisements

  3. Hi,

    And now the text at
    http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx

    is updated to state

    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and
    Microsoft DirectX 9.0c on Microsoft Windows XP with Service Pack 2
    – Download the update


    instead of the old text:

    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and on
    Microsoft Windows XP with Service Pack 2 – Download the update


    Regards,
    Torgeir
     
    Torgeir Bakken \(MVP\), Oct 12, 2005
    #3
  4. Max Burke

    kirknall Guest

    And that's only the beginning of the conflicting information.

    Under 'Affected Software', DirectX 7.0 on Win2K SP4 is listed.

    Under 'Affected Components', it seems all versions of DirectX 8 & 9 are
    listed when installed on Win2K SP4. There's no mention of DirectX 7.

    The second issue is that Win2K SP4 or Windows 2003 Server system is
    scanning for MS05-050. We have the updated mssecure.cab and XML file,
    and MS05-050 is listed within.

    Looking at the scanwrapper.log file however, there is no mention of
    MS05-050 at all, applicable or not.

    This is occurring on both Win2K and 2003 Servers. Windows XP appears
    unaffected by this glitch.

    Do you know what we should do about this?
     
    kirknall, Oct 12, 2005
    #4
  5. Max Burke

    kirknall Guest

    Further inspection of the XML file shows that there are no download
    locations listed for the Win2K or Win2K3 versions of the MS05-050
    patch.

    Get ready for a resync!
     
    kirknall, Oct 12, 2005
    #5
  6. Max Burke

    kirknall Guest

    I'll just keep answering myself :)

    Just spent 2 hours on the phone with PSS, although the article mentions
    that MBSA should pick up the update, it doesn't, and they actually
    (just yesterday) updated the Extended Security Update Inventory Tool to
    detect MS05-050 on Win2K SP4 and Win2K3 RTM and neglected to mention
    that anywhere in the article.

    Well, they did mention it on the Tool download page:

    http://www.microsoft.com/downloads/...1D-48A0-4E5C-991F-87E08954F61B&displaylang=en

    but how would you know that unless you knew to go to that page in the
    first place....
     
    kirknall, Oct 12, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.