Microsoft KB Archive/894192

= Detection and deployment guidance for the February 8, 2005, security update release cycle =

Article ID: 894192

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows XP Service Pack 1
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition

-



SUMMARY
As part of an ongoing commitment to provide detection tools and deployment recommendations for bulletin-class security updates, Microsoft is delivering this detection and deployment guidance for all bulletins during a Microsoft Security Response Center (MSRC) release cycle. This guidance contains recommendations for various Windows environments. This includes tools such as Windows Update, Office Update, Microsoft Baseline Security Analyzer (MBSA), Office Detection Tool (ODT), Microsoft Systems Management Server (SMS), and the Enterprise Scan Tool (EST). This document is a monthly supplement to the following Microsoft Knowledge Base article.

894193 How to obtain and use the Enterprise Scan Tool

This supplement gives specific detection and deployment recommendations based on the February 8, 2005, release cycle.



Environments that detect and deploy security updates by using the public Windows Update Web site and the Office Update Web site
If you detect and deploy security updates by using the public Windows Update Web site and the Office Update Web site, you can detect and deploy most of the February 8, 2005, releases. The exception is part of MS05-009.  Windows Update does not update the MSN Messenger 6.1 and 6.2 products that are listed in MS05-009. To download the update, visit the following MSN Messenger Web site:

http://messenger.msn.com

 Use the Enterprise Scan Tool (EST) to scan systems that are running MSN Messenger to see if they are vulnerable. In smaller environments, it is easiest to visit the few computers that may need updates, verify the versions of these products, and then update the products from the Download Center links that are available in the bulletin.

Environments that detect security updates using MBSA
If you use MBSA to detect security updates, you can detect most of the February 8, 2005, releases. The exceptions are MS05-004, part of MS05-006, and part of MS05-009.
 * You can use EST to detect MS05-004.
 * The EST or Software Update Services (SUS) detects the Windows SharePoint Services product that is listed in MS05-006. The Windows SharePoint Team Services product that is listed in MS05-006 is only detected by using a local scan from the Office Detection Tool (ODT) that is integrated into MBSA.
 * The EST detects all the affected products that are listed in MS05-009. MBSA detects only the Media Player 9 product.

Environments that detect and deploy security updates by using Software Update Services
If you use Software Update Services to detect and deploy security updates, you can detect most of the February 8, 2005, releases. The exceptions are MS05-005 and part of MS05-006.
 * SUS does not detect or deploy any part of MS05-005. MBSA will detect MS05-005 in part. For details, see the MBSA section. To deploy MS05-005, visit the Office Update Web site or use a more robust deployment tool such as SMS.
 * With MS05-006, MBSA does detect if the update for this vulnerability is required for Windows SharePoint Team Services. MBSA does this by using the Office Detection Tool and is therefore limited to local scans. Additionally, MBSA does not currently support the detection of Windows SharePoint Services. However, an Enterprise Scan Tool has been developed to help determine whether the Windows SharePoint Services security update is required.
 * You will have to use MBSA to detect the Windows SharePoint Team Services product that is part of MS05-006. To deploy MS05-006, visit the Office Update Web site or use a more robust deployment tool such as SMS.

Environments that detect and deploy security updates by using SMS with the Software Update Services Feature Pack
If you use SMS to detect and deploy security updates, you can detect the February 8, 2005, releases. To download the EST packages that are specific to detection and deployment by using SMS, visit the following Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2FCD82CF-9B6E-441F-BBC7-7DBAAF10279D&displaylang=en

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

894154 How to obtain and use the February 2005 Security Update Scan Tool in environments that use Systems Management Server 2003 and Systems Management Server 2.0

Detection and deployment matrix
Note This detection and deployment guidance applies to Windows NT 4.0 and Windows NT 4.0 Terminal Server Edition only in the context of MS05-010.

Frequently asked questions
Q1: What is Microsoft doing to provide me guidance on how to deploy these updates?

A1: Microsoft encourages system administrators to join the monthly technical webcast to learn more about the February security updates. This webcast will occur on February 9, 2005, at 11:00 A.M. Pacific Time. Because of the complex deployment scenarios of this month’s release, the technical webcast will be extended to two hours. To register, visit the following Web site:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032267656&Culture=en-US

There is an additional PSS webcast on February 16, 2005, to provide additional deployment support to systems administrators. To register, visit the following Web site:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032268810&Culture=en-US

This month, Microsoft is also providing an additional resource to help in the deployment of security updates in the form of the Enterprise Scan Tool. The Enterprise Scan Tool is a supplement to the Microsoft Baseline Security Analyzer. The Enterprise Scan Tool helps detect vulnerable computers when MBSA cannot do this.

Q2: Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether the updates are required?

A2: You can use the Microsoft Baseline Security Analyzer to detect the following security updates released this month:
 * MS05-005 http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx
 * MS05-006 http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx
 * MS05-007 http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx
 * MS05-008 http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx
 * MS05-010 http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx
 * MS05-011 http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx
 * MS05-012 http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx
 * MS05-013 http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx
 * MS05-014 http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
 * MS05-015 http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx

Note With MS05-006, MBSA does detect if the update for this vulnerability is required for Windows SharePoint Team Services. MBSA does this by using the Office Detection Tool and is therefore limited to local scans. Additionally, MBSA does not currently support the detection of Windows SharePoint Services. However, an Enterprise Scan Tool has been developed to help determine whether the Windows SharePoint Services security update is required. For additional information bout the programs that MBSA currently detect, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

If you have installed any one of the programs that are listed in the Affected Software section of the security bulletin, you may have to manually determine whether you have to install the required update. For more information about MBSA, visit the following Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Note With MS05-014, this release includes an update for Internet Explorer 6 Service Pack 1 designed for Windows 2000 and Windows XP Service Pack 1. If you are still managing Windows NT 4.0 systems in your enterprise, and you are using MBSA, a software update scan will show this update as applicable on Windows NT 4.0 systems. However, this update is intended only for the supported operating systems mentioned in the Affected Software section of the security bulletin.

Q3: For which security bulletins will I have to use the Enterprise Scan Tool with MBSA to identify vulnerable systems on my network?

A3: You will have to use the Enterprise Scan Tool with MBSA for the following security bulletins:
 * MS05-004
 * MS05-006
 * MS05-009

Q4: Can I use Systems Management Server (SMS) to determine whether the updates are required?

A4: Yes. SMS can help detect and deploy these security updates.

Note SMS uses MBSA for detection. Therefore, SMS has the same limitations related to programs that MBSA does not detect. For information about SMS, visit the following Web site:

http://www.microsoft.com/smserver/default.mspx

You must use the Security Update Inventory Tool to detect Microsoft Windows and other affected Microsoft products. For more information about the limitations of the Security Update Inventory Tool, see the following Microsoft Knowledge Base article.

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

SMS can also use the Microsoft Office Inventory Tool to detect for required updates for Microsoft Office applications such as Windows SharePoint Team Services.

Q5: On which bulletins will I have to use the Enterprise Scan Tool with SMS to identify vulnerable systems on my network?

A5: You will have to use the Enterprise Scan Tool should be used in combination with SMS for the following security bulletins:
 * MS05-004
 * MS05-006
 * MS05-009

'''Q6: I am trying to install MS05-004. Is there an additional tool that can help me determine vulnerable systems?'''

A6: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for the ASP.NET security update. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. There is also a version of this tool that SMS customers can download. To download this tool, SMS customers can visit the following Web site:

http://www.microsoft.com/smserver/default.mspx

'''Q7: I am trying to install MS05-006. Is there an additional tool to help me determine vulnerable systems?'''

A7: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for the Windows SharePoint Services security update. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. To download this tool, SMS customers can visit the following Web site:

http://www.microsoft.com/smserver/default.mspx

'''Q8: I am trying to install MS05-009. Is there an additional tool to help me determine vulnerable systems?'''

A8: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for all the affected products that are listed in the MS05-009 security bulletin. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. To download this tool, SMS customers can visit the following Web site:

http://www.microsoft.com/smserver/default.mspx

'''Q9: I have received a hotfix from Microsoft or my support provider since the release of MS04-004. Is that hotfix included in MS05-014?'''

A9: Yes. When you install this security update, the installer checks to see if one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update an affected file, the installer copies the files that contain the hotfix to your system. Otherwise, the installer copies the files without the hotfix to your system.

'''Q10: The command line installation switches with MS05-014 are different for Windows 2000 and Windows XP operating systems than MS04-025. Why is that?'''

A10: Starting with MS04-038, the packages that are downloaded from the Web for Windows 2000 and Windows XP Service Pack 1 use a new installation technology, Update.exe. Therefore, the installation options are different from previous releases. Also, as part of the change to the Update.exe installation technology, the Knowledge Base Article number of this update will no longer be displayed in the About Internet Explorer dialog box in Internet Explorer. For more information about the command line switches that are that are available for this release, see the &quot;Security Update Information&quot; section of the security bulletin. If you automatically downloaded this package as a function of the SMS SUS Feature Pack, the command line parameters are based on the SMS Installer package and are different from the Web download version.

Q11: Are there any other special considerations that I should consider when I deploy MS05-014?

A11: This update does include hotfixes that have been released since the release of MS04-004 and MS04-025. However, they are installed only on systems that need them. Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-025 should review question nine to determine how to make sure that the appropriate hotfixes are installed. Microsoft Knowledge Base article 867282 also documents this in more detail.

Note The update for the Drag-and-Drop Vulnerability, CAN-2005-0053, comes in two parts. It is addressed in part in the MS05-014 security bulletin. This security bulletin, together with security bulletin MS05-008, makes up the update for CAN-2005-0053. These updates do not have to be installed in any particular order. However, we recommend that you install both updates.

Keywords: kbhowto kbinfo kbsecurity KB894192

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.