Microsoft KB Archive/899277

= Detection and deployment guidance for the May 10, 2005 security release =

Article ID: 899277

Article Last Modified on 10/27/2006

-

APPLIES TO

 Microsoft Windows 2000 Service Pack 4, when used with:  Microsoft Windows 2000 Advanced Server

 Microsoft Windows 2000 Datacenter Server

 Microsoft Windows 2000 Server

 Microsoft Windows 2000 Professional Edition</li></ul> </li> Microsoft Windows 2000 Service Pack 3, when used with:  Microsoft Windows 2000 Advanced Server</li></ul>

 Microsoft Windows 2000 Datacenter Server</li></ul>

 Microsoft Windows 2000 Server</li></ul>

 Microsoft Windows 2000 Professional Edition</li></ul> </li></ul>

-

<div class="notice_section">

<div class="summary_section">

INTRODUCTION
As part of an ongoing commitment to provide detection tools and deployment recommendations for security updates, Microsoft delivers detection and deployment guidance for all bulletins during a Microsoft Security Response Center (MSRC) release cycle. The guidance in this article contains recommendations that are based on the types of scenarios that may be used in various Microsoft Windows environments. This guidance applies to the use of tools such as Windows Update, Microsoft Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection tool, Microsoft Systems Management Server (SMS), the Extended Security Update Inventory tool, and the Enterprise Update Scan tool.

<div class="moreinformation_section">

Environments that detect and deploy security updates by using the Windows Update Web site and the Office Update Web site
If you use the Windows Update Web site or the Office Update Web site to detect and to deploy security updates, you are covered for the detection and the deployment of all May 10, 2005 releases.

Environments that detect security updates by using MBSA
If you are using MBSA to detect security updates, you are covered for the detection of all May 10, 2005 releases.

Environments that detect and deploy security updates by using Software Update Services
If you use Software Update Services (SUS) to detect and to deploy security updates, you are covered for the detection and deployment of all May 10, 2005 releases.

Environments that detect and deploy security updates by using SMS with the SUS Feature Pack
If you use SMS to detect and to deploy security updates, you are covered for all May 10, 2005 releases.

Frequently asked questions
Q1: What is Microsoft doing to provide guidance on how to deploy these updates?

A1: Microsoft encourages system administrators to join the monthly technical webcast to learn more about the May 2005 security update. This webcast airs on May 11, 2005 at 11:00 A.M. Pacific Time. To register, visit the following Microsoft Web site:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032273403&Culture=en-US

Q2: Is the Enterprise Update Scan tool cumulative as the Extended Security Update Inventory tool is for SMS?

A2: No, the Enterprise Update Scan tool is not cumulative. No plans exist to make the tool cumulative.

Q3: Can I use MBSA to determine whether the updates are required?

A3: You can use MBSA to detect security update MS05-024. This update was released in May 2005.

Notes  For more information about the programs that MBSA does not currently detect, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

</li> If you installed any one of the programs that are listed in the &quot;Affected software&quot; section of security bulletin MS05-024, you may have to manually determine whether to install the required security update. For more information about MBSA, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

</li></ul>

Q4: Which bulletins require that I use the Enterprise Update Scan tool in combination with MBSA to identify vulnerable systems on my network?

A4: You do not need the Enterprise Update Scan tool this month because MBSA fully detects security update MS05-024.

Q5: Can I use SMS to determine whether the updates are required?

A5: Yes. SMS can help detect and deploy these security updates.

Note SMS uses MBSA for detection. Therefore, SMS does not detect the programs that MBSA does not detect. For more information about SMS, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/default.mspx

The Security Update Inventory tool is required to detect the required security updates for Microsoft Windows and for other affected Microsoft products.

For more information about the limitations of the Security Update Inventory tool, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

SMS can also use the Office Inventory tool to detect the required security updates for Office programs, such as Microsoft Word.

Keywords: kbexpertiseadvanced kbsecurity kbhowto kbdeployment kbinfo KB899277

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.