Microsoft KB Archive/900804

= Detection and deployment guidance for the June 14, 2005 security release =

Article ID: 900804

Article Last Modified on 10/27/2006

-

APPLIES TO

 Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Web Edition</li></ul> </li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows XP Service Pack 2, when used with:  Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Home Edition</li></ul> </li> Microsoft Windows XP Service Pack 1, when used with:  Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Home Edition</li></ul> </li> Microsoft Windows 2000 Service Pack 4, when used with:  <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul> </li> <li>Microsoft Windows 2000 Service Pack 3, when used with: <ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul> </li></ul>

-

<div class="notice_section">

<div class="summary_section">

SUMMARY
''As part of an ongoing commitment to provide detection tools and deployment recommendations for security updates, Microsoft is delivering this detection and deployment guidance for all updates that are released during a Microsoft Security Response Center (MSRC) release cycle. This guidance contains recommendations that are based on the types of scenarios that may exist in various Microsoft operating system environments. This guidance includes the use of tools such as Windows Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), the Extended Security Update Inventory Tool, and the Enterprise Update Scan Tool (EST).''

<div class="summary_section">

INTRODUCTION
This article describes the detection and deployment guidance for the security release that is dated June 14, 2005.

<div class="moreinformation_section">

Environments that detect and that deploy security updates by using Windows Update, Microsoft Update, and Office Update
Most of the updates that released on June 14, 2005 are available through the following Web sites:
 * Microsoft Windows Update
 * Microsoft Update
 * Office Update

However, not all the updates are available through these Web sites. The following are the updates that are not available through these Web sites or that may only be partially supported by these Web sites: <ul> <li>Security update 895179 is for Microsoft Exchange Server 5.5. Microsoft Exchange Server 5.5 is not supported by Windows Update or by Microsoft Update.

Note This security update is documented in security bulletin MS05-029.</li> <li>Security update 896428 is an update for the version of Telnet that is included with Microsoft Windows Server 2003 and with Microsoft Windows XP. This update is also for the version of Telnet that is included with Microsoft Windows Services for UNIX. Windows Update and Microsoft Update support detection and deployment only for the version of Telnet that is included with the following operating systems: <ul> <li>Windows Server 2003 Service Pack 1 (SP1)</li> <li>Windows Server 2003</li> <li>Windows XP Service Pack 2 (SP2)</li> <li>Windows XP SP1</li></ul>

Note This security update is documented in security bulletin MS05-033.</li> <li>Security update 899753 is an update for Microsoft Internet Security and Acceleration (ISA) Server. ISA Server is not supported by Windows Update or by Microsoft Update.

Note This security update is documented in security bulletin MS05-034.</li> <li>Security update 263968 is a Microsoft SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

Note This security update is documented in security bulletin MS02-035.</li></ul>

Environments that detect security updates by using the MBSA
If you use the Microsoft Baseline Security Analyzer (MBSA) to detect security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that the MBSA does not detect or that may only be partially supported by the MBSA: <ul> <li>Security update 895179 is an update for Exchange Server 5.5. Most Exchange Server 5.5 installations are supported by the MBSA. Microsoft Outlook Web Access is also supported by the MBSA. However, the MBSA does not detect security update 895179 when the following conditions are true: <ul> <li>A front-end server is connected to a back-end Exchange Server 5.5 server.</li> <li>The front-end server is running only Internet Information Services.</li> <li>The front-end server is set up only for Outlook Web Access.</li> <li>The MBSA is run on the front-end server.</li></ul>

You can use the Enterprise Update Scan Tool for detection of this update on a front-end server that is set up only for Outlook Web Access.

Note This security update is documented in security bulletin MS0-029.</li> <li>Security update 897715 is an update for Microsoft Outlook Express. Outlook Express is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update for the following configurations: <ul> <li>Outlook Express 6.0 SP1 on Windows XP SP1</li> <li>Outlook Express 6.0 SP1 on Microsoft Windows 2000 Service Pack 4 (SP4) and on Windows 2000 Service Pack 3 (SP3)</li> <li>Outlook Express 6.0 on the original version of Windows Server 2003</li> <li>Outlook Express 5.5 SP2 on Windows 2000 SP4 and on Windows 2000 SP3</li></ul>

Note This security update is documented in security bulletin MS05-030.</li> <li>Security update 898458 is an update for step-by-step interactive training. Step-by-step interactive training is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when step-by-step interactive training applications are installed on the following operating systems: <ul> <li>Windows Server 2003 SP1</li> <li>Windows Server 2003</li> <li>Windows XP SP2</li> <li>Windows XP SP1</li> <li>Windows 2000 SP4</li> <li>Windows 2000 SP3</li></ul>

Note This security update is documented in security bulletin MS05-031.</li> <li>Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by the MBSA: <ul> <li>Windows Server 2003 SP1</li> <li>Windows Server 2003</li> <li>Windows XP SP2</li> <li>Windows XP SP1</li></ul>

However, the version of Telnet that is included with Windows Services for UNIX is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when Telnet is installed by Windows Services for UNIX versions 2.2, 3.0, and 3.5. You can install Windows Services for UNIX on the following operating systems: <ul> <li>Windows Server 2003 SP1</li> <li>Windows Server 2003</li> <li>Windows XP SP2</li> <li>Windows XP SP1</li> <li>Windows 2000 SP4</li> <li>Windows 2000 SP3</li></ul>

However, the only vulnerable version of Windows Services for UNIX is the version that is present on Windows 2000 SP4 and on Windows 2000 SP3.

Note This security update is documented in security bulletin MS05-033.</li> <li>Security update 899753 is an ISA Server update. ISA Server is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when Microsoft ISA Server 2000 SP2 is running on one of the following operating systems: <ul> <li>Windows Server 2003 SP1</li> <li>Windows Server 2003</li> <li>Windows 2000 SP4</li> <li>Windows 2000 SP3</li></ul>

Note This security update is documented in security bulletin MS05-034.</li> <li>Security update 887219 is an ASP.NET update. Although ASP.NET is not supported by the MBSA, ASP.NET is supported by the original February Enterprise Update Scan Tool.

Note This security update is documented in security bulletin MS05-004.</li> <li>Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

Note This security update is documented in security bulletin MS02-035.</li> <li>Security update 893066 is a rereleased TCP/IP update that the MBSA detects. However, the older version of security update 893066 is out-of-date. Hotfix 898060 superseded the older version of the security update, and that hotfix is also out-of-date. You must install the rereleased version of security update 893066 for the MBSA to consider the system to be compliant.

Note This security update is documented in security bulletin MS05-019.</li></ul>

For more information about how to obtain the Enterprise Update Scan Tool, click the following article number to view the article in the Microsoft Knowledge Base:

894193 How to obtain and use the Enterprise Update Scan Tool

Environments that detect and that deploy security updates by using Software Update Services or Windows Server Update Services
If you use Software Update Services (SUS) or Windows Server Update Services (WSUS) to detect and to deploy security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that SUS and WSUS do not detect or that are only partially supported by SUS and by WSUS: <ul> <li>Security update 895179 is an update for Exchange Server 5.5. SUS and WSUS do not support Exchange Server 5.5. For more information about this update and about detection, see the &quot;Environments that detect security updates by using MBSA&quot; section.

Note This security update is documented in security bulletin MS05-029.</li> <li>Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by SUS and by WSUS: <ul> <li>Windows Server 2003 SP1</li> <li>Windows Server 2003</li> <li>Windows XP SP2</li> <li>Windows XP SP1</li></ul>

However, the version of Telnet that is included with Windows Services for UNIX is not supported by SUS and WSUS. For detection information about this version of Telnet, see the &quot;Environments that detect security updates by using MBSA&quot; section.

Note This security update is documented in security bulletin MS05-033.</li> <li>Security update 899753 is an ISA Server update. ISA Server is not supported by SUS or by WSUS. For detection information, see the &quot;Environments that detect security updates by using MBSA&quot; section.

Note This security update is documented in security bulletin MS05-034.</li> <li>Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy. For detection information, see the &quot;Environments that detect security updates by using MBSA&quot; section.

Note This security update is documented in security bulletin MS02-035.</li></ul>

Environments that detect and that deploy security updates by using SMS with the Software Update Services (SUS) Feature Pack and with the Extended Security Update Inventory Tool
If you use Systems Management Server (SMS) to detect and to deploy security updates, you can detect all the security updates that were released on June 14, 2005 except for security update 263968. Security update 263968 is a SQL Server update that is being rereleased. This security update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

Note This security update is documented in security bulletin MS02-035.

Some of the security updates may only be fully detected if you use the latest cumulative Extended Security Update Inventory Tool. To obtain this tool, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2C93DA1D-48A0-4E5C-991F-87E08954F61B&displaylang=en

Summary of detection and deployment guidance
The following table summarizes the detection and deployment guidance for each new security update.

Rereleased security updates
The following table summarizes the detection and deployment guidance for each rereleased security update.

For more information about note messages in the MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

Frequently asked questions
<ol> <li>What is Microsoft doing to provide guidance about how to deploy these updates?

Microsoft encourages system administrators to join the monthly technical webcast to learn more about security updates. The webcast for these security update airs on June 15, 2005 at 11:00 A.M. (Pacific Time). To register, visit the following Microsoft Web site:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032275405&EventCategory=4

</li> <li>Is the Enterprise Update Scan Tool also cumulative like the Extended Security Update Inventory Tool is for SMS?

No, the Enterprise Update Scan Tool is not cumulative. There are no plans to make the Enterprise Update Scan Tool cumulative.</li> <li>Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether the updates are required?

You can use the MBSA to detect the following security updates that were released in May 2005: <ul> <li>883939 (Security bulletin MS05-025)</li> <li>896358 (Security bulletin MS05-026)</li> <li>896422 (Security bulletin MS05-027)</li> <li>896426 (Security bulletin MS05-028)</li> <li>890046 (Security bulletin MS05-032)</li></ul>

The following security updates are only partially supported by the MBSA: <ul> <li>895179 (Security bulletin MS05-029)</li> <li>896428 (Security bulletin MS05-033)</li></ul>

For more information about detection for security update 895179 and for security update 896428, see the &quot;Environments that detect security updates by using the MBSA&quot; section.

For more information about the programs that the MBSA currently does not detect, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

If you installed a program that is listed in the &quot;Affected software&quot; section of a security bulletin that is mentioned in this article, you may have to manually determine whether you must install the required security update. For more information about the MBSA, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

</li> <li>Which security updates require that I use the Enterprise Update Scan Tool together with the MBSA to identify vulnerable systems in my network?

The following security updates require that you use the Enterprise Update Scan Tool together with the MBSA: <ul> <li>897715 (Security bulletin MS05-030)</li> <li>898458 (Security bulletin MS05-031)</li> <li>890046 (Security bulletin MS05-032)</li> <li>899753 (Security bulletin MS05-034)</li></ul>

Under certain conditions, the following security updates are partially supported by the Enterprise Update Scan Tool together with the MBSA: <ul> <li>895179 (Security bulletin MS05-029)</li> <li>896428 (Security bulletin MS05-033)</li></ul>

For more information, see the &quot;Environments that detect security updates by using the MBSA&quot; section.</li> <li>Can I use Systems Management Server (SMS) to determine whether the updates are required?

Yes. SMS helps detect and deploy these security updates. SMS uses the MBSA for detection. Therefore, SMS does not detect the same programs that MBSA does not detect. For more information about SMS, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/default.mspx

The Security Update Inventory Tool together with the Extended Security Update Inventory Tool are required for detection of all the security updates on Microsoft Windows and on other affected Microsoft products. For more information about the limitations of the Security Update Inventory Tool, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

SMS also uses the Microsoft Office Inventory Tool to detect the required security updates for Microsoft Office programs such as Microsoft Word.</li></ol>

Keywords: kbsecurity kbdeployment kbhowto kbinfo KB900804

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.