Microsoft KB Archive/916557

= Detection and deployment guidance for the March 2006 security release =

Article ID: 916557

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Web Edition</li></ul> </li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Small Business Server 2003 Premium Edition</li> Microsoft Windows Small Business Server 2003 Standard Edition</li> Microsoft Windows XP Service Pack 2, when used with:  Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Home Edition</li></ul> </li> Microsoft Windows XP Service Pack 1, when used with:  Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows 2000 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul> </li> <li>Microsoft Small Business Server 2000 Standard Edition</li></ul>

-

<div class="notice_section">

<div class="summary_section">

INTRODUCTION
This article describes the detection and deployment guidance for the security release that is dated March 14, 2006.

As part of an ongoing commitment to provide detection tools and deployment recommendations for security updates, Microsoft is delivering this detection and deployment guidance for all updates that are released during a Microsoft Security Response Center (MSRC) release cycle. This guidance contains recommendations that are based on the types of scenarios that may apply to various Microsoft operating system environments.

This guidance includes information about the use of the following tools:
 * Windows Update
 * Microsoft Update
 * Office Update
 * Microsoft Baseline Security Analyzer (MBSA)
 * Office Detection Tool (ODT)
 * Security Update Inventory Tool (SUIT) for Microsoft Systems Management Server (SMS) 2.0
 * Inventory Tool for Microsoft Updates (ITMU) for Microsoft SMS 2003
 * Extended Security Update Inventory Tool
 * Enterprise Scan Tool (EST)
 * Software Update Services (SUS)
 * Windows Server Update Services (WSUS)

Currently, the guidance in this article does not apply to 64-bit Itanium-based operating systems or to 64-bit x64-based operating systems. Microsoft is looking to add this information in future releases of this guide.

<div class="moreinformation_section">

Environments that detect and deploy security updates by using Windows Update, Microsoft Update, and Office Update
All security updates that were released on March 14, 2006 are available through the following Web sites.

Microsoft Windows Update Web site

http://update.microsoft.com/windowsupdate

Products that are supported by this Web site:
 * Microsoft Windows Server 2003
 * Microsoft Windows XP
 * Microsoft Windows 2000

Microsoft Update Web site

http://update.microsoft.com/microsoftupdate

Products that are supported by this Web site:
 * Microsoft Windows Server 2003
 * Microsoft Windows XP
 * Microsoft Windows 2000
 * Microsoft Office
 * Microsoft Exchange
 * Microsoft Internet Security and Acceleration Server 2004
 * Microsoft SQL Server

Office Update Web site

http://officeupdate.microsoft.com

Products that are supported by this Web site:
 * Microsoft Office 2003
 * Microsoft Office XP
 * Microsoft Office 2000

Mactopia Web site

http://www.microsoft.com/mac/

Products that are supported by this Web site:
 * Microsoft Office 2004 for Mac
 * Microsoft Office v. X for Mac
 * Microsoft Office 2001 for Mac

Note Not every update is available on every one of these Web sites.

Environments that detect security updates by using MBSA 2.0 or MBSA 1.2.1
If you use Microsoft Baseline Security Analyzer (MBSA) 2.0 or MBSA 1.2.1 to detect security updates, you can detect most of the security updates that were released on March 14, 2006.

Note MBSA 1.2.1 contains an integrated version of Office Detection Tool (ODT). The ODT part of MBSA 1.2.1 is limited to local scans only.
 * MBSA 2.0 does not detect or deploy security update 905413 for the following products:
 * Office 2000 and associated Multilingual User Interfaces (MUIs)
 * Works Suite 2003, Works Suite 2002, Works Suite 2001, and Works Suite 2000
 * Office v. X for Mac and Office 2004 for Mac are not supported by MBSA 2.0 or MBSA 1.2.1.

Environments that detect and that deploy security updates by using Software Update Services or Windows Server Update Services
If you use Software Update Services (SUS) or Windows Server Update Services (WSUS) to detect and to deploy security updates, you can detect most of the security updates that were released on March 14, 2006.
 * SUS does not support security update 905413. SUS was not designed to support the updating of any Office products.
 * WSUS does not detect or deploy security update 905413 for the following products:
 * Any version of Works Suite
 * Office 2000

Environments that detect and that deploy security updates by using SUIT for SMS 2.0 or ITMU for SMS 2003
If you use Inventory Tool for Microsoft Updates (ITMU) for SMS 2003 or Security Update Inventory Tool (SUIT) for SMS 2.0 to detect and to deploy security updates, you can detect and deploy all security updates that were released on March 14, 2006.

Some security updates may be fully detected by using SUIT for SMS 2.0 only if you use the latest cumulative Extended Security Update Inventory Tool. To obtain this tool, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2C93DA1D-48A0-4E5C-991F-87E08954F61B&displaylang=en

Summary of detection and deployment guidance
The following table summarizes the detection and deployment guidance for each new security update.

Note For more information about partial detection or deployment for a certain tool, see the applicable section earlier in this article.

Re-released security updates
There are no security updates that are being re-released this month.

Frequently asked questions
Q1: What is Microsoft doing to provide guidance about how to deploy these updates?

A1: Microsoft encourages system administrators to join the monthly technical webcast to learn more about security updates. The webcast for this security update airs on March 15, 2006 at 11:00 A.M. (Pacific Time). To register, visit the following Microsoft Web site:

http://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-US&EventID=1032290677&EventCategory=4

Q2: Is EST also cumulative like the Extended Security Update Inventory Tool is for SMS?

A2: No, Enterprise Scan Tool (EST) is not cumulative. There are no plans to make EST cumulative.

Q3: Can I use MBSA to determine whether these updates are required?

A3: Yes, you can use MBSA 2.0 and MBSA 1.2.1 to fully detect the need for the following security updates that were released on March 14, 2006, except where noted:

For more information about the programs that MBSA currently does not detect, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer 1.2.1 (MBSA) returns note messages for some updates

895660 Microsoft Baseline Security Analyzer 2.0 is available

Q4: Which security updates require that I use EST together with MBSA to identify vulnerable systems on my network?

A4: No security updates released on March 14, 2006 require EST for detection.

Q5: Can I use SMS to determine whether the updates are required?

A5: Yes. SMS helps detect and deploy these security updates. SMS 2003 and SMS 2.0 together with SUIT use MBSA 1.2.1 technology for detection. Therefore, SMS 2003 and SMS 2.0 together with SUIT have similar limitations as does MBSA 1.2.1. For more information about SMS, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/default.mspx

SUIT together with the Extended Security Update Inventory Tool are required for detection of all the security updates on Microsoft Windows and on other affected Microsoft products. For more information about the limitations of SUIT, click the following article number to view the article in the Microsoft Knowledge Base:

306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

Alternatively, you can use ITMU for SMS 2003 to detect and deploy these security updates. ITMU uses technology from Microsoft Updates. For more information, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/sms/bb676783.aspx

Keywords: kbexpertiseadvanced kbhowto kbinfo KB916557

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.