The Hotfix Depot


Recommended Posts

Microsoft Security Advisory (927892)

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Published: November 3, 2006

Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.

Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker?s Web site to be at risk. We will continue to investigate these public reports.

Link to comment
Share on other sites

KB920213: A security issue has been identified in MSAgent that could allow an attacker to compromise your Windows-based system and gain control over it. Download

Windows 2000 SP4 - Windows XP SP2 - Windows Server 2003

KB923789: Security issues have been identified in Macromedia Flash Player from Adobe that could allow an attacker to compromise a Windows-based system and gain control over it. Download:

Windows XP SP2

KB923980: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. Download:

Windows 2000 SP4 - Windows XP SP2 - Windows Server 2003

KB924270: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. Download:

Windows 2000 SP4 - Windows XP SP2

Link to comment
Share on other sites

KB920213: A security issue has been identified in MSAgent that could allow an attacker to compromise your Windows-based system and gain control over it. Download

Windows 2000 SP4 - Windows XP SP2 - Windows Server 2003

Replaces MS05-032!

KB923789: Security issues have been identified in Macromedia Flash Player from Adobe that could allow an attacker to compromise a Windows-based system and gain control over it. Download:

Windows XP SP2

Replaced by Flash Player 7/8/9

KB923980: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. Download:

Windows 2000 SP4 - Windows XP SP2 - Windows Server 2003

Replaces MS05-046 on XP SP2 only!

KB924270: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. Download:

Windows 2000 SP4 - Windows XP SP2

Replaces MS06-040!

Also, you're missing MS06-071, the MSXML Updates. These updates for MSXML4/6 replace MS06-061.

MSXML4 SP2

MSXML6 RTM

the_guy

Link to comment
Share on other sites

I really don't see how we can include Internet Explorer 7.

Windows Media Player 11 of course is an other story, since you can install it the 'administrative way' (no fancy installer, just the usual hotfix installer). I'm not sure if Microsoft considers this to be illegal (there's no hacked/patched/whatever files involved).

Link to comment
Share on other sites

Hi,

I really don't see how we can include Internet Explorer 7.

Why?

You don't need hacked or patched files for IE7 either. The IEAK for IE7 produces a perfectly good installer which seems to be working well for me. I have such an installer in my own copy of APXP and it seems to be working fine, even when the PC is offline.

To be honest there was nothing really wrong with the standard IE7 installer however I was hoping that the IEAK would allow you to skip validation but I have not had the opportunity to test this aspect as yet.

The main issue is sorting out all of the other updates included within AP for IE6 and WMP 9/10 which are longer required when you install those newer versions. There is a lot of unticking of updates when you choose to install IE7 or WMP11.

If the WMP10 and it's updates had been placed in their own section, as I suggested some time ago, it would be a lot simpler to include WMP11 now.

For the record here are the install switches I am using:

WMP11: "Module:\wmp11-windowsxp-x86-enu.exe" /q:A /c:"setup_wm.exe /Q /R:N /P:#e /DisallowSystemRestore /SetWMPAsDefault"

and

IE7: Module:\IE7-WindowsXP-x86-enu.exe /passive /update-no /norestart

If you use the IEAK version of the IE7 installer this is switch-less as the options you wish to use are included in the installer itself.

I am still working on Windows Defender and applying it's updates to this following installation requires terminating some processes before they can be applied correctly.

Kind Regards

Simon

Edited by PsiMoon314
Link to comment
Share on other sites

Could you give some more info? I tried googling and found nothing about it.

Not so much but if you take a look at digital signatures you will se November 8, for both IE7 and WMP11.

Link to comment
Share on other sites

Hi,

I am not sure how true it is but the threads I have seen on the IE7 updates elsewhere seem to be indicating that the Validation Detection modules within IE7 are being updated.

By my count we are now on the third updated release of IE7, unless something has happened in the last 24 hours or so.

Kind Regards

Simon

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.