MS08-038 and KB950582
in [Windows Update]
|
From: Gis Bun on 22 Jan 2009 14:33 If i can add by 2.5 cents worth here, KB950582 should be released for Windows XP and Server 2003 especially with the W32.Conflicker [?] or W32.Downadup malware floating around. Additionally, this is probably also needed by companies to comply with PCI DSS requirements. It's not even available in the Windows Catalog. Gis "Joan Delgado" wrote: > Hi Eddie > > this info i think is a good info: > > There were two separate issues involved here: > 1) Autorun > 2) Windows Explorer Search - RCE > > #1 Autorun was an advisory which affected XP / WS03 / Vista and was placed > only on the DLC because it was an advisory. > However, the Vista package also contained #2 (Windows Explorer Search – RCE) > and is why it was released via WU / WSUS. > > If you look under the FAQ for MS08-038, you will see it also contains the > following: > > Does this update contain any security-related changes to functionality? > Yes. Besides the changes that are listed in the “Vulnerability Details” > section of this bulletin, this security update also resolves a publicly known > issue with Autorun functionality in Windows Vista and Windows Server 2008 > systems. The update correctly disables the right-click and double-click > behavior controlled by the NoDriveTypeAutorun registry key. This corrects the > issue identified in CVE-2008-0951 on Windows Vista and Windows Server 2008. > For more information on the usage of this registry key, see the TechNet > article, NoDriveTypeAutoRun. > > Hope this helps. > > > -- > Joan Delgado > blog: http://www.onlydifferent.net > > > "Eddie" wrote: > > > Why isn't this patch "important enough" to push the 2k, 2k3 and XP patches to > > WSUS so they are able to be deployed? We are required to push this out to an > > ungodly amount of computers. Can nothing else be done to add these patches? > > If not, is there a way to add it to our WSUS 3.0 server? > > > > "Harry Johnston [MVP]" wrote: > > > > > PA Bear cross-posted something Joan Delgado wrote: > > > > > > >> MS08-038: Vulnerability in Windows Explorer could allow remote code > > > >> execution http://support.microsoft.com/kb/950582/en-us > > > >> > > > >> The customer uses WSUS to apply the updates and they ask me about this > > > >> because this one only apply for Vista and W2k8, but they found this > > > >> update for XP with the same KB. The problem is that WSUS don't show this > > > >> update for XP. > > > > > > It looks as though the Windows XP version of the update is not considered > > > important enough to be released via WSUS, but has received enough testing to be > > > made available via the download center. > > > > > > >> We don't understand why exist an update for xp, 2k3 and 2k if the > > > >> bulletin only apply to Vista and 2k8? > > > > > > As I understand it, the update corrects an issue which exists in all of these > > > Windows versions. However, the issue only creates a security vulnerability on > > > Vista and 2008. > > > > > > There is more information about the 2k/XP/2003 update in KB953252: > > > > > > <http://support.microsoft.com/kb/953252/> > > > > > > http://support.microsoft.com/kb/953252/ > > > > > > Harry. > > >
|
Pages: 1 Prev: WindowsUpdate_8E5E0442 WindowsUpdate_dt000 Next: Windows update problem in Vista |