Issue with update 923689

[Harry Johnston]

Hi,

There appears to be a problem with update 923689 (MS06-078, for Windows XP).

If I integrate the update into the Windows XP SP2 install media before
installing the OS, and then run QFECHECK, it reports:

KB923689: This hotfix should be reinstalled.



The following files are not valid in the system catalog:

C:\WINDOWS\SYSTEM32\WMVCORE.DLL

Anyone know where I should go with this?

Harry.

 

[Guest]

Hi there,

Check out this link

http://www.mcse.ms/message2362226.html

Hope this will solve the problem

Arun Raveendran

 

[Harry Johnston]

Check out this link

http://www.mcse.ms/message2362226.html

That doesn't seem to have any relevance to the issue I describe. If you believe
the issues are related, could you please explain in more detail?

Harry.

 

[Guest]

Hey there,

My apologies..

That link was referring to directly updating the system using the update file.

I found the following link which may help you.

http://support.microsoft.com/default.aspx/kb/923689/en-us

It refers to the point that the windows media runtime version may not be
compatible with this update..

Some newsgroups also mention that if the latest version of windows media
player is installed, i.e., windows media player 11., then the problem goes
away..

Hope this helps

Arun Raveendran


<

 

[Harry Johnston]

I found the following link which may help you.

http://support.microsoft.com/default.aspx/kb/923689/en-us

It refers to the point that the windows media runtime version may not be
compatible with this update..

Nope, that only applies to Windows 2000.

Some newsgroups also mention that if the latest version of windows media
player is installed, i.e., windows media player 11., then the problem goes
away..

Naturally (because that version does not contain the vulnerability in question)
but that doesn't change the fact that the update isn't working properly.

I guess I'll have to try phoning Microsoft support. (I can just picture trying
to explain the problem over the phone ... it ain't a pretty sight!)

Harry.

 

[Harry Johnston]

I guess I'll have to try phoning Microsoft support. (I can just picture
trying to explain the problem over the phone ... it ain't a pretty sight!)

Actually that wasn't too bad, but the outcome was that Microsoft "don't provide
support for slipstreaming updates". They weren't even able to file a bug report
with the developers.

I guess I'll just have to resort to the same technique I used the last time an
update failed to slipstream successfully - "putting up with it until the faulty
update is superceded"!

It really is disappointing that I can't even report the bug, never mind get it
fixed. Oh well, at least the problem is easy to work around in this case; we
just need to install the patch (or update WMP) as part of the post-install
process. This vulnerability can't be exploited without user interaction.

What really worries me is what is going to happen when a faulty security update
is released whose associated vulnerability can be exploited *without* user
interaction. The only safe way to install Windows will be to physically
disconnect the box first - not the best situation if you've got hundreds of
machines to install!

Harry.