MS04-028 Running WindowsXP SP3

  • Thread starter Thread starter denmarfl
  • Start date Start date
I don't know about the PC-Cillan warning, but the Microsoft tool tells you
precisely what to do. The same thing PA, and eventually myself, told you: Go
to Windows Update and/or Office Update (or get both at once with Microsoft
Update.) If it isn't offered by any of the Update sites, it's already been
patched. It's that simple. Downloading and running that patch even told you
that you already have it installed, one way or another. Why is this so
difficult to comprehend?
 
Please understand I really do appreciate your assistance...but not everyone
has the same knowledge and understanding that you have. It appears to me
that the tools are providing contradictory results. The Microsoft tool
agrees with the AV finding, a Vulnerability exists. When you run the patch
it says it has already been installed advising whatever is lacking as to
updates, has been patched and the problem is no longer. Now whereas I can
accept that might be OK as to what the AV displays, that is, ignore the AV
findings based on the Patch advices, I have a more difficult time accepting
it based on the Microsoft Tool Findings, which is, a Vulnerability exists.
Why would the Mocrosoft Detection tool on the one hand show a vulnerability
and then on the other hand 9Patch) show the problem has been corrected with
an already installed patch. Now to my level of knowledge, puting it in those
terms, it is not comprehendable........
 
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates. When you call, clearly state that your problem is related
to a Security Update and cite the update's KB number (e.g., KB833987).

Or...

Free unlimited installation and compatibility support is available for
Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
e-mail support is available only in the United States and Canada. Go to
http://support.microsoft.com/oas/default.aspx?gprid=1173 | select "Windows
XP" then select "Windows XP Service Pack 3"
 
This is the message from the GDI+ Detection Tool. All UPPER CASE indicates
my emphasis, which emphasis is not in the original:

"The software tools has detected that you are running software that MAY
contain a security vulnerability. There are security updates available from
Microsoft that fix this security vulnerability."

That sentence explicitly implies that you are running software that MAY NOT
contain the vulnerability. It is made even more clear in the accompanying
documentation that this would be the case if the system has already been
patched, nullifying the vulnerabilities(s). I see no conflict.

The problem, I think, is that you expect the GDI+ Detection Tool to detect
whether or not the patch has been applied that nullifies the vulnerability.
The tool doesn't do that. It doesn't even detect if any vulnerability
exists. It simply looks to see if you have software that MAY be vulnerable,
(and I'll interject here that you might, for example, have Office XP
installed, but not the specific component of Office that has the
vulnerability). It simply tells you if that software is present, not whether
it actually contains the vulnerability nor whether, IF it has the
vulnerability, it's been patched.

Say you heard about a recall that MAY apply to your car. You go online to
the company's site, you enter your VIN number and it says, "You drive a
vehicle that may have the defective part. There are free replacement parts
available if your part is defective. Follow these instructions to find out
if you have the defective part, and to obtain a replacement if it turns out
that you do. If inspection results in a finding that you do NOT have the
defective part, then you do not need to reinstall the part." The
instructions say to take the vehicle to your dealership and have them
inspect it.

Now, if your specific vehicle just happens to not have the defective part,
there are three plausible reasons I can think of: 1. Only some certain batch
of parts were defective and your vehicle didn't get the part from that
batch. 2. Your dealership replaced the part as part of regular maintenance
and you simply weren't told about it. 3. You *did* have the defective part,
but it was only one component of a larger component that had been replaced,
including the replacement part. (Think "Service Pack".)
 
Back
Top