Ms06-003

[Guest]

Hello!
I have a question about the new patch 06-003 "Vulnerability in TNEF Decoding
in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution
(902412)"

If I have Exchange 2003 and Outlook 2003 Sp1 då I need the patch?
Regards Malin

 

[Daniel Crichton]

Malin wrote on Tue, 10 Jan 2006 22:55:02 -0800:

Hello!
I have a question about the new patch 06-003 "Vulnerability in TNEF
Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote
Code Execution (902412)"

If I have Exchange 2003 and Outlook 2003 Sp1 då I need the patch?

Outlook 2003 is. Exchange 2003 doesn't appear to be - Exchange 2003 SP1 and
SP2 are on the non-affected software list.

Dan

 

[JC]

Malin wrote on Tue, 10 Jan 2006 22:55:02 -0800:


Outlook 2003 is. Exchange 2003 doesn't appear to be - Exchange 2003 SP1 and
SP2 are on the non-affected software list.

Interesting - I have Outlook 2003 sp2 here and the Microsoft Update site didn't
offer this update. I did get KB892843 but not 902412.

 

[Daniel Crichton]

JC wrote on Wed, 11 Jan 2006 22:57:35 +1100:

Interesting - I have Outlook 2003 sp2 here and the Microsoft Update site
didn't offer this update. I did get KB892843 but not 902412.

902412 is the MS06-003 overall KB article. KB892843 is the article for the
specific fix for Outlook 2003 included in MS06-003.

http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx

That's why you got KB892843 and not KB902412 - KB902412 itself isn't a
patch.

Dan

 

[JC]

JC wrote on Wed, 11 Jan 2006 22:57:35 +1100:



902412 is the MS06-003 overall KB article. KB892843 is the article for the
specific fix for Outlook 2003 included in MS06-003.

http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx

That's why you got KB892843 and not KB902412 - KB902412 itself isn't a
patch.

Hi Dan

Thanks for the explanation. I was going to leave it another day or so and
then troll the MS web site as I have had problems in the past accessing the KB
articles at the time the updates are released.