Parch for VM vuln. (MS03-011) on XPSP2???

I just built a Windows XP SP2 box from scratch:

- WinXP SP1a setup
- Applied SP2
- Installed Office 2003
- Updated XP via Windowsupdate
- Updated Office via Officeupdate
- Installed Sun JRE 1.4.2_05
- Ran windowsupdate again, and showed nothing left to
download.

I now run a scan using MBSA 1.2.1 and it tells me that
the msjava.dll present on the system (5.0.3805.0) is
vulnerable to a system compromise as discussed in MS03-
011.

Of course MS is no longer distributing its own Java VM
version via Windows Update and Microsoft Download, for
various legal reasons (which we don't need to get into).
But this still leaves me with a vulnerable component on
my XP machine (not to mention a massive red cross in
MBSA, which I can't get rid of).

Anyone got any bright ideas on this?

tia,

Oliver

"Oliver Carr" wrote:

> I just built a Windows XP SP2 box from scratch:
>
> - WinXP SP1a setup
> - Applied SP2
> - Installed Office 2003
> - Updated XP via Windowsupdate
> - Updated Office via Officeupdate
> - Installed Sun JRE 1.4.2_05
> - Ran windowsupdate again, and showed nothing left to
> download.
>
> I now run a scan using MBSA 1.2.1 and it tells me that
> the msjava.dll present on the system (5.0.3805.0) is
> vulnerable to a system compromise as discussed in MS03-
> 011.
>
> Of course MS is no longer distributing its own Java VM
> version via Windows Update and Microsoft Download, for
> various legal reasons (which we don't need to get into).
> But this still leaves me with a vulnerable component on
> my XP machine (not to mention a massive red cross in
> MBSA, which I can't get rid of).
>
> Anyone got any bright ideas on this?
>
> tia,
>
> Oliver
>
you can download build 3810 which was the last one from M/S here
http://home.wanadoo.nl/jheroen/VM/index.htm

Greetings --

Microsoft Security Bulletin MS03-011
http://www.microsoft.com/security/s...ns/ms03-011.asp
http://www.microsoft.com/technet/se...n/MS03-011.mspx


Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


"Oliver Carr" <anonymous@discussions.microsoft.com> wrote in message
news:83cd01c48519$c7b4fba0$a401280a@phx.gbl...
>I just built a Windows XP SP2 box from scratch:
>
> - WinXP SP1a setup
> - Applied SP2
> - Installed Office 2003
> - Updated XP via Windowsupdate
> - Updated Office via Officeupdate
> - Installed Sun JRE 1.4.2_05
> - Ran windowsupdate again, and showed nothing left to
> download.
>
> I now run a scan using MBSA 1.2.1 and it tells me that
> the msjava.dll present on the system (5.0.3805.0) is
> vulnerable to a system compromise as discussed in MS03-
> 011.
>
> Of course MS is no longer distributing its own Java VM
> version via Windows Update and Microsoft Download, for
> various legal reasons (which we don't need to get into).
> But this still leaves me with a vulnerable component on
> my XP machine (not to mention a massive red cross in
> MBSA, which I can't get rid of).
>
> Anyone got any bright ideas on this?
>
> tia,
>
> Oliver

Bruce,

MS03-011 says the following:

• The patch is available to update existing Microsoft VMs via the Windows
Update web site.

But MS is no longer distributing this package via WU... See the problem?
Isn't there an "official" resolution to this issue?

Oliver

"Bruce Chambers" wrote:

> Greetings --
>
> Microsoft Security Bulletin MS03-011
> http://www.microsoft.com/security/s...ns/ms03-011.asp
> http://www.microsoft.com/technet/se...n/MS03-011.mspx
>
>
> Bruce Chambers
> --
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH
>
>
> "Oliver Carr" <anonymous@discussions.microsoft.com> wrote in message
> news:83cd01c48519$c7b4fba0$a401280a@phx.gbl...
> >I just built a Windows XP SP2 box from scratch:
> >
> > - WinXP SP1a setup
> > - Applied SP2
> > - Installed Office 2003
> > - Updated XP via Windowsupdate
> > - Updated Office via Officeupdate
> > - Installed Sun JRE 1.4.2_05
> > - Ran windowsupdate again, and showed nothing left to
> > download.
> >
> > I now run a scan using MBSA 1.2.1 and it tells me that
> > the msjava.dll present on the system (5.0.3805.0) is
> > vulnerable to a system compromise as discussed in MS03-
> > 011.
> >
> > Of course MS is no longer distributing its own Java VM
> > version via Windows Update and Microsoft Download, for
> > various legal reasons (which we don't need to get into).
> > But this still leaves me with a vulnerable component on
> > my XP machine (not to mention a massive red cross in
> > MBSA, which I can't get rid of).
> >
> > Anyone got any bright ideas on this?
> >
> > tia,
> >
> > Oliver
>
>
>

MAP,

thanks for that. That'll help me for the moment.

I however can't believe that MS isn't able to provide a resolution to this
issue themselves at the moment.

Oliver

"MAP" wrote:

>
>
> "Oliver Carr" wrote:
>
> > I just built a Windows XP SP2 box from scratch:
> >
> > - WinXP SP1a setup
> > - Applied SP2
> > - Installed Office 2003
> > - Updated XP via Windowsupdate
> > - Updated Office via Officeupdate
> > - Installed Sun JRE 1.4.2_05
> > - Ran windowsupdate again, and showed nothing left to
> > download.
> >
> > I now run a scan using MBSA 1.2.1 and it tells me that
> > the msjava.dll present on the system (5.0.3805.0) is
> > vulnerable to a system compromise as discussed in MS03-
> > 011.
> >
> > Of course MS is no longer distributing its own Java VM
> > version via Windows Update and Microsoft Download, for
> > various legal reasons (which we don't need to get into).
> > But this still leaves me with a vulnerable component on
> > my XP machine (not to mention a massive red cross in
> > MBSA, which I can't get rid of).
> >
> > Anyone got any bright ideas on this?
> >
> > tia,
> >
> > Oliver
> >
> you can download build 3810 which was the last one from M/S here
> http://home.wanadoo.nl/jheroen/VM/index.htm

Greetings --

It used to be available via Windows Update. Oh well, you can get
it here:
http://www.softwarepatch.com/windows/javavm.html

Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


"Oliver Carr" <OliverCarr@discussions.microsoft.com> wrote in message
news:F029AA62-E441-4AB4-9BDD-D1902A4343F9@microsoft.com...
> Bruce,
>
> MS03-011 says the following:
>
> . The patch is available to update existing Microsoft VMs via the
> Windows
> Update web site.
>
> But MS is no longer distributing this package via WU... See the
> problem?
> Isn't there an "official" resolution to this issue?
>
> Oliver
>