CAPICOM UPDATE KB 931906

[Rod Davies]

Hi

Another Windows Update peculiarity??? In addition to my recent post re
having successfully downloaded and installed the same Update - KB943411 -
on Jan 9 AND Feb 9 this year, now my wife's PC has the above SECURITY Update
listed as IMPORTANT and installed successfully yesterday on her Vista Home
Premium PC, and 12 new updates today.

But whilst MY PC has the 12 from today, but NO Update KB 931906 listed
yesterday or today and NO updates waiting to be downloaded. My Vista Home
PRemium PC is UP to date with no new updates.

Why would her PC have required this and not mine do you think?

It IS listed on MS support page as a MAY 2007 Security Update.

http://www.microsoft.com/protect/computer/updates/bulletins/200705.mspx

Again, IT is NOT listed on MY PC as an installed update, BUT WAS downloaded
and installed on my wife's yesterday. Again, why not on mine? AND how/why
did her PC all of a sudden, a few months after install, decide it needed
this MAY 2007 update? Should I worry about my PC NOT having it?

Rgds
Rod
Perth

 

[PaulB]

That is a really old update from May of 2007. Are you sure you don't have it?

http://www.microsoft.com/downloads/...18-4a66-4da6-a6c5-206df13af316&DisplayLang=en

 

[Rod Davies]

No I definately do not have it....should I worry?

Rgds
Rod

 

[Joe Morris]

[snippage and reordering]

But whilst MY PC has the 12 from today, but NO Update KB 931906 listed
yesterday or today and NO updates waiting to be downloaded. My Vista
Home
PRemium PC is UP to date with no new updates. [...]
Again, IT is NOT listed on MY PC as an installed update, BUT WAS
downloaded
and installed on my wife's yesterday. Again, why not on mine? AND
how/why
did her PC all of a sudden, a few months after install, decide it needed
this MAY 2007 update? Should I worry about my PC NOT having it?

That is a really old update from May of 2007. Are you sure you don't have
it?

No I definately do not have it....should I worry?

K931906 (MS07-028) is an update to the crypto API for Windows, addressing a
remote code execution vulnerability. The oddity about the feature is that it
isn't part of the base Windows product, and the prime file (capicom.dll) may
be installed by any application (from Microsoft or a third-party vendor)
that needs it, and might be placed in any folder. The patch puts the
updated copy in a standard location and makes appropriate entries in the
Registry.

If you don't have the CAPICOM.DLL file on your system, you don't need the
update. What can happen is that a computer doesn't need the patch when it
was released in last May's "Patch Tuesday" fun, but at some later time the
user might install an application that brings with it a downlevel copy of
the DLL file...and thus triggers the need for MS07-028.

Having said that, my experience with the patch is that its "am I needed?"
logic isn't the best. if you install the patch it seems to do what it
should, but the Microsoft-provided XML that drives the installation tests
doesn't seem to always trigger installation when an unpatched version is
present. (I've squawked this up the line, and received the expected
response: none.)

Joe Morris