KB833987

[Guest]

Has anybody out there tried to install KB833987 on their run-time? (Of course
with desktop QFE installer component built in)? This is the GDI flaw patch,
and is rated critical.

The KB/QFE is designed for XP Pro, (not XPE specifically), however I am
getting mixed results on RECENT (not pre May 11) XP Pro KB's with the QFE
installer tool in place as well. Some work, some do not (the heavilty
discussed crytographic problem). Will a corresponding patch for XPe be issued
for this GDI issue? Is it safe to assume that ALL XP Pro based QFE's will
have a corresponding and/or workable version for XPe runtimes?

I am beginning to wonder as to the purpose of the QFE Installer Tool if
"most" XP Pro QFE's as of late seem to fail (the old cryptographic issue) on
XPe runtimes.

Your thoughts please?

 

[Jon Fincher [MS]]

Has anybody out there tried to install KB833987 on their run-time? (Of
course with desktop QFE installer component built in)? This is the GDI
flaw patch, and is rated critical.

The KB/QFE is designed for XP Pro, (not XPE specifically), however I
am getting mixed results on RECENT (not pre May 11) XP Pro KB's with
the QFE installer tool in place as well. Some work, some do not (the
heavilty discussed crytographic problem). Will a corresponding patch
for XPe be issued for this GDI issue? Is it safe to assume that ALL XP
Pro based QFE's will have a corresponding and/or workable version for
XPe runtimes?

We became aware of this problem late in our QFE release process. We are
working to resolve it as quickly as possible.

Not all XP Pro based QFE's will have an XPE version, but all security
bulletins applicable to XPE will be made available in both runtime and
database update formats.

I am beginning to wonder as to the purpose of the QFE Installer Tool
if "most" XP Pro QFE's as of late seem to fail (the old cryptographic
issue) on XPe runtimes.

"Most" is not an accurate term. To my knowledge, since May 11, there
have been three (3) desktop updates that did not work with the Desktop
QFE Support component out of a total of thirteen (13) security updates
in that time period. Of those three, one was fixed, one was documented
as not being available, and the third is the most recent GDI+ update.

However, your point about desktop updates not working on DQI enabled
runtimes is valid - the word I have is that the GDI+ update is the last
update to be so affected, and so we should not see this again moving
forward.

 

[Guest]

Jon,

Thank you for the provided clarification. You are certainly corect by saying
that most QFEs DO function appropriately. I did not mean to imply that there
was any sort of fundamental oversight. The issue just seemed to be popping up
more recently, and has generated some frustration. 3 out of 13 is about 23%.
I would say that is somewhat significant. Correct, "most" is not an acurate
term, and for that I apologize.

I am happy to hear that the GDI flaw QFE is forseen as the last affected
update!
This is AWESOME news!

Your timely response is much appreciated.

 

[Guest]

Jon,

I forgot to ask you last time around. You had mentioned that the GDI+ update
is indeed affected, and may likley be the last one with the issue. Will there
be a corrected corresponding Runtime QFE for this, or just the Target
Designer patch (already issued)?

Thank you again for your response.

 

[Jon Fincher [MS]]

Jon,

I forgot to ask you last time around. You had mentioned that the GDI+
update is indeed affected, and may likley be the last one with the
issue. Will there be a corrected corresponding Runtime QFE for this,
or just the Target Designer patch (already issued)?

Thank you again for your response.

Sorry for the long delay - been a while since I've been in the
newsgroups.

Yes, we are working to get a runtime version of the GDI+ QFE ready. No
word on when it will be done, but when it is, I'll post here.

 

[Guest]

Jon,

Thank you. Been a little while for me in the NG's as well..