Why is MS04-011 (KB835732) not included in current MS05-05X updates?

[Andreas Eibach]

Is there any technical explanation for the necessity of this "old"
patch?

MS04-011 patches an *extremely* critical security hole, the Sasser worm.
I think Microsoft would not require too much effort to include the
Sasser worm patch into one of the forthcoming MS05-05X or -06X.
The RPC/DCOM exploit patch MS03-039 (824146) is replaced too now, so ...

MS's patches are usually nothing but a wagonload of system files (DLLs,
SYS ... ) replaced, anyhow..

-Andreas

 

[Roger Abell [MVP]]

Andreas,

Is there something specific that you have in mind??
Ms04-011 was issued for some OS+service-pack combinations
for which patches are not currently issued and so the ms04-011
patches as released may be of use to some people forced to be
at those versions.
But, as a general rule, if a system file is updated by a later patch
the base is taken as the latest version and so will include previously
released patches for the system file. If no later patch (or for many
of the versions touched by ms04-011 it is later service packs or
the update rollup for W2k) updates all of the files in an earlier patch
then that patch will still be needed. For example, ms04-011 was
not issued for XP SP2 and is not needed on XP if at SP2.

 

[Torgeir Bakken \(MVP\)]

Hi,

Because non of the newer security updates have updated all the files
that MS04-011 includes.

But it is included in the Update Rollup 1 package:

Update Rollup 1 for Windows 2000 SP4
http://support.microsoft.com/kb/891861

 

[Andreas Eibach]

Ms04-011 was issued for some OS+service-pack combinations
for which patches are not currently issued and so the ms04-011
patches as released may be of use to some people forced to be
at those versions.
But, as a general rule, if a system file is updated by a later patch
the base is taken as the latest version and so will include previously
released patches for the system file.

Sure thing, but unfortunately, some of those more recent patches are
"encoded" and it is hard to follow which system file(s) has/have been
replaced this time.
Just as a random example, 840987 has a load of _sfx_000?._p files
inside, which make it a pain to follow what has been updated. It would
have been better to keep up the "traditional" way of just including ALL
updated system files in real, so that it is easier to follow what will
be changed after the update is done.
I can see no obvious reason for MS having changed to this technique of
"encoding" the files.

For example, ms04-011 was
not issued for XP SP2 and is not needed on XP if at SP2.

I know, but I'm on 2000 here.

-Andreas

 

[Roger Abell [MVP]]

I see your point about the newer patching format, which is actually
in ways a throw-back to how most vendors have traditionally done it.
I believe the hot patching was developed to address a few things,
including size on the wire issues (now that MS is keeping something
on order of half billion installed updated via Microsoft Update, etc..)

I would hope that as use of this evolves we may get a tool that will
assist in reviewing the on-machine manifest of applied patches and
resulting file revision levels.

XP SP2 was poor choice for ms04-011 example. Perhaps I should
have used the Update Rollup 1 for W2k.