Microsoft Updates

[Alan]

Microsoft Updates out today. No problem - but you have to restart your
pc.

Well, I sure didn't rush to install the Cumulative Security Update for
Outlook Express (923694).

Besides the fact that in the actual KB it's listed as "Important" rather
than "Critical," which one might expect in a "High-Priority" category
(although isn't that how so many unsuspecting users ended up download the
wonderful IE7? :> ), there are these various caveats:

Alan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express (923694)
Published: December 12, 2006

Version: 1.0

Summary
Who Should Read this Document: Customers who use Microsoft Outlook Express

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest
opportunity

Security Update Replacement: This bulletin replaces several prior security
updates. See the frequently asked questions (FAQ) section of this bulletin
for the complete list.

Caveats: Microsoft Knowledge Base Article 923694 documents the currently
known issues that customers may experience when they install this security
update. The article also documents recommended solutions for these issues.
For more information, see Microsoft Knowledge Base Article 923694.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And here's what Knowledge Base Article 923694 has to say:

MS06-076: Cumulative security update for Outlook Express
View products that this article applies to.
Article ID : 923694
Last Review : December 12, 2006
Revision : 1.0
On This Page

INTRODUCTION

Known issues with this security update
INTRODUCTION
Microsoft has released security bulletin MS06-076. The security bulletin
contains all the relevant information about the security update. This
information includes file manifest information and deployment options. To
view the complete security bulletin, visit one of the following Microsoft
Web sites: . Home users:

http://www.microsoft.com/athome/security/update/bulletins/200612.mspx
(http://www.microsoft.com/athome/security/update/bulletins/200612.mspx)
.. IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx
(http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx)

Back to the top

Known issues with this security update
.. After you install this security update, you might receive an error message
when you try to start Microsoft Outlook Express or when you try to open the
Windows Address Book (WAB).

For more information, click the following article number to view the article
in the Microsoft Knowledge Base:
917288 (http://support.microsoft.com/kb/917288/) Error message when you open
the Windows Address Book or you open Outlook Express after you install
cumulative security update 911567 (MS06-016)

 

[Randy Knobloch]

:

Corrected link:
news://msnews.microsoft.com/microsoft.public.windowsupdate

Randy needs some sleep.<g>

I did, Bob - noted your link and a thousand apologies for the poorly
posted URLs.

Regards,

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.

 

[Donald Anadell]

Hi Occam,

Maybe there is a glitch in your Thunderbird News Reader

All the information you needed to know (from the site Bob posted) was the
following information in the "APPLIES TO" section at that site:

"Microsoft Windows XP Service Pack 2"

If you are running this OS then the patch (KB925398) applies to you.

If you are looking for a more detailed history of the Windows Media Player,
and why the 6.4 version of the Player is installed with all Windows XP
installations, then this link might be of interest to you:
http://en.wikipedia.org/wiki/Media_Player
http://en.wikipedia.org/wiki/Windows_Media_Player

Donald Anadell

 

[Guest]

Well, I sure didn't rush to install the Cumulative Security Update for
Outlook Express (923694).

Besides the fact that in the actual KB it's listed as "Important" rather
than "Critical," which one might expect in a "High-Priority" category
(although isn't that how so many unsuspecting users ended up download the
wonderful IE7? :> ), there are these various caveats:

Alan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express (923694)
Published: December 12, 2006

Version: 1.0

Summary
Who Should Read this Document: Customers who use Microsoft Outlook Express

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest
opportunity

Security Update Replacement: This bulletin replaces several prior security
updates. See the frequently asked questions (FAQ) section of this bulletin
for the complete list.

Caveats: Microsoft Knowledge Base Article 923694 documents the currently
known issues that customers may experience when they install this security
update. The article also documents recommended solutions for these issues.
For more information, see Microsoft Knowledge Base Article 923694.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And here's what Knowledge Base Article 923694 has to say:

MS06-076: Cumulative security update for Outlook Express
View products that this article applies to.
Article ID : 923694
Last Review : December 12, 2006
Revision : 1.0
On This Page

INTRODUCTION

Known issues with this security update
INTRODUCTION
Microsoft has released security bulletin MS06-076. The security bulletin
contains all the relevant information about the security update. This
information includes file manifest information and deployment options. To
view the complete security bulletin, visit one of the following Microsoft
Web sites: . Home users:

http://www.microsoft.com/athome/security/update/bulletins/200612.mspx
(http://www.microsoft.com/athome/security/update/bulletins/200612.mspx)
.. IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx
(http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx)

Back to the top

Known issues with this security update
.. After you install this security update, you might receive an error message
when you try to start Microsoft Outlook Express or when you try to open the
Windows Address Book (WAB).

For more information, click the following article number to view the article
in the Microsoft Knowledge Base:
917288 (http://support.microsoft.com/kb/917288/) Error message when you open
the Windows Address Book or you open Outlook Express after you install
cumulative security update 911567 (MS06-016)

Yes Alan, and that same KB article clearly explains that if you have this
problem, you really had it all along, as stated in the following 'Cause"
section. So not installing is simply delaying the inevitable in this case and
continuing your lack of knowledge.

"Most of the time, these symptoms are caused by a corruption in the Address
Book. Frequently, the corruption occurs over time in address books that were
created in older versions of Outlook Express. Earlier versions of Outlook
Express did not detect this corruption, and the address book functionality
was not affected. After you install cumulative security update 911567,
Outlook Express examines each address book file for corruption. If Outlook
Express detects corruption, you receive an error message."

And since the same KB article contains a 'Resolution' section explaining how
to fix the address book corruption if it exists, there's really no reason to
wait at all.

And there's still nothing significant wrong with IE 7, except that it may
expose problems that already exist on the system. This is exactly the same as
above, you'll never know until you perform the installation, but you can
worry about it for months beforehand.

It's reasonable to wait until you have the time to either backout or resolve
problems that might exist with any update. It's not really worth spending
weeks worrying over them before taking the chance however. Note that even if
1 in 1000 installs had significant issues (unlikely), the other 999 would be
getting better sleep if they just enable Automatic Updates and forget about
it. Remember, you can simply uninstall if something isn't working right,
since major failures are extremely rare and only likely if problems were
already evident.

I just had to back out an XP SP2 update the other day that was aborted
before completion, not because it went bad, but because of a software
compatibility issue with some old software. Even though the update failed due
to the user's manual (Ctrl-Alt-Del) abort and was left in an indeterminate
state, I was simply able to reboot and uninstall via Add/Remove programs
successfully. The robust ability of Windows to tolerate such a situation even
had me amazed, reminding me that my analytical mind sometimes makes me more
paranoid than is really useful.

Bitman

 

[Alan]

Hi Bitman,

I'm sure you're correct when you say "the KB article contains a 'Resolution'
section explaining how to fix the address book corruption if it exists, and
there's really no reason to wait at all." One big problem -- when I read
various Microsoft KB articles -- is that they go on and on, and a user needs
to really dig into what the article is stating.

Additionally, many KB articles reference other KB articles, so that a user
has to really, really want to investigate further. Too many Microsoft (and
to be fair, other software and hardware companies do the same thing)
articles remind me of the old legalese-type contracts that use terms like
"the party of the first part, and "incorporating by reference."

My eyes tend to glaze over....and I'm a retired IT person. I can only
imagine what a relatively non-sophisticated user thinks when he/she reads
some of these articles.

Alan

 

[Guest]

Hi Alan,

Ah, that explains it. Only an old IT person would bother to read any of
this, the others happily click install or just let Automatic Updates do it
for them. Only those who've been scared by horror stories from IT people or
wannabes turn these off and don't ever update anything, paralyzed by an
irrational fear of the entirely wrong thing.

Though I do tend to read some of the update articles, I can't recall the
last time I decided not to install one. I don't always install optional
updates, but that's usually because they just don't apply to my PC at all.
The last time I saw an update that really created a problem was back about
2002, though I don't often have the obscure software that usually causes the
issues.

The funny thing is that the paranoid people almost never have the issues,
primariliy because they don't tend to do the stupid things that cause the
issues in the first place, like installing useless garbage or performing
'tweaks' recommended by half-wit web sites. At the same time many IT
departments put procedures in place to test updates and verify compatibility,
Microsoft improved their update testing and deployment to avoid many of the
past issues.

Since almost all MS updates today have an easy backout, I just give myself
enough time to do that if it's required. Then I can take the time to research
the specific problem and either remove the offending software or perform
whatever fix is necessary. Again, I really can't remember the last time I had
to do this, other than when it was caused by others like the recent XP SP2
situation.

Bitman

 

[Alan]

Hi Bitman,

I generally even read the directions when I buy any product, even if
"assembly is NOT required."

It's funny that you mention SP2 for XP. I downloaded and installed it as
soon as it was released -- and I never had any problem whatsoever. I used to
read all the complaints about SP2 in the XP.general newsgroup, and I used to
wonder how those klutzes managed to mess up a flawless install. :>

Alan

 

[Guest]

Alan,

Yes, reading directions is in our DNA I'm sure.

As for SP2, it's now such an aggressive installation that there is no option
to suppress it in Windows Update. Unfortunately, in this specific case the
organization has an old ERP application that doesn't work properly if SP2 has
been installed.

I only became aware of this situation when this happened, since I just began
working with the company a few weeks ago. You can guess what I'll be doing
next week, finding out what really causes this and how to get rid of the
issue. I can't believe they've allowed it to fester for this long, apparently
having gone through the same SP2 install/uninstall in the past. Some people
must like to get paid for an encore, I prefer to fix it the first time.

Bitman

 

[Alan]

What you said reminds me of what I always would say to my users when they
apologized for "bothering me," when their computers or applications didn't
work and they asked me to fix things for them.

I would tell them if everything about a computer or a piece of software
worked perfectly all the time, I'd be out on the street selling pencils and
asking for spare change.

Alan