Q323172 Update trashes Outlook Express, NAV and others

[pcrcs]

My customer downloaded the Q323172 Windows Update
yesterday morning and now the Norton Antivirus is trashed,
Outlook Express will not open, I cannot open the Regedit,
nor will Msconfig open. When I try to run the Restore to
a time previous to this update, there are no choices
available. When I try to uninstall the update it warns me
that a whole bunch of programs will be affected by the
removal of this update. Anyone with ideas on how to undo
this problem that Microsoft has created???

 

[Jonmith]

I'm having exactly the same problem -- I even went to MS website and got
instructions on how to selectively re-install OE, but even that didn't help.

 

[Max Burke]

pcrcs scribbled:

My customer downloaded the Q323172 Windows Update
yesterday morning and now the Norton Antivirus is trashed,
Outlook Express will not open, I cannot open the Regedit,
nor will Msconfig open. When I try to run the Restore to
a time previous to this update, there are no choices
available. When I try to uninstall the update it warns me
that a whole bunch of programs will be affected by the
removal of this update. Anyone with ideas on how to undo
this problem that Microsoft has created???

http://www.microsoft.com/windows2000/downloads/critical/q323172/default.asp

Q323172: Security Update
Posted: August 28, 2002

Read Me First
This update resolves the "Flaw in Digital Certificate Enrolment Component
Allows Certificate Deletion" security vulnerability in Windows 2000.
Download now to help stop a Web site or HTML e-mail from deleting digital
certificates on your computer and preventing you from using the services
they are associated with.




Note the DATE for this security update.

Note the OPERATING SYSTEM for this update.

Note what this security fix is FIXING.

It's NOT a Microsoft mess; It's a USER mess.

Why did they decide that a security update from August 2002 for windows 2000
needed to be installed on a computer running XP in 2004????


Dilbert: Do you suppose that love is the greatest known force in the
Universe?
Dogbert: No, Stupidity is the greatest known force in the universe...

 

[David Qunt]

http://www.microsoft.com/windows2000/downloads/critical/q323172/default
.asp

Q323172: Security Update
Posted: August 28, 2002

Read Me First
This update resolves the "Flaw in Digital Certificate Enrolment
Component Allows Certificate Deletion" security vulnerability in
Windows 2000. Download now to help stop a Web site or HTML e-mail from
deleting digital certificates on your computer and preventing you from
using the services they are associated with.




Note the DATE for this security update.

Note the OPERATING SYSTEM for this update.

Note what this security fix is FIXING.

It's NOT a Microsoft mess; It's a USER mess.

Why did they decide that a security update from August 2002 for
windows 2000 needed to be installed on a computer running XP in
2004????


Dilbert: Do you suppose that love is the greatest known force in the
Universe?
Dogbert: No, Stupidity is the greatest known force in the universe...

LOL!

 

[pcrcs]

Hey, the Q323172 update showed up as the first update in
the list of critical updates FROM Windows Update Service.
If Max is correct, then why is Microsoft recommending a
Windows 2000 two year old fix for a Windows XP?? You say
a user problem, but how many users would have caught
this? How many users will understand what they read in
the brief explanation provided by Microsoft? If they
understand anything at all regarding these damn critical
updates, they understand that they had better accept all
of the critical updates to prevent security holes.
Apparently now you may be telling us that Microsoft's
examination of the computer and it's presentation of the
critical update list is flawed? Why am I not surprised?
Or should I be asking what's the alternative? And going
back to this problem, is there a way to correct this
apparent corruption of the system caused by a wrong update?

 

[Max Burke]

pcrcs scribbled:

Hey, the Q323172 update showed up as the first update in
the list of critical updates FROM Windows Update Service.

You can confirm that it did show up?

If Max is correct, then why is Microsoft recommending a
Windows 2000 two year old fix for a Windows XP??

They/it wouldn't be because
a: it's nearly 2 years old...
b. it's NOT an XP security update...

You say
a user problem,

If they're running XP, and they found this update, and then *somehow*
managed to make is install on a computer running XP the yes it IS a user
problem.

To start with they would/should NOT be able to install it on a computer
running XP.
*Its' a SECURITY UPDATE for WINDOWS 2000!!!!!*

There is a lot more to this 'story' than you know, or than you're telling
us. Your pick.

I beleive that either 'your customer' isn't telling you the full story, or
that you're not telling us the full story.....

Give us some details:
What OS are they running:
Is it XP or Windows 2000?

If it's XP then they should not have tried to load the update on XP; IT
states QUITE CLEARLY that the update is for Windows 2000, and is ONLY NEEDED
if a computer running Windows 2000 is having the problems listed at:
http://www.microsoft.com/windows2000/downloads/critical/q323172/default.asp

If it's Windows 2000, then you posted your request/diatribe to the wrong
news group (this an XP specific newsgroup, try a newsgroup for Windows 2000)
and you need to find out why your customer was trying to install the OLD
update; This update is included in Service Pack 4 for windows 2000.
http://support.microsoft.com/?kbid=327194
so if SP4 has been installed then there was no need to install it at all.

snip rest of 'I've stuffed up, it must be Microsofts problem, I'll blame
them to save my butt' post...


Dilbert: Do you suppose that love is the greatest known force in the
Universe?
Dogbert: No, Stupidity is the greatest known force in the universe...

 

[pcrcs]

Yes, Max, the computer in question is a Dell Dimension
8200 running Windows XP Home (TMX23 8H2H3 27W9H GX6FT
BJ98W). The customer was on the internet when the Windows
Update balloon popped up saying there were critical
updates to download. She checked the first one in the
first list, critical update list, and downloaded it. She
said it only took about 8 minutes, the computer had to be
robooted, then Outlook Express was no longer available,
and Norton Antivirus was gone, and then I found other
errors as well. When I checked the update list in the
Add/Remove list, the only update showing the date of the
problem was the Q323172 hotfix. The customer did not go
look for the fix, she just accepted it from the list, and
being the first in the list, it was first to download. I
had questioned the customer, thinking she had opened an
email and got the download that way. But in reviewing her
steps, it was through the normal update channels. I
checked the system carefully for viruses, and there were
none. So all I can say is it doesn't make sense, but the
customer has always been honest and the steps she repeated
were correct ones.

 

[Max Burke]

pcrcs scribbled:

Yes, Max, the computer in question is a Dell Dimension
8200 running Windows XP Home (TMX23 8H2H3 27W9H GX6FT
BJ98W).

Ummm it is NOT a good idea to be posting XP activation keys in public forums
like this. (It's like giving someone your passwords, PIN number for your
credit card, etc....)

Has it ever had Windows 2000 installed on it? (and been upgraded/downgraded
to XP HE)

The customer was on the internet when the Windows
Update balloon popped up saying there were critical
updates to download. She checked the first one in the
first list, critical update list, and downloaded it.
She
said it only took about 8 minutes, the computer had to be
robooted, then Outlook Express was no longer available,
and Norton Antivirus was gone, and then I found other
errors as well. When I checked the update list in the
Add/Remove list, the only update showing the date of the
problem was the Q323172 hotfix.

Did you log on to the update website and check to see what updates had been
downloaded and *successfully* installed?

MS released a later version of q323172 that does refer to XP (along with
W2000, and NT)
http://support.microsoft.com/default.aspx?kbid=323172


As to OE and Norton no longer being available that is most likely a symptom
of the incorrect update being installed, or this possibility:

<quote>
MS02-048: Flaw in Certificate Enrollment Control May Cause Digital
Certificates to Be Deleted
Applies To
This article was previously published under Q323172
SYMPTOMS
The versions of Microsoft Windows that are listed in the "Applies to"
section of this article include an ActiveX control that is known as the
Certificate Enrollment control. This control is located in the Xenroll.dll
binary. Windows uses this control to allow Web-based certificate enrollments
and to submit PKCS #10-compliant certificate requests. When this control
receives the requested certificate, it stores the certificate in the user's
local certificate store, which is part of the user profile.

The Certificate Enrollment control contains a flaw that may allow a Web
page, by using an extremely complex process, to run the control in a way
that deletes the certificates on a user's system. An attacker who
successfully exploits this vulnerability may be able to delete trusted root
certificates, EFS encryption certificates, e-mail signing certificates, and
any other certificates on the computer, thereby preventing the user from
using these features.

An attack may be carried out in either of the following scenarios:
a.. The attacker may create a Web page that exploits the vulnerability,
and then host this page on a Web site to attack users who visit this site.

b.. The attacker may send the page as an HTML e-mail message as a way to
attack the recipient.

http://support.microsoft.com/default.aspx?kbid=323172
<end quote>

There is a slight possibility that her computer was 'attacked' and the
certificates (refered to above) where deleted thereby removing access to OE.
Norton, etc.

 

[pcrcs]

Max, as to the possibility of Dell having Windows 2000 on
this Dimension earlier it is unknown, however this
Dimension was brand new and direct from Dell, not a
refurb. So I would expect it to have only had the XP.
Thanks for the suggestions. I will take a look at the
updates and what has/hasn't been updated and go from
there. Temporarily I have PcCillin working in place of
Norton, and Incredimail in place of Outlook Express, so
the customer can complete their projects, then I can
tackle the problem.