Why isn't KB935448 a re-release of MS07-008?

G

Guest

More precisely, why isn't the security patch referred to by KB935448 treated
as a re-release of the XP SP2 security patch referred to by MS07-008? Sure,
it fixes no new vulnerabilities; if you've already installed MS07-008 and are
having no problems with it (such as installing the XP SP2 patch referred to
by MS07-017), then there is no security concern to address by installing the
new patch (the patch currently available from KB935448).

If you have installed the security patch referred to by MS07-017, and now
have a "The system DLL user32.dll was relocated in memory." message, you
should read the 935448 knowledge base article. The 935448 package replaces
hhctrl.ocx.

As I read this, it looks like XP SP2 users who have installed MS07-008 and
MS07-017 and have one or more of a list of products installed, find they
should replace hhctrl.ocx with a patch referred to by 935448.

This seems a lot like a re-release of MS07-008. We've seen that before;
we've seen patches re-released even though there is no security benefit to
the new patch.

What is different this time?
 
L

Lanwench [MVP - Exchange]

pen said:
More precisely, why isn't the security patch referred to by KB935448
treated as a re-release of the XP SP2 security patch referred to by
MS07-008? Sure, it fixes no new vulnerabilities; if you've already
installed MS07-008 and are having no problems with it (such as
installing the XP SP2 patch referred to by MS07-017), then there is
no security concern to address by installing the new patch (the patch
currently available from KB935448).

If you have installed the security patch referred to by MS07-017, and
now have a "The system DLL user32.dll was relocated in memory."
message, you should read the 935448 knowledge base article. The
935448 package replaces hhctrl.ocx.

As I read this, it looks like XP SP2 users who have installed
MS07-008 and MS07-017 and have one or more of a list of products
installed, find they should replace hhctrl.ocx with a patch referred
to by 935448.

This seems a lot like a re-release of MS07-008. We've seen that
before; we've seen patches re-released even though there is no
security benefit to the new patch.

What is different this time?
Click to expand...

No idea, but you might try crossposting to m.p.windows.security &
m.p.windowsupdate for more help....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why isn't KB925902 a re-release of MS07-008? 3
KB925902 - whose mistake was it, really? 29
Problems with MS security patch MS07-046 2
Security Alert MS07-042 1
User32.dll was relocated in memory 13
Microsoft to release a critical "out of band" patch 0
Illegal System Relocation on re-boot. 7
DSO Exploit 3

Top