As part of an ongoing commitment to provide detection tools and deployment recommendations for bulletin-class security updates, Microsoft is delivering this detection and deployment guidance for all bulletins during a Microsoft Security Response Center (MSRC) release cycle. This guidance contains recommendations for various Windows environments. This includes tools such as Windows Update, Office Update, Microsoft Baseline Security Analyzer (MBSA), Office Detection Tool (ODT), Microsoft Systems Management Server (SMS), and the Enterprise Scan Tool (EST). This document is a monthly supplement to the following Microsoft Knowledge Base article. This supplement gives specific detection and deployment recommendations based on the February 8, 2005, release cycle.

Back to the top

Detection and Deployment strategies

Environments that detect and deploy security updates by using the public Windows Update Web site and the Office Update Web site

If you detect and deploy security updates by using the public Windows Update Web site and the Office Update Web site, you can detect and deploy most of the February 8, 2005, releases. The exception is part of MS05-009.

•	Windows Update does not update the MSN Messenger 6.1 and 6.2 products that are listed in MS05-009. To download the update, visit the following MSN Messenger Web site: http://messenger.msn.com (http://messenger.msn.com)
•	Use the Enterprise Scan Tool (EST) to scan systems that are running MSN Messenger to see if they are vulnerable. In smaller environments, it is easiest to visit the few computers that may need updates, verify the versions of these products, and then update the products from the Download Center links that are available in the bulletin.

Environments that detect security updates using MBSA

If you use MBSA to detect security updates, you can detect most of the February 8, 2005, releases. The exceptions are MS05-004, part of MS05-006, and part of MS05-009.

•	You can use EST to detect MS05-004.
•	The EST or Software Update Services (SUS) detects the Windows SharePoint Services product that is listed in MS05-006. The Windows SharePoint Team Services product that is listed in MS05-006 is only detected by using a local scan from the Office Detection Tool (ODT) that is integrated into MBSA.
•	The EST detects all the affected products that are listed in MS05-009. MBSA detects only the Media Player 9 product.

Environments that detect and deploy security updates by using Software Update Services

If you use Software Update Services to detect and deploy security updates, you can detect most of the February 8, 2005, releases. The exceptions are MS05-005 and part of MS05-006.

•	SUS does not detect or deploy any part of MS05-005. MBSA will detect MS05-005 in part. For details, see the MBSA section. To deploy MS05-005, visit the Office Update Web site or use a more robust deployment tool such as SMS.
•	With MS05-006, MBSA does detect if the update for this vulnerability is required for Windows SharePoint Team Services. MBSA does this by using the Office Detection Tool and is therefore limited to local scans. Additionally, MBSA does not currently support the detection of Windows SharePoint Services. However, an Enterprise Scan Tool has been developed to help determine whether the Windows SharePoint Services security update is required.
•	You will have to use MBSA to detect the Windows SharePoint Team Services product that is part of MS05-006. To deploy MS05-006, visit the Office Update Web site or use a more robust deployment tool such as SMS.

Environments that detect and deploy security updates by using SMS with the Software Update Services Feature Pack

If you use SMS to detect and deploy security updates, you can detect the February 8, 2005, releases. To download the EST packages that are specific to detection and deployment by using SMS, visit the following Web site:

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top

Detection and deployment matrix

	Office Update	Windows Update or Automatic Update	MBSA and ODT	SUS	Stand-alone EST	SMS with SUS Feature Pack
Bulletin	Detect and Deploy	Detect and Deploy	Detection only	Detect and Deploy	Detection only	Detect and Deploy
MS05-004	N/A	Yes	No	Yes	Yes	Yes - complete detection and deployment with the SMS specific EST package
MS05-005	Yes	N/A	Yes	N/A	N/A	Yes
MS05-006	Only updates Windows SharePoint Team Services	Only updates Windows SharePoint Services	Only detects Windows SharePoint Team Services by using a local scan	Only updates Windows SharePoint Services	Only detects Windows SharePoint Services	Yes complete detection and deployment with the SMS specific EST package
MS05-007	N/A	Yes	Yes	Yes	N/A	Yes
MS05-008	N/A	Yes	Yes	Yes	N/A	Yes
MS05-009	N/A	Only updates Media Player 9 and Windows Messenger	Only detects Media Player 9	Only updates Media Player 9 and Windows Messenger	Yes	Yes complete detection and deployment with the SMS specific EST package
MS05-010	N/A	Yes	Yes	Yes	N/A	Yes
MS05-011	N/A	Yes	Yes	Yes	N/A	Yes
MS05-012	N/A	Yes	Yes	Yes	N/A	Yes
MS05-013	N/A	Yes	Yes	Yes	N/A	Yes
MS05-014	N/A	Yes	Yes	Yes	N/A	Yes
MS05-015	N/A	Yes	Yes	Yes	N/A	Yes

Note This detection and deployment guidance applies to Windows NT 4.0 and Windows NT 4.0 Terminal Server Edition only in the context of MS05-010.

Back to the top

Frequently asked questions

Q1: What is Microsoft doing to provide me guidance on how to deploy these updates?

A1: Microsoft encourages system administrators to join the monthly technical webcast to learn more about the February security updates. This webcast will occur on February 9, 2005, at 11:00 A.M. Pacific Time. Because of the complex deployment scenarios of this month’s release, the technical webcast will be extended to two hours. To register, visit the following Web site:
There is an additional PSS webcast on February 16, 2005, to provide additional deployment support to systems administrators. To register, visit the following Web site:
This month, Microsoft is also providing an additional resource to help in the deployment of security updates in the form of the Enterprise Scan Tool. The Enterprise Scan Tool is a supplement to the Microsoft Baseline Security Analyzer. The Enterprise Scan Tool helps detect vulnerable computers when MBSA cannot do this.

Q2: Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether the updates are required?

A2: You can use the Microsoft Baseline Security Analyzer to detect the following security updates released this month:

•	MS05-005 http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx)
•	MS05-006 http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx)
•	MS05-007 http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx)
•	MS05-008 http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx)
•	MS05-010 http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx)
•	MS05-011 http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx)
•	MS05-012 http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx)
•	MS05-013 http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx)
•	MS05-014 http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx)
•	MS05-015 http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx)

Note With MS05-006, MBSA does detect if the update for this vulnerability is required for Windows SharePoint Team Services. MBSA does this by using the Office Detection Tool and is therefore limited to local scans. Additionally, MBSA does not currently support the detection of Windows SharePoint Services. However, an Enterprise Scan Tool has been developed to help determine whether the Windows SharePoint Services security update is required. For additional information bout the programs that MBSA currently detect, click the following article number to view the article in the Microsoft Knowledge Base:
If you have installed any one of the programs that are listed in the Affected Software section of the security bulletin, you may have to manually determine whether you have to install the required update. For more information about MBSA, visit the following Web site: Note With MS05-014, this release includes an update for Internet Explorer 6 Service Pack 1 designed for Windows 2000 and Windows XP Service Pack 1. If you are still managing Windows NT 4.0 systems in your enterprise, and you are using MBSA, a software update scan will show this update as applicable on Windows NT 4.0 systems. However, this update is intended only for the supported operating systems mentioned in the Affected Software section of the security bulletin.

Q3: For which security bulletins will I have to use the Enterprise Scan Tool with MBSA to identify vulnerable systems on my network?

A3: You will have to use the Enterprise Scan Tool with MBSA for the following security bulletins:

•	MS05-004
•	MS05-006
•	MS05-009

Q4: Can I use Systems Management Server (SMS) to determine whether the updates are required?

A4: Yes. SMS can help detect and deploy these security updates.

Note SMS uses MBSA for detection. Therefore, SMS has the same limitations related to programs that MBSA does not detect. For information about SMS, visit the following Web site: You must use the Security Update Inventory Tool to detect Microsoft Windows and other affected Microsoft products. For more information about the limitations of the Security Update Inventory Tool, see the following Microsoft Knowledge Base article. SMS can also use the Microsoft Office Inventory Tool to detect for required updates for Microsoft Office applications such as Windows SharePoint Team Services.

Q5: On which bulletins will I have to use the Enterprise Scan Tool with SMS to identify vulnerable systems on my network?

A5: You will have to use the Enterprise Scan Tool should be used in combination with SMS for the following security bulletins:

•	MS05-004
•	MS05-006
•	MS05-009

Q6: I am trying to install MS05-004. Is there an additional tool that can help me determine vulnerable systems?

A6: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for the ASP.NET security update. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. There is also a version of this tool that SMS customers can download. To download this tool, SMS customers can visit the following Web site:

Q7: I am trying to install MS05-006. Is there an additional tool to help me determine vulnerable systems?

A7: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for the Windows SharePoint Services security update. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. To download this tool, SMS customers can visit the following Web site: Q8: I am trying to install MS05-009. Is there an additional tool to help me determine vulnerable systems?

A8: Yes. As part of an ongoing commitment to provide detection capability for each bulletin release, a stand-alone detection tool has been made available for all the affected products that are listed in the MS05-009 security bulletin. This tool is available from the Microsoft Download Center by searching on the following keywords: enterprise, scan tool, and the bulletin ID. To download this tool, SMS customers can visit the following Web site: Q9: I have received a hotfix from Microsoft or my support provider since the release of MS04-004. Is that hotfix included in MS05-014?

A9: Yes. When you install this security update, the installer checks to see if one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update an affected file, the installer copies the files that contain the hotfix to your system. Otherwise, the installer copies the files without the hotfix to your system.

Q10: The command line installation switches with MS05-014 are different for Windows 2000 and Windows XP operating systems than MS04-025. Why is that?

A10: Starting with MS04-038 (http://go.microsoft.com/fwlink/?LinkId=31851), the packages that are downloaded from the Web for Windows 2000 and Windows XP Service Pack 1 use a new installation technology, Update.exe. Therefore, the installation options are different from previous releases. Also, as part of the change to the Update.exe installation technology, the Knowledge Base Article number of this update will no longer be displayed in the About Internet Explorer dialog box in Internet Explorer. For more information about the command line switches that are that are available for this release, see the "Security Update Information" section of the security bulletin. If you automatically downloaded this package as a function of the SMS SUS Feature Pack, the command line parameters are based on the SMS Installer package and are different from the Web download version.

Q11: Are there any other special considerations that I should consider when I deploy MS05-014?

A11: This update does include hotfixes that have been released since the release of MS04-004 (http://go.microsoft.com/fwlink/?linkid=22189) and MS04-025 (http://go.microsoft.com/fwlink/?LinkId=31981). However, they are installed only on systems that need them. Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 (http://go.microsoft.com/fwlink/?linkid=22189) or MS04-025 (http://go.microsoft.com/fwlink/?LinkId=31981) should review question nine to determine how to make sure that the appropriate hotfixes are installed. Microsoft Knowledge Base article 867282 also documents this in more detail.

Note The update for the Drag-and-Drop Vulnerability, CAN-2005-0053, comes in two parts. It is addressed in part in the MS05-014 security bulletin. This security bulletin, together with security bulletin MS05-008 (http://go.microsoft.com/fwlink/?LinkId=38516), makes up the update for CAN-2005-0053. These updates do not have to be installed in any particular order. However, we recommend that you install both updates.

Back to the top