Detection and deployment guidance for the June 14, 2005 security release

Article translations Article translations
Article ID: 900804 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

As part of an ongoing commitment to provide detection tools and deployment recommendations for security updates, Microsoft is delivering this detection and deployment guidance for all updates that are released during a Microsoft Security Response Center (MSRC) release cycle. This guidance contains recommendations that are based on the types of scenarios that may exist in various Microsoft operating system environments. This guidance includes the use of tools such as Windows Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), the Extended Security Update Inventory Tool, and the Enterprise Update Scan Tool (EST).

INTRODUCTION

This article describes the detection and deployment guidance for the security release that is dated June 14, 2005.

MORE INFORMATION

Detection and deployment

Environments that detect and that deploy security updates by using Windows Update, Microsoft Update, and Office Update

Most of the updates that released on June 14, 2005 are available through the following Web sites:
  • Microsoft Windows Update
  • Microsoft Update
  • Office Update
However, not all the updates are available through these Web sites. The following are the updates that are not available through these Web sites or that may only be partially supported by these Web sites:
  • Security update 895179 is for Microsoft Exchange Server 5.5. Microsoft Exchange Server 5.5 is not supported by Windows Update or by Microsoft Update.

    Note This security update is documented in security bulletin MS05-029.
  • Security update 896428 is an update for the version of Telnet that is included with Microsoft Windows Server 2003 and with Microsoft Windows XP. This update is also for the version of Telnet that is included with Microsoft Windows Services for UNIX. Windows Update and Microsoft Update support detection and deployment only for the version of Telnet that is included with the following operating systems:
    • Windows Server 2003 Service Pack 1 (SP1)
    • Windows Server 2003
    • Windows XP Service Pack 2 (SP2)
    • Windows XP SP1
    Note This security update is documented in security bulletin MS05-033.
  • Security update 899753 is an update for Microsoft Internet Security and Acceleration (ISA) Server. ISA Server is not supported by Windows Update or by Microsoft Update.

    Note This security update is documented in security bulletin MS05-034.
  • Security update 263968 is a Microsoft SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

    Note This security update is documented in security bulletin MS02-035.

Environments that detect security updates by using the MBSA

If you use the Microsoft Baseline Security Analyzer (MBSA) to detect security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that the MBSA does not detect or that may only be partially supported by the MBSA:
  • Security update 895179 is an update for Exchange Server 5.5. Most Exchange Server 5.5 installations are supported by the MBSA. Microsoft Outlook Web Access is also supported by the MBSA. However, the MBSA does not detect security update 895179 when the following conditions are true:
    • A front-end server is connected to a back-end Exchange Server 5.5 server.
    • The front-end server is running only Internet Information Services.
    • The front-end server is set up only for Outlook Web Access.
    • The MBSA is run on the front-end server.
    You can use the Enterprise Update Scan Tool for detection of this update on a front-end server that is set up only for Outlook Web Access.

    Note This security update is documented in security bulletin MS0-029.
  • Security update 897715 is an update for Microsoft Outlook Express. Outlook Express is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update for the following configurations:
    • Outlook Express 6.0 SP1 on Windows XP SP1
    • Outlook Express 6.0 SP1 on Microsoft Windows 2000 Service Pack 4 (SP4) and on Windows 2000 Service Pack 3 (SP3)
    • Outlook Express 6.0 on the original version of Windows Server 2003
    • Outlook Express 5.5 SP2 on Windows 2000 SP4 and on Windows 2000 SP3
    Note This security update is documented in security bulletin MS05-030.
  • Security update 898458 is an update for step-by-step interactive training. Step-by-step interactive training is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when step-by-step interactive training applications are installed on the following operating systems:
    • Windows Server 2003 SP1
    • Windows Server 2003
    • Windows XP SP2
    • Windows XP SP1
    • Windows 2000 SP4
    • Windows 2000 SP3
    Note This security update is documented in security bulletin MS05-031.
  • Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by the MBSA:
    • Windows Server 2003 SP1
    • Windows Server 2003
    • Windows XP SP2
    • Windows XP SP1
    However, the version of Telnet that is included with Windows Services for UNIX is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when Telnet is installed by Windows Services for UNIX versions 2.2, 3.0, and 3.5. You can install Windows Services for UNIX on the following operating systems:
    • Windows Server 2003 SP1
    • Windows Server 2003
    • Windows XP SP2
    • Windows XP SP1
    • Windows 2000 SP4
    • Windows 2000 SP3
    However, the only vulnerable version of Windows Services for UNIX is the version that is present on Windows 2000 SP4 and on Windows 2000 SP3.

    Note This security update is documented in security bulletin MS05-033.
  • Security update 899753 is an ISA Server update. ISA Server is not supported by the MBSA. You can use the Enterprise Update Scan Tool for detection of this update when Microsoft ISA Server 2000 SP2 is running on one of the following operating systems:
    • Windows Server 2003 SP1
    • Windows Server 2003
    • Windows 2000 SP4
    • Windows 2000 SP3
    Note This security update is documented in security bulletin MS05-034.
  • Security update 887219 is an ASP.NET update. Although ASP.NET is not supported by the MBSA, ASP.NET is supported by the original February Enterprise Update Scan Tool.

    Note This security update is documented in security bulletin MS05-004.
  • Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

    Note This security update is documented in security bulletin MS02-035.
  • Security update 893066 is a rereleased TCP/IP update that the MBSA detects. However, the older version of security update 893066 is out-of-date. Hotfix 898060 superseded the older version of the security update, and that hotfix is also out-of-date. You must install the rereleased version of security update 893066 for the MBSA to consider the system to be compliant.

    Note This security update is documented in security bulletin MS05-019.
For more information about how to obtain the Enterprise Update Scan Tool, click the following article number to view the article in the Microsoft Knowledge Base:
894193 How to obtain and use the Enterprise Update Scan Tool

Environments that detect and that deploy security updates by using Software Update Services or Windows Server Update Services

If you use Software Update Services (SUS) or Windows Server Update Services (WSUS) to detect and to deploy security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that SUS and WSUS do not detect or that are only partially supported by SUS and by WSUS:
  • Security update 895179 is an update for Exchange Server 5.5. SUS and WSUS do not support Exchange Server 5.5. For more information about this update and about detection, see the "Environments that detect security updates by using MBSA" section.

    Note This security update is documented in security bulletin MS05-029.
  • Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by SUS and by WSUS:
    • Windows Server 2003 SP1
    • Windows Server 2003
    • Windows XP SP2
    • Windows XP SP1
    However, the version of Telnet that is included with Windows Services for UNIX is not supported by SUS and WSUS. For detection information about this version of Telnet, see the "Environments that detect security updates by using MBSA" section.

    Note This security update is documented in security bulletin MS05-033.
  • Security update 899753 is an ISA Server update. ISA Server is not supported by SUS or by WSUS. For detection information, see the "Environments that detect security updates by using MBSA" section.

    Note This security update is documented in security bulletin MS05-034.
  • Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy. For detection information, see the "Environments that detect security updates by using MBSA" section.

    Note This security update is documented in security bulletin MS02-035.

Environments that detect and that deploy security updates by using SMS with the Software Update Services (SUS) Feature Pack and with the Extended Security Update Inventory Tool

If you use Systems Management Server (SMS) to detect and to deploy security updates, you can detect all the security updates that were released on June 14, 2005 except for security update 263968. Security update 263968 is a SQL Server update that is being rereleased. This security update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to identify or to deploy.

Note This security update is documented in security bulletin MS02-035.

Some of the security updates may only be fully detected if you use the latest cumulative Extended Security Update Inventory Tool. To obtain this tool, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C93DA1D-48A0-4E5C-991F-87E08954F61B&displaylang=en

Summary of detection and deployment guidance

The following table summarizes the detection and deployment guidance for each new security update.
Collapse this tableExpand this table
Security update/
security bulletin/
description
Office UpdateWindows UpdateMicrosoft UpdateThe MBSA and the Office Detection ToolSUSWSUSThe stand-alone Enterprise Update Scan ToolSMS with the SUS Feature Pack
Detect and deployDetect and deployDetect and deployDetect onlyDetect and deployDetect and deployDetect onlyDetect and deploy
883939
MS05-025
(Microsoft Internet Explorer)
N/AYesYesYesYesYesN/AYes
896358
MS05-026
(HTML Help)
N/AYesYesYesYesYesN/AYes
896422
MS05-027
(Server Message Block)
N/AYesYesYesYesYesN/AYes
896426
MS05-028
(Web Client Service)
N/AYesYesYesYesYesN/AYes
895179
MS05-029
(Outlook Web Access)
N/AN/AN/APartially supportedN/AN/APartially supportedYes
897715
MS05-030
(Outlook Express)
N/AYesYesN/AYesYesYesYes
898458
MS05-031
(Interactive training)
N/AYesYesN/AYesYesYesYes
890046
MS05-032
(Microsoft agent)
N/AYesYesYesYesYesN/AYes
896428
MS05-033
(Telnet)
N/APartially supportedPartially supportedPartially supportedPartially supportedPartially supportedPartially supported Yes
899753
MS05-034
(ISA Server)
N/AN/AN/AN/AN/AN/AYesYes

Rereleased security updates

The following table summarizes the detection and deployment guidance for each rereleased security update.
Collapse this tableExpand this table
Security update/
security bulletin/
description
Office UpdateWindows UpdateMicrosoft UpdateThe MBSA and the Office Detection ToolSUSWSUSThe stand-alone Enterprise Update Scan ToolSMS with the SUS Feature Pack
Detect and deployDetect and deployDetect and deployDetect onlyDetect and deployDetect and deployDetect onlyDetect and deploy
263968
MS02-035
(SQL Server)
N/AN/AN/AMBSA (You receive a note message.)N/AN/AN/AN/A
887219
MS05-004
(ASP.NET)
N/AYesYesN/AYesYesYesYes
893066
MS05-019
(TCP/IP)
N/AYesYesYesYesYesN/AYes
For more information about note messages in the MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates

Frequently asked questions

  1. What is Microsoft doing to provide guidance about how to deploy these updates?

    Microsoft encourages system administrators to join the monthly technical webcast to learn more about security updates. The webcast for these security update airs on June 15, 2005 at 11:00 A.M. (Pacific Time). To register, visit the following Microsoft Web site:
    http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032275405&EventCategory=4
  2. Is the Enterprise Update Scan Tool also cumulative like the Extended Security Update Inventory Tool is for SMS?

    No, the Enterprise Update Scan Tool is not cumulative. There are no plans to make the Enterprise Update Scan Tool cumulative.
  3. Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether the updates are required?

    You can use the MBSA to detect the following security updates that were released in May 2005:
    • 883939 (Security bulletin MS05-025)
    • 896358 (Security bulletin MS05-026)
    • 896422 (Security bulletin MS05-027)
    • 896426 (Security bulletin MS05-028)
    • 890046 (Security bulletin MS05-032)
    The following security updates are only partially supported by the MBSA:
    • 895179 (Security bulletin MS05-029)
    • 896428 (Security bulletin MS05-033)
    For more information about detection for security update 895179 and for security update 896428, see the "Environments that detect security updates by using the MBSA" section.

    For more information about the programs that the MBSA currently does not detect, click the following article number to view the article in the Microsoft Knowledge Base:
    306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates
    If you installed a program that is listed in the "Affected software" section of a security bulletin that is mentioned in this article, you may have to manually determine whether you must install the required security update. For more information about the MBSA, visit the following Microsoft Web site:
    http://technet.microsoft.com/en-us/security/cc184924.aspx
  4. Which security updates require that I use the Enterprise Update Scan Tool together with the MBSA to identify vulnerable systems in my network?

    The following security updates require that you use the Enterprise Update Scan Tool together with the MBSA:
    • 897715 (Security bulletin MS05-030)
    • 898458 (Security bulletin MS05-031)
    • 890046 (Security bulletin MS05-032)
    • 899753 (Security bulletin MS05-034)
    Under certain conditions, the following security updates are partially supported by the Enterprise Update Scan Tool together with the MBSA:
    • 895179 (Security bulletin MS05-029)
    • 896428 (Security bulletin MS05-033)
    For more information, see the "Environments that detect security updates by using the MBSA" section.
  5. Can I use Systems Management Server (SMS) to determine whether the updates are required?

    Yes. SMS helps detect and deploy these security updates. SMS uses the MBSA for detection. Therefore, SMS does not detect the same programs that MBSA does not detect. For more information about SMS, visit the following Microsoft Web site:
    http://www.microsoft.com/smserver/default.mspx
    The Security Update Inventory Tool together with the Extended Security Update Inventory Tool are required for detection of all the security updates on Microsoft Windows and on other affected Microsoft products. For more information about the limitations of the Security Update Inventory Tool, click the following article number to view the article in the Microsoft Knowledge Base:
    306460 Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates
    SMS also uses the Microsoft Office Inventory Tool to detect the required security updates for Microsoft Office programs such as Microsoft Word.

Properties

Article ID: 900804 - Last Review: October 27, 2006 - Revision: 2.5
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Service Pack 1, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Server SP4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Service Pack 3, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
Keywords: 
kbsecurity kbdeployment kbhowto kbinfo KB900804

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com