New MSSecure.XML Version 2005.02.08.0 Now Available

New MSSecure.XML Version 2005.02.08.0 Now Available

Post by Doug Neal » Thu, 10 Feb 2005 04:06:43

SSECURE.XML Data Version 2005.02.08.0 (for use by MBSA 1.2 and SMS SUS
Feature Pack) was last modified today, February 8, 2004, and is now
available for all supported languages (English, French, German and
Japanese). Today's release contains 12 new bulletins and 1 re-release - 10
of which are fully supported for MBSA detection and SMS deployment.

This release fully supports the following new bulletins:

MS04-035 (Exchange) - re-release to add Exchange 2000 SP3 support
MS05-004 (ASP .Net) - Not supported by MBSA, but supported by EST
MS05-005 (Word) - supported by MBSA (using ODT) for local scans only
MS05-006 (SharePoint) - STS supported by MBSA (using ODT) for local scans
only. WSS supported by EST

MS05-007 (Session Link) - 888302.
MS05-008 (Shell) - 890047.
MS05-009 (LibPNG) - WMP portion supported, Messenger variants not
supported. EST supports all aspects of LibPNG

MS05-010 (License Logging) - 885834. Also includes Windows NT 4.0 Server
and Windows NT 4.0 TSE support

MS05-011 (SMB) - 885250.
MS05-012 (OLE) - 873333.
MS05-013 (DHTML) - 891781.
MS05-014 (IE) - 867282.
MS05-015 (HLINK) - 888113.

There are a number of technical issues with today's release that may be
valuable to enterprise administrators:

LibPNG and WMP / Messenger Support
The LibPNG vulnerability spans products supported by MBSA (WMP9) and
products not supported by MBSA (Windows and MSN Messenger). Usually,
unsupported products would not generate a warning in MBSA (no 'less than'
warning, no note message - nothing. See KB306460 for details). Since this
could mislead customers with the WMP patch applied to believe they are
patched for all known vulnerabilities (since no message would appear for
vulnerable Messenger versions), the 'Windows OS' security check will report
a Note Message for all potentially affected platforms (i.e., any platform
where an affected version of Messenger could be installed). This is
expected behavior. This Note Message will appear regardless of whether an
affected version of Messenger is installed as a precaution to alert
customers to manually check the applicability of their systems for the
Messenger-based versions of this fix. The Enterprise Scan Tool (EST) can be
used as a single tool to scan for LibPNG vulnerabilities that MBSA cannot

MS04-044 fix
The December 2004 MSSECURE file included unnecessary detection for the
optional KDCSVC.DLL file. This caused the MS04-044 patch to never indicate
it was fully installed for MBSA users and could cause SMS to potentially
re-deploy the package. This issue has been fixed with today's release

MS04-037 no longer replaces (supersedes) MS04-024
In addition to correctly removing the supersedence between MS04-024 and
MS04-037, previously-released MSSECURE files lacked detection for a critical
Security Zone setting detailed in the MS04-024 bulletin.

Internet Explorer 6.0 SP1 no longer supported on NT 4.0
Although MBSA will scan for all Internet Explorer issues detailed in
MS05-014, it will not distiguish between Internet Explorer 6.0 SP1 installed
on a supported Windows operating system and when it is installed on Windows
NT 4.0 platforms that are no longer in support.

More information can be found in the MS05-014 bulletin under the section
titled, "Extended security update support for Microsoft Windows NT 4.0
Workstation Service Pack 6a and Windows 2000 Service Pack 2 ended on June

New MSSecure.XML Version 2005.02.08.0 Now Available

Post by Greg » Thu, 10 Feb 2005 07:16:10


There appears to be a problem with the new XML file and Windows XP SP2

I scanned my machine using the command line utility and it reported all the
correct items as missing, but it did not tell me that I had Internet
Explorer SP2 installed or that I had Windows Media Player 10 installed. All
the missing items were shown under the OS category.

I checked some W2K machines and XP SP1 machines and both the IE and MP
categories were listed.

Not a huge problem by any means, I just though you might like to know.


"Doug Neal [MSFT]" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


New MSSecure.XML Version 2005.02.08.0 Now Available

Post by Doug Neal » Thu, 10 Feb 2005 07:35:10

reg - thanks for writing to us so quickly to report this issue.

MBSA will not report that you have Internet Explorer 6.0 SP2 in your machine
because there is actually a specific, customized version of Internet
Explorer 6.0 for Windows XP SP2 and another for Windows Server 2003 that is
not available as a separate download. For this reason, there is actually no
'IE 6.0 SP2' per se, but actually an 'Internet Explorer 6.0 for Windows
Server 2003' and 'Internet Explorer 6.0 for Windows XP SP2.' If you look at
the TechNet Bulletin Search, it calls out these versions under the 'Product
/ Technology' drop-down list. In MBSA results, your Internet Explorer
bulletins will be found under the OS-based heading in command-line (HF) mode
or under the 'Windows Security Updates' section in the graphical interface

As for Media Player, MBSA supports Windows Media Player 6.4, 7, 8 and 9 -
but not Windows Media Player 10 (see KB306460 for details). There are
currently no vulnerabilities against WMP10, but even if there were - MBSA
would not be able to provide a patch detection result since it is an
unsupported product.

I hope that helps...


Doug Neal [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
Security Analyzer (MBSA) at the following link:;en-us;Prodoffer20a

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.

"Greg" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...


New MSSecure.XML Version 2005.02.08.0 Now Available

Post by Greg » Fri, 11 Feb 2005 04:04:00


Thanks for filling in the blanks as to why my output looked like it did.

While I suppose I understand the decisions from a high level, it just gets
very frustrating to have to remember

all these special situations. I just wish it worked the same all the time.
But hey if it were easy then they

would not need people like us!!


"Doug Neal [MSFT]" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...