MS09-032 Installation

Giganews Newsgroups
Subject: MS09-032 Installation
Posted by:  Sandy Wood (sandy.wood@nospam.com)
Date: Wed, 15 Jul 2009

The security bulletin for MS09-032 fixes an ActiveX vulnerability first
described in Security Advisory 972890. We applied the workaround described
there for our XP and Windows 2003 systems. Now that the Security Bulletin is
released we're wondering what would happen should we apply MS09-032 and then
undo the fix in 927890. MS09-032 answers the question by describing a
scenario of Vista and Win 2008 systems, not XP or Win 2003. Here's the FAQ
I'm talking about:

What would happen if I install this update and then undo the workaround from
Microsoft Security Advisory 972890?

In this scenario, customers of Windows Vista and Windows Server 2008 install
this security update for defense-in-depth and then either manually undo the
workaround from Microsoft Security Advisory 972890, or use the automated
Microsoft Fix it solution in Microsoft Knowledge Base Article 972890 to
disable the workaround. Such customers will no longer prevent the Microsoft
Video ActiveX Control from running in Internet Explorer, making their systems
vulnerable. Also, such systems will not be reoffered this update since future
detection results will yield the successful installation that was undone by
workaround.

--
Sandy Wood
Orange County District Attorney

Replies