Detection and deployment
Environments that detect and that deploy security updates by using Windows Update, Microsoft Update, and Office Update
Most of the updates that released on June 14, 2005 are available through the following Web sites:
- Microsoft Windows Update
- Microsoft Update
- Office Update
However, not all the updates are available through these Web sites. The following are the updates that are not available through these Web sites or that may only be partially supported by these Web sites:
- Security update 895179 is for Microsoft Exchange
Server 5.5. Microsoft Exchange Server 5.5 is not supported by Windows Update or by Microsoft
Update.
Note This security update is documented in security bulletin MS05-029. - Security update 896428 is an update for the version of Telnet that is included with Microsoft Windows Server 2003 and with Microsoft Windows XP. This update is also for the version of Telnet that is included with Microsoft Windows Services for UNIX. Windows Update and Microsoft Update
support detection and deployment only for the version of Telnet that is included with the following operating systems:
- Windows Server 2003 Service Pack 1 (SP1)
- Windows Server 2003
- Windows XP Service Pack 2 (SP2)
- Windows XP SP1
Note This security update is documented in security bulletin MS05-033. - Security update 899753 is an update for Microsoft Internet Security and Acceleration
(ISA) Server. ISA Server is not supported by Windows Update or by Microsoft
Update.
Note This security update is documented in security bulletin MS05-034. - Security update 263968 is a Microsoft SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to
identify or to deploy.
Note This security update is documented in security bulletin MS02-035.
Environments that detect security updates by using the MBSA
If you use the Microsoft Baseline Security Analyzer (MBSA) to detect security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that the MBSA does not detect or that may only be partially supported by the MBSA:
- Security update 895179 is an update for Exchange Server 5.5. Most Exchange Server 5.5 installations are supported by the MBSA. Microsoft Outlook Web Access is also supported by the MBSA. However, the MBSA does not detect security update 895179 when the following conditions are true:
- A front-end server is connected to a back-end Exchange Server 5.5 server.
- The front-end server is running only Internet Information Services.
- The front-end server is set up only for Outlook Web Access.
- The MBSA is run on the front-end server.
You can use the Enterprise Update Scan Tool for detection of this update on a front-end server that is set up only for Outlook Web Access.
Note This security update is documented in security bulletin MS0-029. - Security update 897715 is an update for Microsoft Outlook Express. Outlook Express is not
supported by the MBSA. You can use the Enterprise Update Scan Tool for
detection of this update for the following configurations:
- Outlook Express 6.0 SP1 on Windows XP SP1
- Outlook Express 6.0 SP1 on Microsoft Windows 2000 Service Pack 4 (SP4) and on Windows 2000 Service Pack 3 (SP3)
- Outlook Express 6.0 on the original version of
Windows Server 2003
- Outlook Express 5.5 SP2 on Windows 2000 SP4 and on Windows 2000 SP3
Note This security update is documented in security bulletin MS05-030. - Security update 898458 is an update for step-by-step interactive training. Step-by-step interactive training
is not supported by the MBSA. You can use the Enterprise Update Scan Tool for
detection of this update when step-by-step interactive training applications are installed on the following operating systems:
- Windows Server 2003
SP1
- Windows Server 2003
- Windows XP SP2
- Windows XP SP1
- Windows 2000 SP4
- Windows 2000 SP3
Note This security update is documented in security bulletin MS05-031. - Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by the MBSA:
- Windows Server 2003 SP1
- Windows Server 2003
- Windows XP SP2
- Windows XP SP1
However, the version of Telnet that is included with Windows Services for UNIX is not supported by the MBSA. You can use the Enterprise Update Scan Tool for
detection of this update when Telnet is installed by Windows Services for UNIX versions 2.2, 3.0, and 3.5. You can install Windows Services for UNIX on the following operating systems:- Windows Server 2003 SP1
- Windows Server 2003
- Windows XP SP2
- Windows XP SP1
- Windows 2000 SP4
- Windows 2000 SP3
However, the only vulnerable version of Windows Services for UNIX is the version that is present on Windows 2000
SP4 and on Windows 2000 SP3.
Note This security update is documented in security bulletin MS05-033. - Security update 899753 is an ISA Server update. ISA Server is not supported by
the MBSA. You can use the Enterprise Update Scan Tool for
detection of this update when Microsoft ISA Server
2000 SP2 is running on one of the following operating systems:
- Windows Server 2003 SP1
- Windows
Server 2003
- Windows 2000 SP4
- Windows 2000 SP3
Note This security update is documented in security bulletin MS05-034. - Security update 887219 is an ASP.NET update. Although ASP.NET is not
supported by the MBSA, ASP.NET is supported by the original February
Enterprise Update Scan Tool.
Note This security update is documented in security bulletin MS05-004. - Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to
identify or to deploy.
Note This security update is documented in security bulletin MS02-035. - Security update 893066 is a rereleased TCP/IP update that the MBSA detects. However, the older version of security update 893066 is out-of-date. Hotfix 898060 superseded the older version of the security update, and that hotfix is also out-of-date. You must install the rereleased version
of security update 893066 for the MBSA to consider the system to be
compliant.
Note This security update is documented in security bulletin MS05-019.
For more information about how to
obtain the Enterprise Update Scan Tool, click the following article number to
view the article in the Microsoft Knowledge Base:
894193
How to obtain and use the Enterprise Update Scan Tool
Environments that detect and that deploy security updates by using Software Update Services or Windows Server Update Services
If you use Software Update Services (SUS) or Windows Server
Update Services (WSUS) to detect and to deploy security updates, you can detect most of the updates that were released on June 14, 2005. The following are the updates that SUS and WSUS do not detect or that are only partially supported by SUS and by WSUS:
- Security update 895179 is an update for Exchange Server 5.5. SUS and WSUS do not support Exchange Server 5.5. For more information about this update and about detection, see the "Environments that detect security updates by using MBSA" section.
Note This security update is documented in security bulletin MS05-029. - Security update 896428 is an update for Telnet. The version of Telnet that is included with the following operating systems is supported by SUS and by WSUS:
- Windows Server 2003 SP1
- Windows Server 2003
- Windows XP SP2
- Windows XP SP1
However, the version of Telnet that is included with Windows Services for UNIX is not supported by SUS and WSUS. For detection information about this version of Telnet, see the "Environments that detect security updates by using MBSA" section.
Note This security update is documented in security bulletin MS05-033. - Security update 899753 is
an ISA Server update. ISA Server is not supported by SUS or by WSUS. For detection information, see the "Environments that detect security updates by using MBSA" section.
Note This security update is documented in security bulletin MS05-034. - Security update 263968 is a SQL Server update that is being rereleased. This update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to
identify or to deploy. For detection information, see the "Environments that detect security updates by using MBSA" section.
Note This security update is documented in security bulletin MS02-035.
Environments that detect and that deploy security updates by using SMS with the Software Update Services (SUS) Feature Pack and with the Extended Security Update Inventory Tool
If you use Systems Management Server (SMS) to detect and to deploy security updates, you can detect all the security updates that were released on June 14, 2005 except for security update 263968. Security update 263968 is a SQL Server update that is being rereleased. This security update is related to an issue where the sa password is stored in clear text. There are no vulnerable files to
identify or to deploy.
Note This security update is documented in security bulletin MS02-035.
Some of the security updates may only be fully
detected if you use the latest cumulative
Extended
Security Update Inventory Tool. To obtain this tool, visit the following Microsoft Web site:
Summary of detection and deployment guidance
The following table summarizes the detection and deployment guidance for each new security update.
Security update/ security bulletin/ description | Office Update | Windows
Update | Microsoft Update | The MBSA and the Office Detection
Tool | SUS | WSUS | The stand-alone Enterprise Update Scan
Tool | SMS with the SUS Feature Pack |
| Detect and deploy | Detect and
deploy | Detect and deploy | Detect only | Detect and
deploy | Detect and deploy | Detect only | Detect and
deploy |
883939 MS05-025 (Microsoft Internet Explorer) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
896358 MS05-026 (HTML Help) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
896422 MS05-027 (Server Message Block) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
896426 MS05-028 (Web
Client Service) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
895179 MS05-029 (Outlook Web Access) | N/A | N/A | N/A | Partially supported | N/A | N/A | Partially supported | Yes |
897715 MS05-030 (Outlook
Express) | N/A | Yes | Yes | N/A | Yes | Yes | Yes | Yes |
898458 MS05-031 (Interactive
training) | N/A | Yes | Yes | N/A | Yes | Yes | Yes | Yes |
890046 MS05-032 (Microsoft agent) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
896428 MS05-033 (Telnet) | N/A | Partially supported | Partially supported | Partially supported | Partially supported | Partially supported | Partially supported | Yes |
899753 MS05-034 (ISA Server) | N/A | N/A | N/A | N/A | N/A | N/A | Yes | Yes |
Rereleased security updates
The following table summarizes the detection and deployment guidance for each rereleased security update.
Security update/ security bulletin/ description | Office Update | Windows
Update | Microsoft Update | The MBSA and the Office Detection
Tool | SUS | WSUS | The stand-alone Enterprise Update Scan
Tool | SMS with the SUS Feature Pack |
| Detect and deploy | Detect and
deploy | Detect and deploy | Detect only | Detect and
deploy | Detect and deploy | Detect only | Detect and
deploy |
263968 MS02-035 (SQL Server) | N/A | N/A | N/A | MBSA (You receive a note message.) | N/A | N/A | N/A | N/A |
887219 MS05-004 (ASP.NET) | N/A | Yes | Yes | N/A | Yes | Yes | Yes | Yes |
893066 MS05-019 (TCP/IP) | N/A | Yes | Yes | Yes | Yes | Yes | N/A | Yes |
For more information about note messages in the MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
306460
Microsoft Baseline Security Analyzer (MBSA) returns note messages for some updates
Frequently asked questions
- What is Microsoft doing to provide guidance about how to deploy these updates?
Microsoft encourages system administrators to join the
monthly technical webcast to learn more about security updates.
The webcast for these security update airs on June 15, 2005 at 11:00 A.M. (Pacific Time). To register, visit
the following Microsoft Web site: - Is the Enterprise Update Scan Tool also cumulative like the Extended
Security Update Inventory Tool is for SMS?
No, the
Enterprise Update Scan Tool is not cumulative. There are no plans to make the Enterprise Update Scan Tool cumulative. - Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether the updates are required?
You can use the MBSA to detect the following security updates
that were released in May 2005:
- 883939 (Security bulletin MS05-025)
- 896358 (Security bulletin MS05-026)
- 896422 (Security bulletin MS05-027)
- 896426 (Security bulletin MS05-028)
- 890046 (Security bulletin MS05-032)
The following security updates are only partially supported by the MBSA:- 895179 (Security bulletin MS05-029)
- 896428 (Security bulletin MS05-033)
For more information about detection for security update 895179 and for security update 896428, see the "Environments that detect security updates by using the MBSA" section.
For more information about the programs that the MBSA currently does not detect, click the following article number to view the article in the Microsoft Knowledge Base:
306460
Microsoft Baseline Security
Analyzer (MBSA) returns note messages for some updates
If you installed a program that
is listed in the "Affected software" section of a security
bulletin that is mentioned in this article, you may have to manually determine whether
you must install the required security update. For more information about the MBSA,
visit the following Microsoft Web site: - Which security updates require that I use the Enterprise Update Scan Tool together with the MBSA to identify vulnerable systems in my
network?
The following security updates require that you use the Enterprise Update Scan Tool together with the MBSA:- 897715 (Security bulletin MS05-030)
- 898458 (Security bulletin MS05-031)
- 890046 (Security bulletin MS05-032)
- 899753 (Security bulletin MS05-034)
Under certain conditions, the following security updates are partially supported by the Enterprise Update Scan Tool together with the MBSA:- 895179 (Security bulletin MS05-029)
- 896428 (Security bulletin MS05-033)
For more information, see the "Environments that detect security updates by using the MBSA" section. - Can I use Systems Management Server (SMS) to determine whether the updates are required?
Yes. SMS helps detect and deploy these security updates.
SMS uses the MBSA for detection. Therefore, SMS does not detect the same
programs that MBSA does not detect. For more information about SMS, visit the
following Microsoft Web site:The
Security Update Inventory Tool together with the Extended Security Update
Inventory Tool are required for detection of all the security updates on
Microsoft Windows and on other affected Microsoft products. For more information about the limitations of the
Security Update Inventory Tool, click the following article number to view the
article in the Microsoft Knowledge Base: 306460
Microsoft Baseline Security Analyzer (MBSA) returns note messages for
some updates
SMS also uses the Microsoft Office
Inventory Tool to detect the required security updates for Microsoft Office
programs such as Microsoft Word.