Jump to content

MS05-017 Security Bulletin

Guest crashere

By Guest crashere
in Techno Babble

 Share

Recommended Posts

Guest crashere

Guest crashere

Posted
Posted

MS05-017 lists Windows XP SP2 as unaffected, but the fix is not listed in

KB811113 (List of fixes included in Windows XP Service Pack 2). On the other

hand, the fix is listed in the SP3 KB946480 (List of fixes included in

Windows XP Service Pack 3).

 

If this fixed in XP SP2 then why is it not listed?

 

Why is it listed in SP3?

 

Is SP2 "affected"?

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

WinXP SP2 was not vulnerable to the exploit addressed by MS05-017 (15

Apr-05) in the first place, although WinXP SP1 was. (WinXP Gold was no

longer supported in April 2005.)

 

As one can install SP3 on a machine running WinXP SP1, KB946480 lists the

fix.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

crashere wrote:<span style="color:blue">

> MS05-017 lists Windows XP SP2 as unaffected, but the fix is not listed in

> KB811113 (List of fixes included in Windows XP Service Pack 2). On the

> other hand, the fix is listed in the SP3 KB946480 (List of fixes included

> in

> Windows XP Service Pack 3).

>

> If this fixed in XP SP2 then why is it not listed?

>

> Why is it listed in SP3?

>

> Is SP2 "affected"? </span>

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"crashere" <crashere@discussions.microsoft.com> wrote in message

news:8618EE07-2945-4E8C-857A-ACAC52FE4D5C@microsoft.com...<span style="color:blue">

> MS05-017 lists Windows XP SP2 as unaffected, but the fix is not listed in

> KB811113 (List of fixes included in Windows XP Service Pack 2).</span>

 

If it is unaffected, there is no need to "fix" it.

<span style="color:blue">

> On the other

> hand, the fix is listed in the SP3 KB946480 (List of fixes included in

> Windows XP Service Pack 3).</span>

 

Since SPs are cumulative, it may be included for post SP2 vulnerabilities.

<span style="color:blue">

> If this fixed in XP SP2 then why is it not listed?</span>

 

Since SP2 is unaffected there is no "fix" required.

<span style="color:blue">

> Why is it listed in SP3?</span>

 

Service packs are 'roll up' or 'cumulative', so it is probably listed

as one of the fixes since SP2 (the previous roll up).

<span style="color:blue">

> Is SP2 "affected"?</span>

 

The article you mention says it is not.

 

If a feature is added after SP2, and it is found to be vulnerable, then

you would expect 'fixes' to be issued - and the roll up would naturally

include such a fix.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...