M100653: Behavior explanation: Security patches for MS05-004, MS05-005 and MS05-006 are not downloaded

Security patches for these bulletins are not downloaded by manageSoft SPM, despite the bulletin having moved from the New/Updated Patches node to the In Progress node.

Behavior explanation: Security patches for MS05-004, MS05-005 and MS05-006 are not downloaded by ManageSoft SPM

When using ManageSoft Security Patch Management (SPM) to download security patches associated with MS05-004 or MS05-005 or MS05-006, the following behaviors occur:

  1. The downloaded bulletin moves from the New/Updated Patches node to the In Progress node in the ManageSoft SPM console
  2. No security patch executable is downloaded to the <Warehouse>\Repository\SecurityPatch\downloads directory on the administration server (warehouse).
  3. No security patch packages are created when a patch package is generated for the bulletins detailed above.

ManageSoft SPM uses a file supplied by Microsoft called mssecure.xml. This file details information about a security bulletin, the security patches that form part of the bulletin, the affected product for which the security patch needs to be installed, and the URL from which the security patch can be downloaded.

The update of mssecure.xml for February 2005 contains security bulletin information for MS05-004, MS05-005, and MS05-006, but there is no security patch information for these bulletins. When an attempt is made to download the security patches for these bulletins, ManageSoft SPM moves the bulletin to the In Progress node, as it has deemed to have successfully downloaded the security patches even though there is no security patch data for the bulletins.

MS05-004

MS05-004 fixes a vulnerability in Microsoft .NET Framework 1.0 and 1.1. This product is currently not supported by MBSA and therefore needs to be downloaded, packaged and deployed through standard ManageSoft processes (not through SPM). Please see the Microsoft Security Bulletin MS05-004 for further details.

To prevent patches that are not supported by MBSA from appearing in the security patch management New/Updated Patch node, you can configure the Application Preferences section in ManageSoft and uncheck the 'Other Applications' check box.

MS05-005

MS05-005 fixes a vulnerability in Microsoft Office XP. This product is not supported by MBSA but is supported by the Office Update tool that comes with MBSA 1.2.1.

To manage the patches associated with MS05-005 through ManageSoft SPM, use the following patches associated with Office Update:

  • OF_MSO10 (KB873352)
  • OF_PJ_MSO10 (KB873355)
  • OF_VS_MSO10 (KB873354)

MS05-006

This bulletin has two patches associated with it:

  1. Windows SharePoint Services for Windows Server 2003

    This security patch is not supported by MBSA or Office Update and must be downloaded, packaged and deployed through standard ManageSoft processes (not through SPM). Please see the Microsoft Security Bulletin MS05-006 for further details.

  2. SharePoint Team Services from Microsoft

    This security patch is supported by Office Update. Office Bulletin ID OF_STS10 should be used to download, package and deploy this security package automatically through ManageSoft SPM.

Additional Information

All versions of Security Patch Management prior to 7.5 will move the bulletin from the New/Updated Patches node to the In Progress node.

Comments

Powered by Zendesk