Windows 2003 Server SP1 Removes the MS03-039 Patch

TheMSsForum.com: The Microsoft Software Forum

Using Windows 2003 SP1 and after running an ISS scan shows that patch
MS03-039 needs to be applied.

When I tried to apply the MS03-039 patch (Windows 2003 version) it will not
install and a message box popped up stating there was already a newer version
of the file because a service pack was applied.

Did a fresh install of Windows 2003 Server and appled the MS03-039
successfully and ran Windows Update and completed all updates with the
exception of SP1.

Using the KB824146 scanning tool, it showed the patch was still applied.

After applying SP1, the scanning tool showed MS03-039 patch was NOT
installed and required investigating.

Anyone have suggestions?

--
JJ
Top

RE: Windows 2003 Server SP1 Removes the MS03-039 Patch by levinson_k

levinson_k
Fri Apr 29 17:13:03 CDT 2005

FYI, I am having the same problem, except MS03-045 / 824141 is no longer
installed and cannot be reinstalled after SP1. Automatic Updates is saying
that the patch is missing and it re-downloads it over and over. The relevant
files and registry key mentioned in the MS03-045 article have been checked
and are correct.

--
- Karl Levinson, ms mvp
-------------------------
Microsoft Security FAQ:
http://www.securityadmin.info




"JJ" wrote:

> Using Windows 2003 SP1 and after running an ISS scan shows that patch
> MS03-039 needs to be applied.
>
> When I tried to apply the MS03-039 patch (Windows 2003 version) it will not
> install and a message box popped up stating there was already a newer version
> of the file because a service pack was applied.
>
> Did a fresh install of Windows 2003 Server and appled the MS03-039
> successfully and ran Windows Update and completed all updates with the
> exception of SP1.
>
> Using the KB824146 scanning tool, it showed the patch was still applied.
>
> After applying SP1, the scanning tool showed MS03-039 patch was NOT
> installed and required investigating.
>
> Anyone have suggestions?
>
> --
> JJ
Top

RE: Windows 2003 Server SP1 Removes the MS03-039 Patch by levinson_k

levinson_k
Fri Apr 29 17:20:03 CDT 2005

More information on my similar MS03-045 problem ... the MS03-045 article
doesn't mention specific registry values, just a registry key, which is empty
on our system. We are currently attempting to run MBSA in HFNETCHK verbose
mode to try to determine why exactly AU might think the patch is missing.

To the original poster: You could try downloading and running MBSA in
command line verbose hfnetchk mode to try to see whether any part of the
patch is actually missing. If MBSA says all is OK and ISS does not, then I
would assume there is a problem with the ISS tool. The ISS tool would have
to give you more detailed information on why it thinks the patch is missing.
Usually there is a registry value missing, or a file has a different version
than what is listed in the scanner tool's config file. There may be an
option in the ISS scanner to get more detailed. If there is no visible way
to get more detailed info, call your ISS support for help or to complain.

-------------------------
Microsoft Security FAQ:
http://www.securityadmin.info




"JJ" wrote:

> Using Windows 2003 SP1 and after running an ISS scan shows that patch
> MS03-039 needs to be applied.
>
> When I tried to apply the MS03-039 patch (Windows 2003 version) it will not
> install and a message box popped up stating there was already a newer version
> of the file because a service pack was applied.
>
> Did a fresh install of Windows 2003 Server and appled the MS03-039
> successfully and ran Windows Update and completed all updates with the
> exception of SP1.
>
> Using the KB824146 scanning tool, it showed the patch was still applied.
>
> After applying SP1, the scanning tool showed MS03-039 patch was NOT
> installed and required investigating.
>
> Anyone have suggestions?
>
> --
> JJ
Top

RE: Windows 2003 Server SP1 Removes the MS03-039 Patch by levinson_k

levinson_k
Fri Apr 29 17:24:04 CDT 2005

Sorry... another slightly different approach would be to go to the bottom of
the http://www.microsoft.com/technet/security/bulletin/MS03-045.mspx bulletin
to find the patch files and registry values to check to confirm the existence
of the patch. File versions of course should meet or exceed the number
listed in the bulletin.

Since the MS03-039 scanning tool was presumably written prior to 2003 SP1
and 2003 SP1 is rather new, I suppose it is possible that the MS03-039
scanning tool and/or the ISS tool could be in need of updating and giving you
a false finding.

--

-------------------------
Microsoft Security FAQ:
http://www.securityadmin.info




"JJ" wrote:

> Using Windows 2003 SP1 and after running an ISS scan shows that patch
> MS03-039 needs to be applied.
>
> When I tried to apply the MS03-039 patch (Windows 2003 version) it will not
> install and a message box popped up stating there was already a newer version
> of the file because a service pack was applied.
>
> Did a fresh install of Windows 2003 Server and appled the MS03-039
> successfully and ran Windows Update and completed all updates with the
> exception of SP1.
>
> Using the KB824146 scanning tool, it showed the patch was still applied.
>
> After applying SP1, the scanning tool showed MS03-039 patch was NOT
> installed and required investigating.
>
> Anyone have suggestions?
>
> --
> JJ
Top