Hi,

This critical update is to patch problems with MS Outlook Express. I don't use this on my XP SP1 machine, but it is there behind the scenes. Do I need to apply this critical update?

Thanks

-{ Quote: "This critical update is to patch problems with MS Outlook Express. I don't use this on my XP SP1 machine, but it is there behind the scenes. Do I need to apply this critical update?" }-
KB911567 details a Windows Address Book File (.wab) vulnerability – which, if nothing else, probably should be patched simply because it might bite when one least expects it. Selectively rejecting updates will often have repercussions downstream, long after the details behind one's decision are forever lost. A person might, for example, decide to open a short-term e-mail account for a visiting friend or relative, using Outlook Express as the host – not remembering that many, many months ago, KB911567 was not implemented. Your friend or relative might have a compromised personal address book that he/she now downloads from his/her travelling floppy disk, and WHAM!

Per Microsoft Security Bulletin MS06-016, this vulnerability can be exploited outside of Outlook Express:

177390

Outlook Express itself is quite safe these days – light-years beyond the swiss-cheesed worm trap of the early decade. If nothing else, I'd keep it up to date because you might never know when it will offer you some utility.

CrackMan
XP/IE6/SP2

Yesterdayevening a pc of a friend had the windows update feature in full automatic mode...
After the patch was automatically applied, this person (using outlook express as his e-mail program) had problems accessing his original adressbook with 1500+ contacts...
Although his original .wab adresbook file was left allone (seemingly not 2 be recognized as valid adress book anymore) he had the problem that an empty adressbook was made...
So the obvious way was importing his original adressbook to the automatically freshly created empty one... but... also the wab-importing program failed 2 do a normal import...
The only way to help him out was de-installing the KB911567 patch & the link related patches: KB908531, KB911562, KB912812...

This morning i contacted Microsoft with my findings... & just now i received the message that there is indeed something wrong with the KB911567 patch...

My advice out off experience: just 4 now temporarely skip this update please !

Original e-mail sent (in dutch) to Microsoft this morning:

-{ Quote: "Goedemorgen Marc,
Gisteren was ik bij vrienden van mij in Wieringerwerf (u kent ze ook: Monique en Hans), waar ik bij 2 pc's hetzelfde probleem kreeg...

Probleem omschrijving:
Na de critical security update: KB911567 werd het op de pc bestaande .wab adresboek bestand van outlook express niet meer herkent & na oproepen van het adresboek programma (wab.exe) in outlook express werd er een LEEG adresboek .wab bestand aangemaakt waarbij tevens OOK het wab-adresboek import programma niet meer werkte met als gevolg dat: het originele wab adresboek bestand ook niet meer ge-importeerd kon worden in het lege adresboek bestand...

Werkbare tussenoplossing:
De ENIGE manier om ervoor te zorgen dat er geen adresboek problemen meer waren was het terugdraaien (de-installeren) van de patches: KB911567 en de daar aan link-gerelateerde patches: KB908531, KB911562 en KB912812.
Tevens heb ik ook de automatische windows update functie nu uitgeschakeld op deze pc zodat deze patches niet meer automatisch gedownload & geinstalleerd kunnen worden.
Alles functioneert nu wel naar behoren op deze pc, maar is natuurlijk slechts een tijdelijke oplossing daar het potentieel beveiligingslek probleem wat aangemerkt is door Microsoft als zijnde: CRITICAL hiermee niet opgelost is...

Mijn vraag aan Microsoft:
Kunt u deze bovenstaande praktijk-bevindingen via uw kanalen binnen Microsoft doorsturen aan software-developers zodat deze de 4 patches zodanig verbeteren dat:
1. er geen problemen meer gaan ontstaan in het adresboek in het bijzonder & outlook express in het algemeen NA toepassing van de 4 patches.
2. het potentieel kritisch aangemerkte beveilingslek (waar deze patches voor geschreven waren) tevens ook definitief gedicht worden.

De technische detail gegevens omtrend het gebruikte besturingssysteem Windows XP home sp2 en versie nummers van de dll bestanden in detail voor & na de update kan ik, desgewenst, in een vervolg e-mail naar u of een softwaredeveloper sturen.
Ik wacht Microsofts reactie in deze, vol verwachting af.

Hoogachtend,
Geoffrey John Dillen " }-

The issue is in investigation at Microsoft & if they have updated the 4 patches i will place a download link 4 anybodies convenience here.

-{ Quote: "...just 4 now temporarely [sic] skip this update please !" }-

After reading the following, I now concur -- not because "unnecessary" updates should be ignored, but because KB911567 creates problems with unsent messages:

http://www.oehelp.com/OETips.aspx

Feelings about updates otherwise remain the same; I generally apply them even if they initially appear irrelevant.

CrackMan
XP/IE6/SP2

KB911567 is updated and should work now normally !
It is adviced to download this patch as soon as possible !
For the users who applied the 'old' KB911567 please read the FAQ section thoroughly because there is to be red (amongst other things) that the old KB911567 patch should be uninstalled first...
To aid you in your quest: see this link here (http://support.microsoft.com/kb/917288)

The download link is here (http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx)

Title: Microsoft Security Bulletin Minor Revisions
Issued: April 26, 2006
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


Bulletin Information:
=====================

* MS06-016

- http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
- Reason for Revision: "Caveats" section updated due to new issues
discovered with the security update. Error message when you
open the Windows Address Book or you open Outlook Express
after you install cumulative security update.
- Originally posted: April 11, 2006
- Updated: April 26, 2006
- Bulletin Severity Rating: Important
- Version: 1.2

********************************************************************

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Microsoft Support Lifecycle for Business and Developer Software
===============================================================
The Microsoft Support Lifecycle policy provides consistent and
predictable guidelines for product support availability at the
time that the product is released. Under this policy, Microsoft
will offer a minimum of ten years of support. This includes five
years of Mainstream Support and five years of Extended Support for
Business and Developer products. Microsoft will continue to provide
security update support, at a supported Service Pack level, for a
minimum of ten years through the Extended support phase. For more
information about the Microsoft Support Lifecycle, visit
http://support.microsoft.com/lifecycle/ or contact your Technical
Account Manager.

Geoff:

Thanks for the heads-up.

CrackMan

Your welcome Crackman, that where this forum is all about: helping each other out !

Anybody who followed the KB911567 install guide lines AND had a adressbook with many e-mail groups inside them each containing several e-mail adresses has found out by now (as i did yesterday evening) that this importing procedure is a realpain...
All individual e-mail adresses with in those e-mail groups are all plunged in 1 gigantic adress book without any e-mail group being transfered let alone being imported neathly in those e-mail groups...
In my case 35 e-mail groups with in total 18000 individual e-mail adresses were imported (with over a 10 hours importing time) as 1 giant .wab file without e-mail group structure...
Do others have the same problem ?
If so did you found a workable solution for it ?

In the meantime i have contact with Microsoft again asking for a more suiteable solution...