MS Critical Update KB911567

Discussion in 'other security issues & news' started by SecurityFan, Apr 15, 2006.

Thread Status:
Not open for further replies.
  1. SecurityFan

    SecurityFan Registered Member

    Joined:
    Oct 2, 2005
    Posts:
    28
    Hi,

    This critical update is to patch problems with MS Outlook Express. I don't use this on my XP SP1 machine, but it is there behind the scenes. Do I need to apply this critical update?

    Thanks
     
  2. crackman

    crackman Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    24
    Location:
    Southern California
    I'd say: Implement KB911567

    KB911567 details a Windows Address Book File (.wab) vulnerability – which, if nothing else, probably should be patched simply because it might bite when one least expects it. Selectively rejecting updates will often have repercussions downstream, long after the details behind one's decision are forever lost. A person might, for example, decide to open a short-term e-mail account for a visiting friend or relative, using Outlook Express as the host – not remembering that many, many months ago, KB911567 was not implemented. Your friend or relative might have a compromised personal address book that he/she now downloads from his/her travelling floppy disk, and WHAM!

    Per Microsoft Security Bulletin MS06-016, this vulnerability can be exploited outside of Outlook Express:

    KBSnapshot.jpg

    Outlook Express itself is quite safe these days – light-years beyond the swiss-cheesed worm trap of the early decade. If nothing else, I'd keep it up to date because you might never know when it will offer you some utility.

    CrackMan
    XP/IE6/SP2
     
    Last edited: Apr 15, 2006
  3. GeoffD

    GeoffD Registered Member

    Joined:
    Apr 20, 2006
    Posts:
    4
    Yesterdayevening a pc of a friend had the windows update feature in full automatic mode...
    After the patch was automatically applied, this person (using outlook express as his e-mail program) had problems accessing his original adressbook with 1500+ contacts...
    Although his original .wab adresbook file was left allone (seemingly not 2 be recognized as valid adress book anymore) he had the problem that an empty adressbook was made...
    So the obvious way was importing his original adressbook to the automatically freshly created empty one... but... also the wab-importing program failed 2 do a normal import...
    The only way to help him out was de-installing the KB911567 patch & the link related patches: KB908531, KB911562, KB912812...

    This morning i contacted Microsoft with my findings... & just now i received the message that there is indeed something wrong with the KB911567 patch...

    My advice out off experience: just 4 now temporarely skip this update please !

    Original e-mail sent (in dutch) to Microsoft this morning:

    The issue is in investigation at Microsoft & if they have updated the 4 patches i will place a download link 4 anybodies convenience here.
     
  4. crackman

    crackman Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    24
    Location:
    Southern California
    After reading the following, I now concur -- not because "unnecessary" updates should be ignored, but because KB911567 creates problems with unsent messages:

    http://www.oehelp.com/OETips.aspx

    Feelings about updates otherwise remain the same; I generally apply them even if they initially appear irrelevant.

    CrackMan
    XP/IE6/SP2
     
  5. GeoffD

    GeoffD Registered Member

    Joined:
    Apr 20, 2006
    Posts:
    4
    Re: MS Critical Update KB911567 REVISED

    KB911567 is updated and should work now normally !
    It is adviced to download this patch as soon as possible !
    For the users who applied the 'old' KB911567 please read the FAQ section thoroughly because there is to be red (amongst other things) that the old KB911567 patch should be uninstalled first...
    To aid you in your quest: see this link here

    The download link is here

    Title: Microsoft Security Bulletin Minor Revisions
    Issued: April 26, 2006
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.


    Bulletin Information:
    =====================

    * MS06-016

    - http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
    - Reason for Revision: "Caveats" section updated due to new issues
    discovered with the security update. Error message when you
    open the Windows Address Book or you open Outlook Express
    after you install cumulative security update.
    - Originally posted: April 11, 2006
    - Updated: April 26, 2006
    - Bulletin Severity Rating: Important
    - Version: 1.2

    ********************************************************************

    Support:
    ========
    Technical support resources can be found at:
    http://go.microsoft.com/fwlink/?LinkId=21131

    International customers can get support from their local Microsoft
    subsidiaries. Phone numbers for international support can be found
    at: http://support.microsoft.com/common/international.aspx

    Microsoft Support Lifecycle for Business and Developer Software
    ===============================================================
    The Microsoft Support Lifecycle policy provides consistent and
    predictable guidelines for product support availability at the
    time that the product is released. Under this policy, Microsoft
    will offer a minimum of ten years of support. This includes five
    years of Mainstream Support and five years of Extended Support for
    Business and Developer products. Microsoft will continue to provide
    security update support, at a supported Service Pack level, for a
    minimum of ten years through the Extended support phase. For more
    information about the Microsoft Support Lifecycle, visit
    http://support.microsoft.com/lifecycle/ or contact your Technical
    Account Manager.
     
    Last edited: Apr 27, 2006
  6. crackman

    crackman Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    24
    Location:
    Southern California
    Geoff:

    Thanks for the heads-up.

    CrackMan
     
  7. GeoffD

    GeoffD Registered Member

    Joined:
    Apr 20, 2006
    Posts:
    4
    Your welcome Crackman, that where this forum is all about: helping each other out !
     
  8. GeoffD

    GeoffD Registered Member

    Joined:
    Apr 20, 2006
    Posts:
    4
    Anybody who followed the KB911567 install guide lines AND had a adressbook with many e-mail groups inside them each containing several e-mail adresses has found out by now (as i did yesterday evening) that this importing procedure is a realpain...
    All individual e-mail adresses with in those e-mail groups are all plunged in 1 gigantic adress book without any e-mail group being transfered let alone being imported neathly in those e-mail groups...
    In my case 35 e-mail groups with in total 18000 individual e-mail adresses were imported (with over a 10 hours importing time) as 1 giant .wab file without e-mail group structure...
    Do others have the same problem ?
    If so did you found a workable solution for it ?

    In the meantime i have contact with Microsoft again asking for a more suiteable solution...
     
Loading...
Thread Status:
Not open for further replies.