> For example, on one computer that had Windows 2000 SP2, we installed > KB826232 and then the other critical patches from 10/15. We then > installed SP4. When attempting later to uninstall KB826232, we get a > warning that Internet Explorer, Windows Media Player, and > other patches > installed after KB826232 might be non-functional if we proceeded. We > tested Windows Media Player and it was, in fact, non-functional (it > could download a video clip and display that it was playing, it just > couldn't display any video... a minor inconvenience I guess). Though referring to patch 40 and not 42 this from Brian Livingston's newsletter is likely relevant: Update HTML Help. As was the case with MS03-032 and a few other recent patches, installing MS03-040 will cause problems with Windows' HTML Help engine unless you also install a fix to update the help feature. This is explained in Microsoft Knowledge Base article 811630. Update Windows Media Player. After installing MS03-040, you also need to install an update for Windows Media Player versions 6.4, 7.1, and 9, and Media Player for XP. Microsoft-style audio and video data files are allowed (stupidly, in my opinion) to command Media Player to open Web pages. These pages might be malicious or infected. The update allows administrators to shut down this feature by making changes to the Registry. I don't believe this capability should ever have been shipped, but I recommend that you install the patch and implement the more-secure policies, as described in KB 828026. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
<<attachment: winmail.dat>>