Microsoft: May 2007 Archives

Windows 2003 SP2, MS07-016 and IE7

According to Microsoft Technet MS07-016 is included in Windows 2003 Service Pack 2.

However, if you install IE7 after installing SP2 for Windows 2003, you end up with a wininet.dll that is version 7.0.5730.11. According to MS07-016, this is a vulnerable version of this dll.

So now, we're in a pickle. As of Monday, Windows Update did not recognize a need for MS07-016 on this computer. The Security Bulletin does not address this scenario.

I contacted our Microsoft Technical Account Manager. He contacted the security group at Microsoft who verified that the system is vulnerable and we must reapply the patch. Fortunately the Cumulative Update for Internet Explorer 7 for Windows Server 2003 (KB928090) worked on this system even though the patch says its for Windows 2003 SP1.

By Roger on May 1, 2007 10:47 AM | | Comments (2) | TrackBacks (0)
« Microsoft: April 2007 | Main Index | Archives | Microsoft: August 2007 »

Search