Mudcat Café message #1126365

The Mudcat Café ^TM
Thread #67441 Message #1126365
Posted By: JohnInKansas
29-Feb-04 - 04:14 PM
Thread Name: Tech: Security Update for microsoft
Subject: RE: Tech: Security Update for microsoft

Kendall -

I agree with SRS that you should visit the Microsoft update site and get your whole thing checked out.

I find it "curious" that you're getting a message citing a "KB834283," since Microsoft generally stopped referring to Knowledge Base articles by "KB" number some time ago. Most Microsoft references to Knowledge Base articles are by "Q" numbers now, and a reference to "Q834283" wouldn't be surprising, or one that wrote out "Knowledge Base article 834283."

I may be overly cautious, but "it don't look right" and there have been more than a few "faked" messages that attempt to make you think you're getting something from a friend.

The article number 834283 is legit, and identifies security bulletin MS04-03 Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

The "MDAC" is a downloadable component. If you have installed it by download, or have installed previous patches, you may have any one of several versions, and Microsoft reports that the patch you need will depend on the version you have. You may be getting legitimate attempts to give you the wrong patch if you have previous upgrades, because your machine doesn't correctly identify the "updated" version number you have installed.

MS04-03 shows:
"Since the original version of MDAC on your system may have changed from updates available on the Microsoft Web site, we recommend using the following tool to determine the version of MDAC you have on your system: *Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" discusses this tool and explains how to use it. Also, Microsoft Knowledge Base article *231943 discusses the release history of the different versions of MDAC."

Links for the "*go-heres" above are in the MS04-03 article at Microsoft. The version your machine thinks it has installed will be listed in your registry, but Microsoft indicates that this information may be "unreliable" for MDAC since some updates may not have updated the registry to show the new "effective version" number when previous patches were installed.

I would expect that a trip to Microsoft, using the link SRS gave, should get you up to date. Once you have your machine cleaned up so that it shows your correct update status, you should stop getting the "repeats" - assuming that they are legitimate.

John