[BigFix-Announcements] BES Auto Notification: New Fixlets Publishedin Fixlet Site: EnterpriseSecurity

Tim Tsai tim_tsai at bigfix.com
Thu Aug 10 11:40:28 PDT 2006 

Please disregard this last announcement, due to an error in the
auto-notification script, the announcement included several false
positive reports of new Fixlet messages. An updated announcement will be
sent out shortly. We apologize for any inconvenience this may have
caused.

BigFix Product Team

-----Original Message-----
From: bigfix-announcements-bounces at bigmail.bigfix.com
[mailto:bigfix-announcements-bounces at bigmail.bigfix.com] On Behalf Of
autonotify at bigfix.com
Sent: Thursday, August 10, 2006 2:02 AM
To: bigfix-announcements at bigmail.bigfix.com
Subject: [BigFix-Announcements] BES Auto Notification: New Fixlets
Publishedin Fixlet Site: EnterpriseSecurity

Fixlet Site - EnterpriseSecurity
Current Version: 769	Published: Thu, 10 Aug 2006 01:49:14 GMT


***************************************************************
Title: MS99-033: "Malformed Telnet Argument" Patch for Windows 98 Telnet
Client
Severity: <Unspecified>
Fixlet ID: 9903301
Fixlet Link:
http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: Microsoft has released a patch to fix the "Malformed
Telnet Argument" security hole within the Windows 98 Telnet Client
application. This security hole could allow a malicious program to gain
access to affected computers when users view a corrupted web page. After
installing this patch, affected computers will no longer be susceptible
to this vulnerability.

***************************************************************
Title: MS99-033: CORRUPT PATCH - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903302
Fixlet Link:
http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletin MS99-033. Some
files being used by these computers have versions earlier than those of
the corresponding files installed by the patch. Services or applications
installed after the patch was distributed may have overwritten the
files, or the initial installation may have been faulty. We recommend
reinstalling this patch to ensure the safety of affected computers.

***************************************************************
Title: MS99-033: "Malformed Telnet Argument" Patch for Windows 95 Telnet
Client
Severity: <Unspecified>
Fixlet ID: 9903303
Fixlet Link:
http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: Microsoft has released a patch to fix the "Malformed
Telnet Argument" security hole within the Windows 95 Telnet Client
application. This security hole could allow a malicious program to gain
access to affected computers when users view a corrupted web page. After
installing this patch, affected computers will no longer be susceptible
to this vulnerability. 

***************************************************************
Title: MS99-033: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903304
Fixlet Link:
http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletin MS99-033. Some
files being used by these computers have versions earlier than those of
the corresponding files installed by the patch. Services or applications
installed after the patch was distributed may have overwritten the
files, or the initial installation may have been faulty. We recommend
reinstalling this patch to ensure the safety of affected computers. This
patch fixes the "Malformed Telnet Argument" security hole within the
Windows 95 Telnet Client application. This security hole could allow a
malicious program to gain access to affected computers when users view a
corrupted web page. After installing this patch, affected computers will
no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation
File $winnt$.inf
Severity: <Unspecified>
Fixlet ID: 9903601
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a
potential security vulnerability in the unattended installation feature
of Microsoft(r) Windows NT 4.0 Workstation and Server that could cause
sensitive information to be exposed. The parameter file $winnt$.inf is
used in normal unattended installations. Sometimes this file can contain
sensitive information such as machine account passwords or Local
Administrator passwords. If you performed unattended installations of
Windows NT, you may want to review the information within this file or
click on the action button below to delete this file altogether.

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation
File $nt4pre$.inf
Severity: <Unspecified>
Fixlet ID: 9903602
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a
potential security vulnerability in the unattended installation feature
of Microsoft(r) Windows NT 4.0 Workstation and Server that could cause
sensitive information to be exposed. The parameter file $nt4pre$.inf is
used in Sysprep. Sometimes this file can contain sensitive information
such as machine account passwords or Local Administrator passwords. If
you performed unattended installations of Windows NT, you may want to
review the information within this file or click on the action button
below to delete this file altogether.

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation
Files
Severity: <Unspecified>
Fixlet ID: 9903603
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a
potential security vulnerability in the unattended installation feature
of Microsoft(r) Windows NT 4.0 Workstation and Server that could cause
sensitive information to be exposed. The parameter files $winnt$.inf and
$nt4pre$.inf are used in normal unattended installations and in Sysprep
(respectively). Sometimes these files can contain sensitive information
such as machine account passwords or Local Administrator passwords. If
you performed unattended installations of Windows NT, you may want to
review the information within these files or click on the action button
below to delete these files altogether.

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP
Packet" Vulnerabilities - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903801
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate
the following security vulnerabilities:  MS99-038: The "Spoofed Route
Pointer" vulnerability. This vulnerability could allow a malicious user
to obtain network information, even if source routing has been disabled.
Installing this update will eliminate this vulnerability and provide
additional control over source routing. MS99-034: The "Fragmented IGMP
Packet" vulnerability. If fragmented or malformed, Internet Group
Management Protocol (IGMP) data packets can cause a variety of problems
in Windows 98, ranging from slowing system performance to system
failure. 

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP
Packet" Vulnerabilities - Windows 98 SE
Severity: <Unspecified>
Fixlet ID: 9903802
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate
the following security vulnerabilities:   MS99-038: The "Spoofed Route
Pointer" vulnerability. This vulnerability could allow a malicious user
to obtain network information, even if source routing has been disabled.
Installing this update will eliminate this vulnerability and provide
additional control over source routing. MS99-034: The "Fragmented IGMP
Packet" vulnerability. If fragmented or malformed, Internet Group
Management Protocol (IGMP) data packets can cause a variety of problems
in Windows 98, ranging from slowing system performance to system
failure. 

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903803
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletins MS99-038 and
MS99-034. Some files being used by these computers have versions earlier
than those of the corresponding files installed by the patch. Services
or applications installed after the patch was distributed may have
overwritten the files, or the initial installation may have been faulty.
We recommend reinstalling this patch to ensure the safety of affected
computers.This patch eliminates the following security
vulnerabilities:MS99-038: The "Spoofed Route Pointer" vulnerability.
This vulnerability could allow a malicious user to obtain network
information, even if source routing has been disabled. Installing this
update will eliminate this vulnerability and provide additional control
over source routing.MS99-034: The "Fragmented IGMP Packet"
vulnerability. If fragmented or malformed, Internet Group Management
Protocol (IGMP) data packets can cau
 se a variety of problems in Windows 98, ranging from slowing system
performance to system failure.

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 98 SE
Severity: <Unspecified>
Fixlet ID: 9903804
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description:  The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletins MS99-038 and
MS99-034. Some files being used by these computers have versions earlier
than those of the corresponding files installed by the patch. Services
or applications installed after the patch was distributed may have
overwritten the files, or the initial installation may have been faulty.
We recommend reinstalling this patch to ensure the safety of affected
computers.  

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP
Packet" Vulnerabilities - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903805
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate
the following security vulnerabilities:  MS99-038: The "Spoofed Route
Pointer" vulnerability. This vulnerability could allow a malicious user
to obtain network information, even if source routing has been disabled.
Installing this update will eliminate this vulnerability and provide
additional control over source routing. MS99-034: The "Fragmented IGMP
Packet" vulnerability. If fragmented or malformed, Internet Group
Management Protocol (IGMP) data packets can cause a variety of problems
in Windows 95, ranging from slowing system performance to system
failure. 

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903806
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description:  The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletins MS99-038 and
MS99-034. Some files being used by these computers have versions earlier
than those of the corresponding files installed by the patch. Services
or applications installed after the patch was distributed may have
overwritten the files, or the initial installation may have been faulty.
We recommend reinstalling this patch to ensure the safety of affected
computers.  This patch eliminates the following security
vulnerabilities:   MS99-038: The "Spoofed Route Pointer" vulnerability.
This vulnerability could allow a malicious user to obtain network
information, even if source routing has been disabled. Installing this
update will eliminate this vulnerability and provide additional control
over source routing. MS99-034: The "Fragmented IGMP Packet"
vulnerability. If fragmented or malformed, Internet Group Management
Protocol (IGMP) data packets 
 can cause a variety of problems in Windows 95, ranging from slowing
system performance to system failure. 

***************************************************************
Title: MS99-049: "File Access URL" Vulnerability in Windows 98
Severity: <Unspecified>
Fixlet ID: 9904901
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-049.asp

Fixlet Description: Microsoft has released a patch for the "File Access
URL" security vulnerability in Windows 98. This vulnerability could
allow a malicious web site or e-mail message to crash affected computers
or run unauthorized code. After installing this patch, affected
computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-049: "File Access URL" Vulnerability in Windows 95
Severity: <Unspecified>
Fixlet ID: 9904902
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms99-049.asp

Fixlet Description: Microsoft has released a patch for the "File Access
URL" security vulnerability in Windows 95. This vulnerability could
allow a malicious web site or e-mail message to crash affected computers
or run unauthorized code. After installing this patch, affected
computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-052: Legacy Credential Caching Vulnerability in Windows 98
Severity: <Unspecified>
Fixlet ID: 9905201
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-052.asp

Fixlet Description: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Windows 98. The vulnerability could
allow a malicious user to retrieve a user's network password from
affected machines. After installing this patch, affected computers will
no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-052: Legacy Credential Caching Vulnerability in Windows 95
Severity: <Unspecified>
Fixlet ID: 9905202
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-052.asp

Fixlet Description: Microsoft has released a patch that eliminates a
security vulnerability in Windows 95 caused by a legacy mechanism for
caching network security credentials. The vulnerability could allow a
user's plaintext network password to be retrieved from the cache. 

***************************************************************
Title: MS99-052: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9905203
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-052.asp

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS bulletin MS99-052. Some
files being used by these computers have versions earlier than those of
the corresponding files installed by the patch. Services or applications
installed after the patch was distributed may have overwritten the
files, or the initial installation may have been faulty. We recommend
reinstalling this patch to ensure the safety of affected computers. The
patch eliminates a security vulnerability in Windows 95 and 98 caused by
a legacy mechanism for caching network security credentials. The
vulnerability could allow a user's plaintext network password to be
retrieved from the cache. 

***************************************************************
Title: MS99-030: Office 95 ODBC Vulnerabilities (Windows 9x/NT)
Severity: <Unspecified>
Fixlet ID: 9903001
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several
vulnerabilities in the Jet database engine for Office 95. These
vulnerabilities would allow an attacker to embed an operating system
command within a database query. These commands could allow the attacker
to take almost any action on the computer. 

***************************************************************
Title: MS99-030: Office 95 ODBC Vulnerabilities (No Update Available)
Severity: <Unspecified>
Fixlet ID: 9903002
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a security bulletin detailing
several vulnerabilities in the Jet database engine for Office 95. These
vulnerabilities would allow an attacker to embed an operating system
command within a database query. These commands could allow the attacker
to take almost any action on the computer. The MS99-030 security update
will run only on computers running Windows 9x and NT, which are the
operating systems supported for Office 95. The listed computers are not
running Windows 9x or NT, but have been detected to have a vulnerable
version of the file updated by the security patch. To determine the
level of risk affected computers are exposed to, please read Security
Bulletin MS99-030.

***************************************************************
Title: MS99-030: Office 97 ODBC Vulnerabilities (Windows 9x/NT)
Severity: <Unspecified>
Fixlet ID: 9903003
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several
vulnerabilities in the Jet database engine for Office 97. These
vulnerabilities would allow an attacker to embed an operating system
command within a database query. These commands could allow the attacker
to take almost any action on the computer. 

***************************************************************
Title: MS99-030: Office 97 ODBC Vulnerabilities (No Update Available)
Severity: <Unspecified>
Fixlet ID: 9903004
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several
vulnerabilities in the Jet database engine for Office 97. These
vulnerabilities would allow an attacker to embed an operating system
command within a database query. These commands could allow the attacker
to take almost any action on the computer. The MS99-030 security update
will run only on computers running Windows 9x and NT, which are the
operating systems supported for Office 97. The listed computers are not
running Windows 9x or NT, but have been detected to have a vulnerable
version of the file updated by the security patch. To determine the
level of risk affected computers are exposed to, please read Security
Bulletin MS99-030.

***************************************************************
Title: MS99-010:  File Access Vulnerability in FrontPage 98 Personal Web
Server
Severity: <Unspecified>
Fixlet ID: 9901001
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has released a patch that eliminates a
security vulnerability in FrontPage 98 Personal Web Server for Windows
9x systems. This vulnerability could allow an attacker to use a
non-standard URL to read files on computers using the web server. After
downloading and installing this patch, the affected computers will no
longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-010:  File Access Vulnerability in FrontPage 97 Personal Web
Server
Severity: <Unspecified>
Fixlet ID: 9901002
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has announced a security vulnerability in
FrontPage 97 Personal Web Server for Windows 9x systems. This
vulnerability could allow an attacker to use a non-standard URL to read
files on computers running the web server.Microsoft has not provided a
patch to fix this vulnerability. Instead, they have detailed two
possible methods for closing this hole. If you do not require remote
authoring, Microsoft recommends that you upgrade to Microsoft Personal
Web Server. This is available on CDs for FrontPage 97, Windows 98, and
the NT Option Pack. If you do require remote authoring Microsoft
recommends that you upgrade to the most recent release of FrontPage
Server Extensions, modify a file to point to your FrontPage root, and
install a new patch. 

***************************************************************
Title: MS99-010:  File Access Vulnerability in Personal Web Server
Severity: <Unspecified>
Fixlet ID: 9901003
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Personal Web Server 4.0 for Windows
9x systems. This vulnerability could allow an attacker to use a
non-standard URL to read files on computers using the web server. After
downloading and installing this patch, the affected computers will no
longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-005: BackOffice Server 4.0 Does Not Delete Installation
Setup File
Severity: <Unspecified>
Fixlet ID: 9900501
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-005.asp

Fixlet Description: Microsoft has released a bulletin announcing a
vulnerability in Backoffice Server 4.0. Computers whose installation of
Backoffice Server included SQL Server, Exchange Server or Microsoft
Transaction Server have a password vulnerability. When the programs were
installed the passwords were saved in the reboot.ini file, which was not
deleted after installation was completed. Anyone with access to the
folder in which the file is stored would have access to the programs'
passwords.  After deleting the file, affected computers will no longer
be susceptible to this vulnerability. 

***************************************************************
Title: MS99-007: Taskpads Scripting Vulnerability
Severity: <Unspecified>
Fixlet ID: 9900701
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-007.asp

Fixlet Description: Microsoft has released a patch fixing a
vulnerability in the Taskpads functionality of Windows 98 Resource Kit
and Backoffice Resource Kit Second Edition for Windows 9x Systems.
Taskpads allows you to run Resource Kit functions via an HTML page. A
scripting vulnerability would allow a visited website to run executables
on a computer on which Taskpads is installed.  After downloading and
installing this patch, affected computers will no longer be susceptible
to this vulnerability.

***************************************************************
Title: MS99-001:  Exposure in Forms 2.0 TextBox Control Allows Access to
Clipboard
Severity: <Unspecified>
Fixlet ID: 9900101
Fixlet Link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS99-001.asp

Fixlet Description: Microsoft has released a patch that eliminates a
vulnerability in the Forms 2.0 ActiveX control. This control is
distributed in any application that includes Visual Basic for
Applications 5.0. A malicious hacker could use the Forms 2.0 Control to
read or export text on a user's Clipboard when that user visits a web
site set up by the malicious hacker or opens a HTML email created by the
malicious hacker. After installing this patch the affected computers
will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: Vulnerability in ASP.NET Path Validation - .NET
Framework 1.1 SP1 - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 500477
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: Microsoft has released a patch eliminating a
security vulnerability in ASP.NET that could allow an attacker to bypass
the security of an ASP.NET Web site and gain unauthorized access. After
downloading and installing this patch, affected computers will no longer
be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 500480
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS05-004. Some files being used
by these computers have versions earlier than those of the corresponding
files installed by the patch. Services or applications installed after
the patch was distributed may have overwritten the files, or the initial
installation may have been faulty. We recommend reinstalling this patch
to ensure the safety of affected computers. Microsoft has released a
patch eliminating a security vulnerability in ASP.NET that could allow
an attacker to bypass the security of an ASP.NET Web site and gain
unauthorized access. After downloading and installing this patch,
affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS06-047: Vulnerability in Microsoft Visual Basic for
Applications Could Allow Remote Code Execution - Access 2000 Runtime
(Network/Local Install)
Severity: Critical
Fixlet ID: 604706
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

Fixlet Description:  Microsoft has released a security patch for Access
2000 Runtime. This update resolves several newly-discovered, privately
reported and public vulnerabilities. On vulnerable versions of Access
2000 Runtime, if a user is logged on with administrative user rights, an
attacker who successfully exploited this vulnerability could take
complete control of the client workstation. After downloading and
installing this patch, affected computers will no longer be susceptible
to these vulnerabilities. 

***************************************************************
Title: MS06-047: Vulnerability in Microsoft Visual Basic for
Applications Could Allow Remote Code Execution - Microsoft VBA
Severity: Critical
Fixlet ID: 604707
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

Fixlet Description: Microsoft has released a security patch for Visual
Basic for Applications. This update resolves several newly-discovered,
privately reported and public vulnerabilities. On vulnerable versions of
Visual Basic for Applications, if a user is logged on with
administrative user rights, an attacker who successfully exploited this
vulnerability could take complete control of the client workstation.
After downloading and installing this patch, affected computers will no
longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS05-004: Vulnerability in ASP.NET Path Validation - .NET
Framework 1.1 SP1 - Windows XP/2003 (x64) - BES < 6.0
Severity: Important
Fixlet ID: 500481
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: Microsoft has released a patch eliminating a
security vulnerability in ASP.NET that could allow an attacker to bypass
the security of an ASP.NET Web site and gain unauthorized access. After
downloading and installing this patch, affected computers will no longer
be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: CORRUPT PATCH - Windows XP/2003 (x64) - BES < 6.0
Severity: Important
Fixlet ID: 500482
Fixlet Link:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: The listed computers have faulty installations of a
patch for the vulnerability described in MS05-004. Some files being used
by these computers have versions earlier than those of the corresponding
files installed by the patch. Services or applications installed after
the patch was distributed may have overwritten the files, or the initial
installation may have been faulty. We recommend reinstalling this patch
to ensure the safety of affected computers. Microsoft has released a
patch eliminating a security vulnerability in ASP.NET that could allow
an attacker to bypass the security of an ASP.NET Web site and gain
unauthorized access. After downloading and installing this patch,
affected computers will no longer be susceptible to this vulnerability.

More information about the BigFix-Announcements mailing list