MS11-003, and FixIts 50591/50592

  • 2 Replies
  • 3265 Views
*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 376
  • Rascal & Biscuit
MS11-003, and FixIts 50591/50592
« on: February 09, 2011, 12:30:30 PM »
Microsoft is recommending that anyone who applied WorkAround/FixIt 50591 (install appcompat shim, to "fix" recursive-CSS vulnerability) should UNdo it via FixIt 50592, before applying the "offical" fix in the Cumulative Update for IE, MS11-003.

Question:   What are users (myself included) who have already applied MS11-003 without having run 50592 first, supposed to do now?

1) nothing
2) run 50592 now (even after installing MS11-003) [and stop there].
3) run 50592 now, and then RE-download/RE-install MS11-003
4) remove the MS11-003 update (System Restore??), run 50592, and then  RE-download/RE-install MS11-003
5) something else completely.

I am aiming for definitive answers (citing authoritative sources) rather than mere "speculation", if at all possible

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: MS11-003, and FixIts 50591/50592
« Reply #1 on: February 09, 2011, 12:58:17 PM »
I remember a couple work arounds recommended for a couple different issues from the past. I also remember applying one of them but now I don't remember which it was.

It would be really good if either Microsoft would not recommend any of these work arounds prior to launching some patch, or launch the patch after the recommended work around with the "undo" feature written into it so idiots like me won't get caught in the pinch again.

I had to restore an image of the system the other day because of a Microsoft beta version of the service pack for Windows 7 that wouldn't uninstall properly. I hacked the registry to get rid of it and when I did, Microsoft suddenly began to flag my system as a bootleg copy of Windows proudly displaying the tag "This is not a genuine copy of Windows" in the lower right corner of the screen (or some words to that effect). In addition to that, the system was reduced in functionality and wouldn't download/install certain updates and removed my background display among other things. Really tweaked my nose I must say.

I don't mind at all that Microsoft wants to hammer on software pirates. I do that myself lol...but I don't like being hammered on as one of them when the software I use actually came right from the Microsoft store. I wrote to them about this the other day as well, and haven't heard a single peep out of them as of yet.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 376
  • Rascal & Biscuit
Re: MS11-003, and FixIts 50591/50592
« Reply #2 on: February 09, 2011, 01:16:25 PM »
Yes, it would really be "professional" of Microsoft to test for implementation of its FixIts, and either automatically UNdo them first (as you suggested), or at the very least, advise the user to manually run the UNdo before it would proceed any further.

While on the topic, yesterday's update MS11-006 was the official/final response to the temporary FixIt 50590 (Modify the Access Control List on shimgvl.dll), which had its corresponding UNdo #50593.   Microsoft quickly removed this pair of fixits (50590, 50593) from its web site, and so (taking what I believed to be the safer approach) I opted to run 50593 before allowing MS11-006 to install.

But in the case of MS11-003, and its FixIts 50591/50592 , the fixits remain available from Microsoft even now [from http://support.microsoft.com/kb/2488013 ], and so, I erroneously concluded that MS11-003 did not address this issue... and so, did not run the UNdo.