The fixlet published for Microsoft’s FixIt 2896666 does not appear to have accurate relevance. According to the fixlet, it is showing applicable across our entire Windows Server infrastructure that is made up of 2003 and 2008R2 servers. According to the below Microsoft article, the security advisory does not deem Server 2003 or Server 2008R2 as affected. We do not have Office or Lync installed on these servers.
I totally understood your concern. Microsoft says the vulnerability is affecting Windows Vista & 2008 + Office & Lync only. Microsoft states that there is a vulnerability existing in the way affected components handle specially crafted TIFF images and Microsoft has provided a workaround by disabling the TIFF codec.
If you look into the details of the
Microsoft Fix it
given by Microsoft, it simply provides an automatic way of enable or disable the workaround - Disable the TIFF codec.
Our testing results show that this fix can be installed to different OS from Win XP to Windows 2008 R2 without requiring the existence of Office product. The Fixlet we have provided is following this applicability.
I would have to disagree. The Knowledge Base exist for a specific reason, it helps define the parameters in which Change Management is approached. Example…Say we do deploy this and ignore what’s been stated in the KB article on other OS’s but then something happens and those non-affected OS do not function properly. Then it’s no longer a Microsoft issue because what’s been defined in the kb article was ignored and Support will not be provided even if the root cause is not the hot-fix itself. Also, side note, this becomes a legal nightmare.
Microsoft has updated some information for this Security Advisory, clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds today. This information is helpful for us to identify the affected system more accurately.
Though there is quite a complex about the attack range, we will try our best to be align with Microsoft’s statement.