"MS03-011: Flaw in Microsoft VM ... Windows 2000 SP4" Source Release

(imported topic written by drp91)

Fixlet “MS03-011: Flaw in Microsoft VM Could Enable System Compromise - Windows 2000 SP4” uses source at http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/msjavwu_8073687b82d41db93f4c2a04af2b34d.exe and has relevance to target Windows 2000 SP4 machines at either msjava.dll or javart.dll version .ess than 5.0.3810.0.

Deployment of the patch to 2000 SP4 relevant for this fixlet fails. VM error displayed is “The Microsoft VM you are attempting to install is a protected system component and can only be updated with a later release of the operating system or service pack.”

%WIN%\vminst.log recorded by the installation has the result: “Install aborted. This installer cannot upgrade Windows 2000. Unable to complete installation. Error 0x80004005 Exit code: AA000000”

Release date for fixlet source is April 9, 2003.

Security Bulletin MS03-011 documents a source revision dated after April 9, 2003 which corrects the Windows NT 4.0 Service Pack requirements for the installation.

(imported comment written by BenKus)

Hi drp,

We will check this out… thanks for the note…


(imported comment written by Sam_Lam91)

Hi drp,

I’ve taken a look at this fixlet (id: 301105) and at least on my test set-ups it seems to work as expected. According to the Windows Update catalog, the source URL you’ve listed, which is the same URL as is contained in the fixlet, is indeed the latest version of this patch. This is further confirmed by the information on the MS03-011 bulletin page and relevant pages linked therefrom.

Now, the specific error you’re seeing is easily duplicable in the peculiar situation that the patch is run when it is


named exactly “msjavwu.exe”. Believe it or not, even if you try to run the patch as its default name, it spits out the aforementioned error and then fails to install. The fixlet 301105 does take all this into consideration and has from the start included an action to rename the patch file to “msjavwu.exe” and then run the latter.

This now leads me to ask: can you confirm whether or not the patch was deployed to your relevant 2000 SP4 machines using specifically the fixlet action itself, and not, say, a custom action that might have removed the renaming of the patch file?

Many thanks for your post!



BigFix Product Engineer

(imported comment written by drp91)

Hi Sam…

You are right. I missed the renaming of the executable in the original relevance. I’ve now renamed this, as you indicated, in the custom task and it works like a charm.

Thank you for your help.

(imported comment written by Sam_Lam91)

Any time–I’m glad it worked out!

Sam “I Can’t Believe It’s Almost 2008” Lam