MS08-040 fixlet ID:804007

system · July 10, 2008, 5:14pm

(imported topic written by SystemAdmin)

Hi,

Can someone explain fixlet ID 804007 to me? It seems that the only action for this fixlet is to remove that this fixlet was applicable in the first place, but if you take a look at the description of the action:

description

Click here if you wish to remove this Fixlet message and mark it as fixed on affected computers. In doing so, you accept the risk of not closing this vulnerability on affected computers.

action

regset "

HKEY_LOCAL_MACHINE\Software\BigFix\EnterpriseClient\ESRemovedFixlets

" “804007”=dword:00000001

What is the vulnerability? I took a look at a machine that was applicable the only fixlet from MS08-040 applicable was this one. Currently I do not see what the vulnerability is on this machine, but it seems that by running this fixlet, I accept the risk of not closing a vulnerability I cannot find.

Please advise.

Thanks

Rob

jeremylam · July 10, 2008, 9:27pm

(imported comment written by jeremylam)

Hi Rob,

This Fixlet indicates that you have more than one instance of SQL Server 2005 SP2 that needs to be patched - in our testing, not all SQL instances were always patched correctly, and these may require manual installation.

The Fixlet evaluates if any version of sqlservr.exe is a vulnerable version - there is one copy of this executable for each SQL server instance, and they can be patched independently of each other.

system · July 10, 2008, 9:40pm

(imported comment written by SystemAdmin)

Thanks Jeremy