[snippage and reordering]
"Rod Davies" <ldavies@xxxxxx> wrote:
> "PaulB" <PaulB@xxxxxx> wrote:
>>> But whilst MY PC has the 12 from today, but NO Update KB 931906 listed
>>> yesterday or today and NO updates waiting to be downloaded. My Vista
>>> PRemium PC is UP to date with no new updates.
>>> Again, IT is NOT listed on MY PC as an installed update, BUT WAS
>>> and installed on my wife's yesterday. Again, why not on mine? AND
>>> did her PC all of a sudden, a few months after install, decide it needed
>>> this MAY 2007 update? Should I worry about my PC NOT having it?
>> That is a really old update from May of 2007. Are you sure you don't have
> No I definately do not have it....should I worry?
K931906 (MS07-028) is an update to the crypto API for Windows, addressing a
remote code execution vulnerability. The oddity about the feature is that it
isn't part of the base Windows product, and the prime file (capicom.dll) may
be installed by any application (from Microsoft or a third-party vendor)
that needs it, and might be placed in any folder. The patch puts the
updated copy in a standard location and makes appropriate entries in the
If you don't have the CAPICOM.DLL file on your system, you don't need the
update. What can happen is that a computer doesn't need the patch when it
was released in last May's "Patch Tuesday" fun, but at some later time the
user might install an application that brings with it a downlevel copy of
the DLL file...and thus triggers the need for MS07-028.
Having said that, my experience with the patch is that its "am I needed?"
logic isn't the best. if you install the patch it seems to do what it
should, but the Microsoft-provided XML that drives the installation tests
doesn't seem to always trigger installation when an unpatched version is
present. (I've squawked this up the line, and received the expected