Not sure if i reported this before or not. I only get this on an NT4 server.



MS01-041

Malformed RPC Request Can Cause Service Failure

File version is greater than expected.

[\\pixel\C$\WINNT\system32\riched32.dll, 5.0.1458.47 > 4.0.835.1381]

We get this on EVERY NT4-machine in our network.  



We're running on SMS 2.0 with SUS implemented. All security-updates are applied to all machines, including MS01-041, but Web Reporting still shows a lot of this update "missing" ...



I hope MS will fix this!






	
Quote:
	

	

		

			
				Originally posted by Jonathon Douglas 

Not sure if i reported this before or not. I only get this on an NT4 server.



MS01-041

Malformed RPC Request Can Cause Service Failure

File version is greater than expected.

[\\pixel\C$\WINNT\system32\riched32.dll, 5.0.1458.47 > 4.0.835.1381] 
			
		
	
	

Thanks for posting this Jonathon.  We're working to remove this unnecessary

warning in an upcoming release of the MSSECURE.XML file.



I hope that helps...



--





Doug Neal [MSFT]

dugn@online.microsoft.com



This posting is provided "AS IS" with no warranties, and confers no rights.



If newsgroup discussion with experts and MVPs is unable to solve a problem

to your satisfaction, feel free to contact PSS for the Microsoft Baseline

Security Analyzer (MBSA) at the following link:

http://support.microsoft.com/default...s;Prodoffer20a



This e-mail address does not receive e-mail, but is used for newsgroup

postings only.





"Jonathon Douglas" <jon@valleyhouse.co.uk> wrote in message

news:OBA6G0HTEHA.544@TK2MSFTNGP11.phx.gbl...

> Not sure if i reported this before or not. I only get this on an NT4

> server.

>

> MS01-041

> Malformed RPC Request Can Cause Service Failure

> File version is greater than expected.

> [\\pixel\C$\WINNT\system32\riched32.dll, 5.0.1458.47 > 4.0.835.1381]

>

>

In your e-mail, it's not clear what the problem happens to be.  And it may

be helpful to post your concerns on the SMS newsgroup to notify the best

experts in the field.  For general MBSA issues, we usually request a bit of

information to help us troubleshoot the issue.  If you could reply with

details below, it may help us investigate the issue you are having:



The following information is helpful to accurately determine if there is an

MBSA problem.







If MBSA reports a "Patch NOT Found" warning (indicated by a red 'X" in the

GUI interface), this means a patch for a security vulnerability needs to be

installed immediately to protect your system.  Or, if MBSA reports a

'greater than expected', 'invalid checksum' or "required registry key"

warning, we will need additional information to identify the issue.  Please

reply with the following four files captured in a ZIP file:







Run MBSACLI /HF /V /TRACE > OUTPUT.TXT (on the local machine - or add the /H

<Hostname>" parameter for a remote scan) - and capture the HF.LOG and

OUTPUT.TXT file







Also run MBSACLI /HF /V -History 1 /TRACE > HISOUTPUT.TXT - and capture the

new HF.LOG file and HISOUTPUT.TXT file







Please also include



a.. The exact error message being reported (a screen shot and/or the exact

text if possible)

b.. The version of MBSA being used (from 'About MBSA' or command-line

output)

c.. The version of the MSSECURE.XML file (open the MSSECURE.XML file in

NOTEPAD and check the 'DataVersion="xx.xx.xx.xx' information)

d.. Provide the OS, OS service pack and OS language of the target machine

e.. Indicate which type of scan is being performed (MBSA GUI scan, MBSACLI

or

MBSACLI /HF scan) - and what command-line parameters are being used (if

you are using MBSACLI)





This will help us quickly identify the root of the problem.  Thank you!





--





Doug Neal [MSFT]

dugn@online.microsoft.com



This posting is provided "AS IS" with no warranties, and confers no rights.



If newsgroup discussion with experts and MVPs is unable to solve a problem

to your satisfaction, feel free to contact PSS for the Microsoft Baseline

Security Analyzer (MBSA) at the following link:

http://support.microsoft.com/default...s;Prodoffer20a



This e-mail address does not receive e-mail, but is used for newsgroup

postings only.





"Yanze" <Yanze.18f15r@mail.mcse.ms> wrote in message

news:Yanze.18f15r@mail.mcse.ms...

>

> We get this on EVERY NT4-machine in our network. 

>

> We're running on SMS 2.0 with SUS implemented. All security-updates are

> applied to all machines, including MS01-041, but Web Reporting still

> shows a lot of this update "missing" ...

>

> I hope MS will fix this!

>

>

> Jonathon Douglas wrote: 

>

>

>

> --

> Yanze

> ------------------------------------------------------------------------

> Posted via http://www.mcse.ms

> ------------------------------------------------------------------------

> View this thread: http://www.mcse.ms/message743424.html

>

this is happening cause of the MBSA tool.It return Note messages,and then it reports that back to SMS.To solve this you need to supress note messages from the MBSA tool.The note message is that it founds a version of a file grater than the one it needs.Th

e systems are patched,but all NT 4.0 wrks will want to reinstall ...





"Doug Neal [MSFT]" wrote:



> In your e-mail, it's not clear what the problem happens to be.  And it may

> be helpful to post your concerns on the SMS newsgroup to notify the best

> experts in the field.  For general MBSA issues, we usually request a bit of

> information to help us troubleshoot the issue.  If you could reply with

> details below, it may help us investigate the issue you are having:

>

> The following information is helpful to accurately determine if there is an

> MBSA problem.

>

>

>

> If MBSA reports a "Patch NOT Found" warning (indicated by a red 'X" in the

> GUI interface), this means a patch for a security vulnerability needs to be

> installed immediately to protect your system.  Or, if MBSA reports a

> 'greater than expected', 'invalid checksum' or "required registry key"

> warning, we will need additional information to identify the issue.  Please

> reply with the following four files captured in a ZIP file:

>

>

>

> Run MBSACLI /HF /V /TRACE > OUTPUT.TXT (on the local machine - or add the /H

> <Hostname>" parameter for a remote scan) - and capture the HF.LOG and

> OUTPUT.TXT file

>

>

>

> Also run MBSACLI /HF /V -History 1 /TRACE > HISOUTPUT.TXT - and capture the

> new HF.LOG file and HISOUTPUT.TXT file

>

>

>

> Please also include

>

>   a.. The exact error message being reported (a screen shot and/or the exact

> text if possible)

>   b.. The version of MBSA being used (from 'About MBSA' or command-line

> output)

>   c.. The version of the MSSECURE.XML file (open the MSSECURE.XML file in

> NOTEPAD and check the 'DataVersion="xx.xx.xx.xx' information)

>   d.. Provide the OS, OS service pack and OS language of the target machine

>   e.. Indicate which type of scan is being performed (MBSA GUI scan, MBSACLI

> or

>   MBSACLI /HF scan) - and what command-line parameters are being used (if

> you are using MBSACLI)

>

>

> This will help us quickly identify the root of the problem.  Thank you!

>

>

> --

>

>

> Doug Neal [MSFT]

> dugn@online.microsoft.com

>

> This posting is provided "AS IS" with no warranties, and confers no rights.

>

> If newsgroup discussion with experts and MVPs is unable to solve a problem

> to your satisfaction, feel free to contact PSS for the Microsoft Baseline

> Security Analyzer (MBSA) at the following link:

> http://support.microsoft.com/default...s;Prodoffer20a

>

> This e-mail address does not receive e-mail, but is used for newsgroup

> postings only.

>

>

> "Yanze" <Yanze.18f15r@mail.mcse.ms> wrote in message

> news:Yanze.18f15r@mail.mcse.ms... 

>

>

>

this is happening cause of the MBSA tool.It return Note messages,and then it reports that back to SMS.To solve this you need to supress note messages from the MBSA tool.The note message is that it founds a version of a file grater than the one it needs.Th

e systems are patched,but all NT 4.0 wrks will want to reinstall ...





"Doug Neal [MSFT]" wrote:



> In your e-mail, it's not clear what the problem happens to be.  And it may

> be helpful to post your concerns on the SMS newsgroup to notify the best

> experts in the field.  For general MBSA issues, we usually request a bit of

> information to help us troubleshoot the issue.  If you could reply with

> details below, it may help us investigate the issue you are having:

>

> The following information is helpful to accurately determine if there is an

> MBSA problem.

>

>

>

> If MBSA reports a "Patch NOT Found" warning (indicated by a red 'X" in the

> GUI interface), this means a patch for a security vulnerability needs to be

> installed immediately to protect your system.  Or, if MBSA reports a

> 'greater than expected', 'invalid checksum' or "required registry key"

> warning, we will need additional information to identify the issue.  Please

> reply with the following four files captured in a ZIP file:

>

>

>

> Run MBSACLI /HF /V /TRACE > OUTPUT.TXT (on the local machine - or add the /H

> <Hostname>" parameter for a remote scan) - and capture the HF.LOG and

> OUTPUT.TXT file

>

>

>

> Also run MBSACLI /HF /V -History 1 /TRACE > HISOUTPUT.TXT - and capture the

> new HF.LOG file and HISOUTPUT.TXT file

>

>

>

> Please also include

>

>   a.. The exact error message being reported (a screen shot and/or the exact

> text if possible)

>   b.. The version of MBSA being used (from 'About MBSA' or command-line

> output)

>   c.. The version of the MSSECURE.XML file (open the MSSECURE.XML file in

> NOTEPAD and check the 'DataVersion="xx.xx.xx.xx' information)

>   d.. Provide the OS, OS service pack and OS language of the target machine

>   e.. Indicate which type of scan is being performed (MBSA GUI scan, MBSACLI

> or

>   MBSACLI /HF scan) - and what command-line parameters are being used (if

> you are using MBSACLI)

>

>

> This will help us quickly identify the root of the problem.  Thank you!

>

>

> --

>

>

> Doug Neal [MSFT]

> dugn@online.microsoft.com

>

> This posting is provided "AS IS" with no warranties, and confers no rights.

>

> If newsgroup discussion with experts and MVPs is unable to solve a problem

> to your satisfaction, feel free to contact PSS for the Microsoft Baseline

> Security Analyzer (MBSA) at the following link:

> http://support.microsoft.com/default...s;Prodoffer20a

>

> This e-mail address does not receive e-mail, but is used for newsgroup

> postings only.

>

>

> "Yanze" <Yanze.18f15r@mail.mcse.ms> wrote in message

> news:Yanze.18f15r@mail.mcse.ms... 

>

>

>

Notes are already suppressed.  The problem here is that mbsacli when run

with the switches SMS must use interprets a "greater than" as a missing

update.  We are currently investigating ways to address this issue.  Most

should be addressed through catalog updates, but there are a few other cases

which we are looking into.



--

Adam Welker

This posting is provided "AS IS" with no warranties, and confers no rights.

Notes are already suppressed.  The problem here is that mbsacli when run

with the switches SMS must use interprets a "greater than" as a missing

update.  We are currently investigating ways to address this issue.  Most

should be addressed through catalog updates, but there are a few other cases

which we are looking into.



--

Adam Welker

This posting is provided "AS IS" with no warranties, and confers no rights.