Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: MadHat (madhatunspecific.com)
Date: Fri Aug 10 2001 - 14:40:16 CDT
At 01:45 PM 8/10/2001 -0400, you wrote:
>Have you tried the MS DLL Help Database? -
>It doesn't have *complete* listings, but its a good start.
Well, it doesn't seem to include hotfixes specifically.
"We have created an internal tool that recursively scans the directories in
each CD. This tool identifies all files that contain the appropriate
extensions (such as .dll or .exe) and version resources, then inserts these
files into a database. "
Though the idq.dll (the most recent version) is listed, but listed as being
in SP6 and 6a for NT, and the version shown (5.0.1781.3) is said to have
been released on 9/23/1999 and 11/18/1999 (the release dates of the SPs I
think), but I show that the Sec Notice MS01-033 was released on June 18,
2001 which was when that particular version was actually released.
I am not sure I want to use that DB. Not to mention you have to look up
each DLL, OCX and EXE separately. Makes it difficult to use in a tool to
verify your versions on a single machine.
Oh and if you try to look up the idq.dll by product only, only IIS 4.0 is
listed under IIS and it is not considered as being part of IIS (as it is
actually part of the Indexing service, but that isn't listed as one of the
>From: RH [mailto:RHbeulah.org]
>Sent: Wednesday, August 08, 2001 2:51 PM
>To: 'MadHat'; focus-mssecurityfocus.com
>Subject: RE: DLL versioning info
>This is something that Microsoft should make a tool for and put in plain
>site on the patch area of their web site. It should should have remote
>connect capabilities, and a virus-scanner-like "signature" database of
>patches that can be kept auto-updated.
>I know that several MS employees read this list, so how about it? :-)
>From: MadHat [mailto:madhatunspecific.com]
>Sent: Tuesday, August 07, 2001 3:47 PM
>Subject: DLL versioning info
>I have seen a few people mention that the only real way of verifying that a
>hotfix is installed is by checking the version of the DLL, knowing that
>info in the registry may not be accurate because of reinstall apps (like
>IIS) may overwrite the newer DLL and the registry entry for the hotfix
>would still exist. So with this in mind, does anyone know of a
>comprehensive list of DLLs and the proper, most up to date versions, or
>versions that fix problem X?
>So a listing like
>IDA/CodeRed, idq.dll, 5.0.2195.3645 on W2K, 5.0.1781.3 on NT 4.0
>MadHat at unspecific.com
-- MadHat at unspecific.com