This article describes how to deploy the MS06-017 security update for FrontPage 2002 Server Extensions from Microsoft by using the Microsoft Systems Management Server (SMS) Extended Security Update Inventory Tool. To do this, you must follow the steps that are outlined in the “More Information” section.

The Extended Security Update Inventory Tool provides only detection for the MS06-017 security update. Standard SMS software distribution steps must be used for deployment.

Notes

• This article applies only to the FrontPage 2002 Server Extensions Web download when the download is installed on Microsoft Windows XP, Microsoft Windows 2000, or the 64-bit editions of the Microsoft Windows Server 2003 operating systems.
• The Extended Security Update Inventory Tool is the version of the Enterprise Scan Tool that is specific to SMS. A link to the Microsoft Web page from which you can download the Extended Security Update Inventory Tool is found in the same Microsoft Knowledge Base article that describes the Enterprise Scan Tool.

How to use the Extended Security Update Inventory Tool

To use the Extended Security Update Inventory Tool for detection, install the tool or upgrade the tool if it is already installed.

After the distribution points are updated, make sure that the Extended Security Update Inventory Tool advertisement ran successfully for the All Systems collection or for the collection that is designated by local policy.

How to determine whether the MS06-017 security update is required

To quickly determine whether computers in your environment require the MS06-017 security update, use one of the following methods:

• Open the Distribute Software Updates Wizard. Then, verify that 911831 is listed as "Applicable" in the QNumber field on the Add/Remove Updates page.
• Run the Compliance by Bulletin-ID and Qnumber report in SMS, and then verify that 911831 is listed as "Applicable."

If 911831 is listed as "Applicable," computers in your environment require the MS06-017 security update. You can use the following query to create a dynamic collection that will contain all the computers that list 911831 as “Applicable”:

How to deploy the MS06-017 security update

To deploy the MS06-017 security update, follow these steps:

1. Manually download the update from the link that is provided in the security bulletin.
2. Create a standard SMS software distribution package.
3. Create an advertisement that uses the dynamic collection that you created by using the query.

When you create the software program that is advertised to run the tool, you must click to select the Allow users to interact with program check box on the Environment tab.

We recommended that you schedule this advertisement to run periodically to make sure that all the vulnerable computers are updated.

As soon as the advertisement runs successfully, you can verify the update status of the targeted computers by using the collection that you created. After all the affected computers are updated, the number of computers in the collection should be zero.

Alternatively, you can verify the update status of the targeted computers by running the Compliance by Bulletin-ID and Qnumber report in SMS.

For more information about how to use standard SMS software distribution steps, see the "Systems Management Server 2003 Operations Guide." To find this guide, visit the following Microsoft Web site: Important You might use the SMS Distribute Software Updates Wizard to deploy and to authorize other security updates that use the Extended Security Update Inventory Tool scan type. In this case, you should not include the MS06-17 security update in your deployment package. The update will not be installed correctly.

For more information about how to obtain the Enterprise Scan Tool, click the following article number to view the article in the Microsoft Knowledge Base: For more information about the Extended Security Update Inventory Tool, see the "Microsoft Systems Management Server (SMS) 2003 Security Update Scan Tool Installation Guide." This guide is included in the Extended Security Update Inventory Tool download. To download the Extended Security Update Inventory Tool, visit the following Microsoft Web site: