Windows Update - CAPICOM

"Security Update for CAPICOM (KB931906)"

I just recently had this appear in my Windows Updates (I have updates
set to notify/manual). But if you follow the link in the KB article,
apparently the update dates back to May of 2007!! Why is it just now
becoming available?

BTW my Win7 machine (64-bit) is almost a year old (without SP1).

On 12/1/2011 5:43 PM, Brianm wrote:
> "Security Update for CAPICOM (KB931906)"
>
> I just recently had this appear in my Windows Updates (I have updates
> set to notify/manual). But if you follow the link in the KB article,
> apparently the update dates back to May of 2007!! Why is it just now
> becoming available?
>
> BTW my Win7 machine (64-bit) is almost a year old (without SP1).

That's odd because it's way before Windows 7 was available to the
general public...


--

Roy Smith
Windows 7 Home Premium 64-Bit
Thunderbird 8.0
Thursday, December 01, 2011 6:11:08 PM

Brianm wrote:

> "Security Update for CAPICOM (KB931906)"
> I just recently had this appear in my Windows Updates

I presume you've recently installed an application which includes the
vulnerable CAPICOM redistributable, therefore Windows Update is now
offering you the fix ...

On 12/01/2011, Brianm posted:
> "Security Update for CAPICOM (KB931906)"

> I just recently had this appear in my Windows Updates (I have updates
> set to notify/manual). But if you follow the link in the KB article,
> apparently the update dates back to May of 2007!! Why is it just now
> becoming available?

> BTW my Win7 machine (64-bit) is almost a year old (without SP1).

http://support.microsoft.com/kb/931906

shows this:

Article ID: 931906 - Last Review: September 30, 2011 - Revision: 3.0

Google's first hit on kb931906 took me there.

--
Gene E. Bloch (Stumbling Bloch)

"Gene E. Bloch" wrote:
>
> On 12/01/2011, Brianm posted:
> > "Security Update for CAPICOM (KB931906)"
>
> > I just recently had this appear in my Windows Updates (I have updates
> > set to notify/manual). But if you follow the link in the KB article,
> > apparently the update dates back to May of 2007!! Why is it just now
> > becoming available?
>
> > BTW my Win7 machine (64-bit) is almost a year old (without SP1).
>
> http://support.microsoft.com/kb/931906
>
> shows this:
>
> Article ID: 931906 - Last Review: September 30, 2011 - Revision: 3.0
>
> Google's first hit on kb931906 took me there.
>
> --
> Gene E. Bloch (Stumbling Bloch)


That gives practically no information. You need to click on either of
the links in there (1. home 2. professionals), and then you see that
931906 was issued in May of '07. Question is, what does "last review"
mean? Did the content of the update change since then?

Andy Burns wrote:
>
> Brianm wrote:
>
> > "Security Update for CAPICOM (KB931906)"
> > I just recently had this appear in my Windows Updates
>
> I presume you've recently installed an application which includes the
> vulnerable CAPICOM redistributable, therefore Windows Update is now
> offering you the fix ...

Hm, Can you elaborate? How does an app use CAPICOM? Is CAPICOM bundled
with some apps, and can they potentially overwrite the one already in
windows with an older version and is that what Win Update is trying to
fix?

On 12/01/2011, Brianm posted:
> "Gene E. Bloch" wrote:
>>
>> On 12/01/2011, Brianm posted:
>>> "Security Update for CAPICOM (KB931906)"
>>> I just recently had this appear in my Windows Updates (I have updates
>>> set to notify/manual). But if you follow the link in the KB article,
>>> apparently the update dates back to May of 2007!! Why is it just now
>>> becoming available?
>>
>>> BTW my Win7 machine (64-bit) is almost a year old (without SP1).
>>
>> http://support.microsoft.com/kb/931906
>>
>> shows this:
>>
>> Article ID: 931906 - Last Review: September 30, 2011 - Revision: 3.0
>>
>> Google's first hit on kb931906 took me there.
>>
>> --
>> Gene E. Bloch (Stumbling Bloch)


> That gives practically no information. You need to click on either of
> the links in there (1. home 2. professionals), and then you see that
> 931906 was issued in May of '07. Question is, what does "last review"
> mean? Did the content of the update change since then?

It is no real interest to me, so I'm pleased that you took some
initiative to learn more for yourself.

Continue along those lines, and if you'd like, pass some of what you
learn along to the newsgroup.

--
Gene E. Bloch (Stumbling Bloch)

Brianm wrote:
> "Gene E. Bloch" wrote:
>> On 12/01/2011, Brianm posted:
>>> "Security Update for CAPICOM (KB931906)"
>>> I just recently had this appear in my Windows Updates (I have updates
>>> set to notify/manual). But if you follow the link in the KB article,
>>> apparently the update dates back to May of 2007!! Why is it just now
>>> becoming available?
>>> BTW my Win7 machine (64-bit) is almost a year old (without SP1).
>> http://support.microsoft.com/kb/931906
>>
>> shows this:
>>
>> Article ID: 931906 - Last Review: September 30, 2011 - Revision: 3.0
>>
>> Google's first hit on kb931906 took me there.
>>
>> --
>> Gene E. Bloch (Stumbling Bloch)
>
>
> That gives practically no information. You need to click on either of
> the links in there (1. home 2. professionals), and then you see that
> 931906 was issued in May of '07. Question is, what does "last review"
> mean? Did the content of the update change since then?

It says here, development stopped after Vista.

http://en.wikipedia.org/wiki/CAPICOM

If some program calls for ActiveX Cryptographics services, and uses
that older interface, then I suppose it's possible Windows Update
detects the usage of it, and tries to patch with the latest.

You could always use the last version available. If this is
compatible with Vista, then it should also work in Windows 7.
(In the same way that Win2K and WinXP shared common characteristics.)

http://www.microsoft.com/download/en...ang=en&id=3207

Maybe the presence of CAPICOM.dll triggers Windows Update ?
Now, I don't have one of those on my Win7 laptop. Perhaps
it's part of what some program has installed. There is an
SDK with a "redistributable".

http://msdn.microsoft.com/en-us/library/aa382434.aspx

On the download page, there is a 375KB security update. That
would be for an end-user. And the platform SDK version, at 1.8MB,
would be something a developer would bundle with a software product.
Perhaps the installation of some old version of the redistributable,
as part of a recent software package, is what triggered Windows Update.

OK, I downloaded the redist. 1,920,512 bytes. Not much to see there,
using 7ZIP.

http://download.microsoft.com/downlo...com_dc_sdk.msi

I wonder, if the redist was installed by some piece of software,
whether there is an entry for it in add/remove programs ? You'd
think an .msi installer would "leave tracks".

My laptop has capicom entries in the registry, but no capicom.dll
is present.

Paul

Brianm wrote:

> Andy Burns wrote:
>
>> I presume you've recently installed an application which includes the
>> vulnerable CAPICOM redistributable
>
> Hm, Can you elaborate? How does an app use CAPICOM?

I can't really, there is a redistributable for CAPICOM, so any app could
install and use it.

> Is CAPICOM bundled
> with some apps, and can they potentially overwrite the one already in
> windows with an older version and is that what Win Update is trying to
> fix?

With Win7 there isn't one supplied by the O/S, it stopped with Vista, so
if you've got the file, you know something else *has* installed it, I
think you said this ws a clean install rather than an upgrade?.

You could compare file dates to see if you can find what installed it.
But unless you can find what installed it, and remove that, you should
apply the fix.

"Andy Burns" <> wrote:
> Brianm wrote:
>> Andy Burns wrote:

>>> I presume you've recently installed an application which includes the
>>> vulnerable CAPICOM redistributable

>> Hm, Can you elaborate? How does an app use CAPICOM?

> I can't really, there is a redistributable for CAPICOM, so any app could
> install and use it.
>
>> Is CAPICOM bundled
>> with some apps, and can they potentially overwrite the one already in
>> windows with an older version and is that what Win Update is trying to
>> fix?

It's been a while since I had to distribute MS07-028 (do'h!) to my
users...but the expectation is that the if you install an application that
includes CAPICOM then the redistributable package will overwrite the
currently-installed copy if, and only if, the version string of the
previously-installed file is lower than the one provided with the
application being installed.

IIRC there's an additional gotcha in that copies of CAPICOM shipped with a
third-party application might be located almost anywhere in the file system
depending on the behavior of the setup program. (Do any application
developers from the Win9x days recall the "fun" with multiple, incompatible
copies of CTL3D.DLL showing up througout the file system?)

MS07-028 provides an updated CAPICOM.DLL (version 2.1.0.2) and registers it.
That should cause an application using the crypto API to get the new,
improved DLL installed by the security update.

H'mmm...interesting. I just now pulled out one of my Win7 systems; CAPICOM
is in SDK 6.0A but not 7.0, and copies are present in both SYSWOW64 and the
folder installed by Citrix...all of which claim to be version 2.1.0.2 (and
are signed by Microsoft) even though they're of different size. Maybe the
spirit of CTL3D.DLL is alive and well...

Joe Morris