The Windows Update Web Site and the Automatic Updates Feature Prompt You to Install MS02-013 but Not MS02-052 (331663)



The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT Advanced Server 4.0
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows 98
  • Microsoft Windows 95

This article was previously published under Q331663
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

When you use any of the Windows operating systems listed at the beginning of this article, you may experience either of the following issues:
  • You are prompted by the Windows Update Web site or the Automatic Updates feature to install the Security Update, March 4, 2002 (MS02-013), even if one of the following conditions is true:

    • An update is already installed on your computer for this security issue. For example, the Security Update, March 4, 2002 (MS02-013) or Service Pack 3 (SP3) for Windows 2000 is already installed on your computer.NOTE: If you have a version of the Microsoft virtual machine (VM) earlier than version 5.00.3805 installed on Windows XP, version 5.00.3805 is not installed when you install Service Pack 1 (SP1) for Windows XP. In this case, you are vulnerable to the security issue documented in MS02-013 until you install Security Update, March 4, 2002 (MS02-013), and the "Cause" section of this article does not apply to you. If you do not have the Microsoft VM installed on Windows XP, version 5.00.3805 is installed when you install SP1 for Windows XP, and therefore you are not vulnerable to the security issue documented in MS02-013. In this case, the "Cause" section of this article may apply to you.

    • The Microsoft VM is not installed on your computer (Windows XP).
    NOTE: When this issue occurs, the HFNetChk command-line tool and the Microsoft Baseline Security Analyzer (MSBA) do not report that you are missing the MS02-013 security update. Additionally, the Microsoft command-line loader for Java (Jview) reports that you have an unaffected version of the Microsoft VM (for example, version 5.00.3805).
  • You are not prompted to install the Q329077: Security Update (MS02-052). The MS02-052 update requires you to have MS02-013 installed.

CAUSE

This issue may occur if the Java Runtime Environment (JRE) from Sun Microsystems is installed on your computer.

The JRE Setup program creates, or revises, the Version string value in the following registry key as 3802:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

The Windows Update and the Automatic Updates feature use this registry value to detect which version of Microsoft VM is installed. If this registry value is set to 3802, the Windows Update and the Automatic Updates feature prompt you for the MS02-013 update. Neither prompt you for the MS02-052 update, regardless of what version (if any) of the Microsoft VM is installed on your computer.

NOTE: When you remove JRE, this registry value is not returned to its previous state.

RESOLUTION

To resolve this issue, reinstall the MS02-013 update. This will update the registry value described in the "Cause" section of this article to 3805. Then, the Windows Update or the Automatic Updates feature will not prompt you to install MS02-013. Instead, they will prompt you to install MS02-052 (if appropriate to your circumstances).

MORE INFORMATION

For additional information about the MS02-013 update, click the article number below to view the article in the Microsoft Knowledge Base:

300845 MS02-013: Java Applet Can Redirect Browser Traffic

For additional information about the MS02-052 update, click the article number below to view the article in the Microsoft Knowledge Base:

329077 MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Modification Type:MinorLast Reviewed:5/12/2005
Keywords:kbprb KB331663