Any references to Community Connect 3 in this document apply equally to RM Smart-Tools 3.

Microsoft� has released significant Security Updates for Windows�. HFXCC3217 contains these Updates in a format easily applied to Community Connect 3 networks.

We recommend that you apply this Security Update without delay.

Before installing any Software Update, please refer to TEC90813 and DWN59018 in the Other Useful Articles section below. These articles detail RM's recommendations regarding Software Update installation and support.

On original release of this download on the 9th of June, there was a typo included in the ini file for a component of the update - KB947864 the IE7 Cumulative Security Update which meant that this individual KB update would not allocate out to workstations. This was resolved on the 20th of June. Any downloads made between the 9th and 20th of June will have this problem, any downloads after the 20th of June will work successfully.

To resolve the issue click on the download below and reapply the update.

If you would prefer to manually correct the typo in the ini file do the following:

1. On all domain controllers, browse to following folder:
   D:\RMNetwork\RMManage\Packages\Tools\IE7 Cumulative Security Update KB947864\v1.0.0.0\
   
2. Double click and open the following ini file:
   IE7 Cumulative Security Update KB947864.ini
   
3. Below the section [Package], locate the following line within the contents of ini file:
   ExeFile=IE7-WindowsXP-KB944533-x86-ENU.exe
   and replace with
   ExeFile=IE7-WindowsXP-KB947864-x86-ENU.exe
   
4. Save and close the .ini file
5. Reallocate IE7 Cumulative Security Update KB947864

Please accept our apologies for any inconvenience caused by this.

• HFXCC3217 should be installed on Community Connect 3 networks with Service Release 5 (SR5) or above.
• This Security Update should be installed on to all Community Connect 3 servers.

Note: All servers and workstations may need to be restarted in order to install this Security Update completely. You should therefore plan to install the Security Update out-of-hours to minimise disruption to your network.

HFXCC3217 contains the following Microsoft^� Security Updates:

1. MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
2. MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
3. MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)
4. MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
5. MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
6. MS08-023 Security Update of ActiveX Kill Bits (948881)
7. MS08-024 Cumulative Security Update for Internet Explorer (947864)
8. MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

More information on the issues resolved by these Updates is available from the Microsoft^� Web site: (http://www.microsoft.com/)

Note: HFXCC3217 may not contain all the Security Updates released by Microsoft^� in April 2008. Please read the More Information section below for further details. 

The Updates provided in HFXCC3217 supersede previously-released Microsoft^� Security Updates; as such, the following Community Connect 3 workstation packages will be removed from networks (if present) during this Security Update's installation:

• Microsoft Office 2000 SP3 Security Update KB947108
• Microsoft Office 2003 SP2 Security Update KB947108
• Microsoft Office XP SP3 Security Update KB947108
• Windows XP SP2 Security Update KB938829
• Windows XP Security Update KB917344
• Microsoft Visio 2002 SP2 Security Update KB927051
• Microsoft Visio 2003 SP2 Security Update KB927051

If you are running a Community Connect 3 network, you should apply this Security Update without delay.

HFXCC3217 should be applied to all Community Connect 3 servers including all domain controllers and all Member Servers (such as DAMMS and MIS servers, or servers running Microsoft Exchange). It does not need to be applied to Community Connect 3 workstations directly, but all servers and workstations will need to be restarted for the Microsoft Security Updates to be applied fully.

Note: HFXCC3217 should not be directly applied to RM Client Connect Terminal Servers. For information on how to apply the server updates to these servers see the 'Installing on Terminal Servers' section below.

Important: All your Community Connect 3 servers may need to be restarted in order to install this Security Update completely. You should therefore plan to install the Security Update out-of-hours to minimise disruption to your network.

1. Click the HFXCC3217.exe file link below to download the Security Update.
2. Choose to Save the file, browse to the temporary location you wish to save it to (for example D:\temp) and click Save.
3. When it has downloaded, follow the Installation Instructions below to install the Security Update.

Important: During the installation of HFXCC3217, the Station Manager HealthCheck and the allocation of new Microsoft Security Update packages must be done manually. Please ensure that you fully complete all steps in the Installation Instructions. If you previously started to install the Security Update but cancelled the operation, follow the installation instructions in the 'Installing after cancelling a previous install' section below.

1. Download HFXCC3217.exe.
2. Log on to your first Community Connect 3 domain controller as a System Administrator and copy the Security Update to a temporary location (for example D:\temp).
3. Run the Security Update by double-clicking the self-extracting executable file (HFXCC3217.exe). The Security Update will extract files automatically and run the RM Installation Assistant to begin the installation.
4. When prompted, click Continue.
5. The installation will proceed automatically. When prompted that the RM Installation Assistant has finished, click Finish.

Note: After installation at a server, the server may need to be rebooted for the Microsoft Security Updates to be applied fully. Ensure the server has rebooted successfully before continuing.

6. Repeat steps 2-5 at all your other Community Connect 3 domain controllers.
7. Repeat steps 2-5 at any Member Servers (eg DAMMS or MIS servers) on the network.

Note: After installation at a server, the server will need to be rebooted for the Microsoft Security Updates to be applied fully. It is recommended that you ensure each domain controller has rebooted successfully before applying the Software Update to the next server.

8. When all Community Connect 3 domain controllers have had HFXCC3217 applied, log in to the first Community Connect 3 domain controller server in each site as the System Administrator. Run Microsoft� Windows� Explorer and browse to D:\RMNetwork\RMManage\Station Manager. Double-click on the file Healthcheck.exe, and select OK to start the health check, and OK again when it has completed.
9. HFXCC3217 provides new workstation packages but does not automatically allocate them. You should allocate these new packages to all your workstations at your earliest convenience.

Note: If you choose to allocate the packages at a later time, you must still complete all of steps 1 to 8 above now, including running the Station Manager HealthCheck.

Note: The application package Security Updates listed below need to be installed only when the associated packages are installed on the network.

The new Security Packages are listed as available packages as follows in the RM Management Console:

Applications

• MS Project 2000 SP1 Security Update KB950183
• MS Project 2002 SP1 Security Update KB950183
• MS Project 2003 SP2 Security Update KB950183
• Microsoft Visio 2002 SP2 Security Update KB949032
• Microsoft Visio 2003 SP2 Security Update KB949032
• Microsoft Visio 2007 SP1 Security Update KB949032

System Tools

• Windows XP SP2 Security Update KB948881
• Windows XP SP2 Security Update KB948590
• Windows XP SP2 Security Update KB945553
• Windows XP SP2 Security Update KB944338
• Windows XP SP2 Security Update KB941693
• IE6 XP SP2 Cumulative Security Update KB947864
• IE7 Cumulative Security Update KB947864
• Vista Security Updates - April 08 

Once you have allocated the packages to workstations, restart the workstations at your convenience for the updates to be installed

1. Browse to D:\RMNetwork\RMManage\RM Hotfixes\HFXCC3217_extracted and double-click the file RM Installation Assistant.exe.

Note: If this folder or its contents do not exist, re-run the HFXCC3217.exe file downloaded from the RM Support Web site as in step 1 of the Installation Instructions section above.

2. Follow the procedures from step 4 in the Installation Instructions section above.

The components of HFXCC3217 will be included in a future Community Connect 3 Service Release or Microsoft^� Service Pack validated by RM.

The Security Update can be installed on to networks running Community Connect 3 with Service Release 5 or above.

HFXCC3217 is not included in Service Release 5 or 6. It will need to be re-applied if originally installed before Service Release 6 is installed.

Note: The application Software Updates will need to be re-applied if the related Microsoft^� application is installed or re-installed after the Software Updates were applied.

See the Description section for a full list. HFXCC3217 contains new relevant workstation and server Microsoft^� Security Updates. 

Please ensure you follow the advice given in the More Information section below regarding software pre-requisites.  If you do not follow this advice you may experience the following packages being listed as Install Failed within the RM Management Console.

• Microsoft Visio 2007 SP1 Security Update KB949032
• IE7 Cumulative Security Update KB947864

This is due to a Microsoft^� Office^� 2007 or Internet Explorer 7 dependency within the Microsoft^� package themselves and so does not pass an expected fail code back to the RM AppAgent installer.  This same issue is also exhibited if you are to:

• Re-allocate the above packages to workstation on which they have already been successfully installed.
• De-allocate the above packages from a workstation on which they have been successfully installed.  In this instance the package(s) will be listed as Uninstall Failed.

Please find below details of the application packages and software pre-requisites:

• MS Project 2000 SP1 Security Update KB950183 (System requirements are Windows XP Service Pack 2 and Office 2000 SP1)
• MS Project 2002 SP1 Security Update KB950183 (System requirements are Windows XP Service Pack 2 and Project 2002 SP1)
• MS Project 2003 SP2 Security Update KB950183 (System requirements are Windows XP Service Pack 2 and Office 2003 SP2)
• Microsoft Visio 2002 SP2 Security Update KB949032 (System requirements are Windows XP Service Pack 2 and Visio 2002 SP2)
• Microsoft Visio 2003 SP2 Security Update KB949032 (System requirements are Windows XP Service Pack 2 and Visio 2003 SP2)
• Microsoft Visio 2007 SP1 Security Update KB949032 (System requirements are Windows XP Service Pack 2 and Visio 2007 SP1)