Any references to Community Connect 3™ in this document apply equally to RM Smart-Tools 3.

Microsoft� have released significant security updates for Microsoft� Windows�. HFXCC3125 contains these updates in a format easily applied to Community Connect 3 networks.

We recommend that you apply this security update without delay.

Important:  Service Release 4 (SR4) must already be installed on the network before installing this update. HFXCC3110B must also be installed before installing HFXCC3125.

Before installing any software update, please refer to TEC90813 and DWN59018 in the Other Useful Articles section below. These articles detail RM's recommendations regarding software update installation and support.

• HFXCC3125 should be installed on Community Connect 3 networks with Service Release 4 (SR4) or above.
• HFXCC3125 also requires HFXCC3110B to have been installed on the network.
• This security update should be installed on to all Community Connect 3 servers.

Note:  All servers will need to be restarted in order to install this security update completely. You should therefore plan to install the update out-of-hours to minimise disruption to your network.

HFXCC3125 contains the following Microsoft�security updates:

1. MS05-019 version 2: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) - for Community Connect 3 servers and workstations;
2. MS05-024: Vulnerability in Web View Could Allow Remote Code Execution (894320) - for Community Connect 3 servers;
3. MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution (896358) - for Community Connect 3 servers and workstations;
4. MS05-027: Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) - for Community Connect 3 servers and workstations;
5. MS05-028: Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) - for Community Connect 3 servers and workstations;
6. MS05-030: Cumulative Security Update in Outlook Express (897715) - for Community Connect 3 servers and workstations;
7. MS05-032: Vulnerability in Microsoft� Agent Could Allow Spoofing (890046) - for Community Connect 3 servers and workstations;
8. MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure (896428) - for Community Connect 3 servers and workstations;
9. MS05-034: Cumulative Security Update for ISA Server 2000 (899753) - for ISA Server 2000 only, see Notes below.
10. More information on the issues resolved by these updates is available from Microsoft's� website (http://www.microsoft.com).

1. MS05-034 will not be installed automatically as it is only applicable to the following products: Microsoft� Internet Security and Acceleration (ISA) Server 2000 Service Pack 2; Microsoft� Small Business Server 2000; Microsoft� Small Business Server 2003 Premium Edition. If you use one of these products on your network you should install this update, otherwise you need do nothing. Please refer to the ISA Server 2000 section of the More Information section below. ISA Server 2004 is not affected by this vulnerability.

Superseded Updates: The updates provided in HFXCC3125 supersede several previously-released Microsoft� security updates; as such, the following Community Connect 3 workstation packages will be removed from networks (if they are present) during this update's installation:

• HTML Help Security Update KB840315 (client)
• HTML Help Security Update KB890175
• Outlook Express Security Update KB823353 (client)
• SMB Buffer Overrun Hotfix 817606 (client)
• Windows� Help and Support Center Hotfix KB825119 (client)
• Windows� Help Hotfix KB825119 (client)

You should apply this security update without delay if you are running a Community Connect 3 network.

Service Release 4 (SR4) and HFXCC3110B must already be installed on the network before installing this update. 

HFXCC3125 should be applied to all Community Connect 3 servers including all domain controllers and all Member Servers (such as DAMMS and MIS servers).  It does not need to be applied to Community Connect 3 workstations directly but all servers and workstations will need to be restarted for the updates to be applied fully.

1.      Click the HFXCC3125.exe file link to download the security update.

2.      Choose to Save the file, browse to the temporary location you wish to save it to (e.g. D:\temp) and click Save.

3.      When it has downloaded, follow the installation instructions below to install the security update.

Important: During the installation of HFXCC3125, the Station Manager HealthCheck and the allocation of new Microsoft security update packages must be done manually. Please ensure that you fully complete all steps in the Installation Instructions.

If you previously started to install the security update but cancelled the operation, follow the installation instructions in the 'Installing after cancelling a previous install' section below.

1. Download HFXCC3125.
2. Log on to your first Community Connect 3 domain controller as Administrator (not SystemAdmin) and copy the update to a temporary location (e.g. D:\temp).
3. Run the update by double-clicking the self-extracting executable file (HFXCC3125.exe). The update will extract files automatically and run the RM Installation Assistant to install the update.
4. When prompted, click Continue.
5. The installation will proceed automatically. When prompted that the RM Installation Assistant has finished, click Finish.
   Note: After installation at a server, the server will need to be rebooted for the security updates to be applied fully.
6. Repeat Steps 2-5 at all your other Community Connect 3 domain controllers.
7. Also repeat steps 2-5 at any member servers (e.g. DAMMS or MIS servers) on the network.

Note: After installation at a server, the server will need to be rebooted for the security updates to be applied fully.

8. When all Community Connect 3 domain controllers have had the update applied, log in to the first Community Connect 3 domain controller server in each site as the administrator user (not SystemAdmin). Run Windows Explorer and browse to D:\RMNetwork\RMManage\Station Manager. Double-click on the file Healthcheck.exe, and select OK to start the Healthcheck, and OK again when it has completed.
9. HFXCC3125 provides new workstation packages but does not automatically allocate them. You should allocate these new packages as applicable to all your workstations at your earliest convenience. Note: If you choose to allocate the packages at a later time, you must still complete all of steps 1-8 above now, including running the Station Manager health check.

The new security packages are listed as RM system packages as follows:

1.      Browse to D:\RMNetwork\RMManage\RM Hotfixes\HFXCC3125_extracted and double-click the file RM Installation Assistant.exe. If this folder or its contents does not exist, re-run the HFXCC3125.exe file downloaded from the RM Support website.

2.      The RM Installation Assistant will initialise, click Continue to proceed with the installation.

3.      The installation should proceed automatically, click Finish when prompted.

4.      Follow the procedures in 'How to install the Security Update' from step 5 above.

Some of the components of HFXCC3125 are included in RM Service Release 6 for Community Connect 3.

The security update should be installed on to networks running Community Connect 3 with Service Release 4 (SR4) or above.

HFXCC3125 is not included in Community Connect 3 SR4 or Community Connect 3 XPSP2.
It will not need to be re-applied if it is installed prior to Community Connect 3 XPSP2 and Community Connect 3 XPSP2 is then installed at a later date.

See the Description section for full list.  HFXCC3125 contains seven new workstation packages and a component to update servers with the relevant Microsoft� security updates. Five of the workstation packages are applicable to workstations running either Windows� XP SP1 or XP SP2. The other two, however, are operating system-specific. 

Some security updates released by Microsoft� in June 2005 are not included in HFXCC3125. These are:

1. MS05-025: Cumulative Security Update for Internet Explorer� (883939) - an issue has been found while testing this update. It or an equivalent update will be released for Community Connect 3 at a later date;
2. MS05-029: Vulnerability in Outlook� Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179) - this update is only applicable to Exchange Server 5.5;
3. MS05-031: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) - Step-by-Step Interactive Training software is not installed on Community Connect 3 servers or workstations by default.

If you are using Microsoft� Internet Security and Acceleration (ISA) Server 2000 Service Pack 2, Microsoft� Small Business Server 2000 or Microsoft� Small Business Server 2003 Premium Edition on your network, there is a separate security update, MS05-034, which you need to install. Follow these instructions to install the update.

1. At the server running one of the affected products, log in as an administrator.
2. Browse to D:\RMNetwork\RMManage\RM Hotfixes\HFXCC3125_extracted\Utilities\KB899753 and double-click the file ISA2000-KB899753-X86-ENU.exe.
3. At the Setup Wizard screen, choose Next.
4. Select the I Agree radio button, then choose Next.
5. The update will install. If you are prompted that some services will automatically be stopped and re-started, choose Continue.
6. When prompted, choose Finish. You do not need to restart the server.

Note: If you run this update on a computer that is not running one of the affected products, you will be prompted that the update is not applicable and no changes will be made to the computer's operating system.