Using Windows Update "SteppingMode" to grab patches and see silen t install switches.
From: Merchant, Gurdon (ITG) (Gurdon_Merchant@ML.COM)Date: 02/22/02
- Previous message: Russ: "Downloads for MS02-008 and MS02-009"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Feb 2002 12:06:53 -0500 From: "Merchant, Gurdon (ITG)" <Gurdon_Merchant@ML.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> I have received numerous messages about these two Security
> Bulletins. Both of them point to WindowsUpdate as the source
> of the patch. This is the first time I've come across a
> Security Bulletin which does this as the *only* means of
> providing an update.
Having the patch only be available on Windows Update is highly annoying
but can be easily dealt with.
Windows Update has a "Stepping Mode" function which is documented in:
WINUP: Using Stepping Mode to Diagnose Download and Installation Failures
(Q248439)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248439
To summarize, that article notes that making the following setting:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\SteppingMode
REG_SZ=Y
will force Windows Update to run in a debug mode of sorts. So, when you
select a patch to download events will be fired which cause modal dialogs to
appear. You can slowly click past each one to see what is happening.
In doing so, you will note two very useful facts:
1) The poorly documented (sometimes not at all) switches they use to
install the patch silently. You'll see things like "/q:a /r:n" amongst
others.
2) The location of the temporary directory where the patch is downloaded
to and executed.
Point 2) is useful since it allows one to grab the patch binary even when
Microsoft fails to place the patch in a place other than Windows Update.
(Explain to me again why they just can't place them in an anonymous ftp
directory? Argh.)
You can make the registry entry above and then fire up Windows Update. Upon
selecting a patch and clicking through the resulting debug dialogs you'll
first see the usual download progress dialog. The first debug dialog you'll
see will be:
Title=Stepping Mode Message
Text=Install Engine - Starting install phase
The dialog of interest will be something like:
Title=Stepping Mode Message
Text=CheckTrust: %SystemRoot%\msdownld.tmp\foobar.tmp\foo.exe
where "foobar" is some random name that varies per download. When this
dialog appears you go into that temporary directory and "harvest" the
desired foo.exe that is the patch.
Incidentally, it appears that some patches set the value back to "n" so
check and make sure the value is "y" before you launch Windows Update.
Thanks,
Gurdon E. Merchant, Jr.
Merrill Lynch ITG
http://www.mlitg.com/
Gurdon_Merchant@ml.com
(formerly merchant@parc.xerox.com and a few other things)
> -----Original Message-----
> From: Russ [mailto:Russ.Cooper@RC.ON.CA]
> Sent: Friday, February 22, 2002 11:21 AM
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: Downloads for MS02-008 and MS02-009
>
>
> I have received numerous messages about these two Security
> Bulletins. Both of them point to WindowsUpdate as the source
> of the patch. This is the first time I've come across a
> Security Bulletin which does this as the *only* means of
> providing an update.
>
> I have checked the
> http://corporate.windowsupdate.microsoft.com > site, the site
> where Administrators should normally be able to get all
> patches available (including those available from
> WindowsUpdate) in packages they can redistribute, but it
> appears this site hasn't been updated in over a month.
>
> I've contacted Microsoft about these issues and hope to hear
> from them shortly. Given the criticality stressed by
> Microsoft on these bulletins, and the fact that many
> Administrators block access to WindowsUpdate directly from
> their client systems (a good idea to keep them in a known
> supportable condition), I do appreciate how urgent this issues is.
>
> As soon as I know more, I'll let you know.
>
> Cheers,
> Russ - NTBugtraq Editor
>
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooo
> Delivery co-sponsored by Qualys - Make Your Network Secure
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooo
> Go Beyond PARTIAL Security: FREE White Paper
>
> Stop hassling with half-baked ENTERPRISE SECURITY.
> FREE White Paper shows you how to ensure TOTAL security for
> your Internet perimeter with the most current and most
> complete PROACTIVE Vulnerability Assessment solution. Get
> your FREE White Paper now. Click here!
> https://www.qualys.com/forms/techwhite_86.html
>
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooo
>
- Previous message: Russ: "Downloads for MS02-008 and MS02-009"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
