Folly of Patching - MS Style

From: Mark Deason (mdeason_at_SILVERSIDE.NET)
Date: 08/13/03

  • Next message: Geoff Clow: "Re: reports of DCOM worm on the loose...Report #4" 
    Date:         Tue, 12 Aug 2003 17:05:46 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Russ,

    After seeing some of the many posts regarding the DCOM exploit and it's
    inevitable worm now in the wild, I wanted to say that MS practices regarding
    patching still leaves me scratching my head. There are semi-humorous
    articles like this one discussing some of initiatives regarding the role of
    MS to "step up user education":

    http://news.com.com/2100-1002_3-5062832.html?tag=lh

    I don't really think it's a lack of education and complexity so much as
    *inconsistency* and here's where:

     - Inconsistency in results
    Read: previous threads: MS03-026 - are you patched? Windows Update isn't
    sure! Between MSBA and Windows Update and others, you've got to watch the
    file's version for yourself it seems...

     - Inconsistency in format
    Not all people have the resources to run SUS. Let's take a brief look at the
    output from a sample Windows Update Catalog download with the directories
    and executable structure that MS is using for the common man:

    Note: All exist within the
    \Software\en\com_microsoft.windowsxp\x86WinXP\com_microsoft directory for
    the following subdirectories and patches:

    811493_XP_5951_Rec\Q811493_WXP_SP2_x86_ENU.exe -u -z -q
    811630_XP_SP1_5915\Q811630_WXP_SP2_EN.exe -u -z -q
    817606_XPSP2_WinSE_43844_Critical\Q817606_WXP_SP2_x86_ENU.exe -u -z -q
    817787_WMZ_MSRC_1640_WMP8\WindowsMedia8-KB817787-x86-ENU.exe /Q
    818043_Recommended_XPSP2_WinSE_35746\WindowsXP-KB818043-x86-ENU.exe -u -z -q
    821557_WXP_SP2_WinSE_46728\WindowsXP-KB821557-x86-ENU.exe -u -z -q
    823559_WXP_WinSE_48629\WindowsXP-KB823559-x86-ENU.exe -u -z -q

    And my personal favorite - two flavors of the DirectX v9 patch...
    819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-ENU.exe /Q
    819696_XPSP2_WinSE_45821_Crit_ehome\Q819696_WXP_SP2_x86_ENU.exe -u -z -q

    How refreshing - we have platform, processor base and nature of update all
    rolled into a distinct, easy to understand matrix of patches. ;) Didn't the
    directory hierarchy give me a majority, if not all, of the necessary
    information? I'm pretty simple - just the facts like the KB article as the
    executable; they can't even settle on that as it's referred to as Q for some
    and KB for others.

    For those that use this, they recognize the /Q for quiet or the -u -z -q
    notation for the same thing less pesky tasks like rebooting a system. But
    wait, there's more! Not only do you have to traverse the above, you have to
    run a /? to determine which package uses what switches. Simply put, if I
    let my people put out this type of trash, I'd get canned.

     - Inconsistency in application
    Do I need say anything more about those poor folks as of late that used the
    Q823803 patch (read thread:MS03-029 Q823803 RAS services no longer
    starting). Regression testing is more important than wasting your
    customer's time by removing and reapplying patches. Note to MS: The idea
    here is to get NT4 customer's confident in your ability so their willing to
    move legacy apps to Windows Server 2003...

    I thought it would be a great time to get a discussion going again to let MS
    know the term "Trustworthy" needs to be just that.

    Thanks,

    Mark Deason
    Director of IT
    Silverside Equipment Inc.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Geoff Clow: "Re: reports of DCOM worm on the loose...Report #4"

    Relevant Pages

    • Re: Remote rollout script for ms03-026
      ... patches to all of my Win2K workstations with a similar method, ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • MS03-026 - are you patched? Windows Update isnt sure!
      ... While this may be a problem with the way Update Expert deploys Service Pack + Hotfix combinations, it also demonstrates the problem Windows Update has by not being able to examine file details. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Upgrade of SUS deletes patch database
      ... patches and he has to go back and re-approve everything. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • DCOM & Windows.NET Eval software
      ... Windows Update shows that there are no current updates available. ... Server, but the build is incompatible. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • clients contacting WU directly
      ... They concluded that the client was going to Microsoft.com ... when you clicked on Windows Update from IE, instead of the SuS server as ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)