Microsoft to deploy Windows XP SP2 through Automatic Updates

From: Shilt, Christopher K (Christopher.Shilt_at_RELIZON.COM)
Date: 08/06/04

  • Next message: Andrew Aronoff: "Get a Load of the W2K Run line!"
    Date:         Fri, 6 Aug 2004 17:06:47 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Not much has been said about a fundamental shift in Microsoft's policy
    regarding deploying Service Packs through Automatic Updates, but Microsoft
    is planning on deploying Windows XP SP2 to computers configured to receive
    updates using Automatic Updates. Previously, Microsoft's policy in regards
    to Service Packs and Automatic Updates was that Service Packs were not
    deployed with AU and had to be installed separately. The following is a
    quote from Microsoft's Windows Service Pack Road Map
    <http://www.microsoft.com/windows/lifecycle/servicepacks.mspx>:

    "Automatic Updates in Windows XP Professional and Windows XP Home Edition
    can keep your computer up to date with the latest hotfixes. However, service
    packs are not automatically deployed at this time. You will need to visit
    the Windows Update website manually to install the Service Pack."

    It is now apparent that Microsoft will, in fact, begin deploying Service
    Packs with Automatic Updates as referenced by Microsoft's Security website
    <http://www.microsoft.com/athome/security/protect/default.aspx>:

    "Coming Soon: Windows XP Service Pack 2
    Microsoft is preparing to release a free update for Windows XP that provides
    better protection against hackers, viruses, and worms. The best way to
    ensure you get Windows XP Service Pack 2 when it is released is by turning
    on Automatic Updates today. You can use our step-by-step instructions or, if
    you prefer, let us do it for you."

    Given that the nature of SP2 is not your run-of-mill hotfix rollup, this
    policy shift is, in my opinion, a reckless policy that will cause a lot of
    Microsoft's corporate customers harm. The reason being that a large
    percentage of Microsoft's customers use Automatic Updates as a patch
    management solution. Take the results of NTBugraq's poll regarding patch
    management solutions <http://www.ntbugtraq.com/patchresults.asp> as an
    example. This poll had 5,273 respondents, 1241 (23.5%) of which replied that
    they use Windows Update (AU) to deploy their critical updates.

    The scope of changes that Windows XP SP2 will have on customer's is detailed
    at Microsoft's Windows XP Service Pack 2 website
    <http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.msp
    x>. Simply put, it WILL affect the way that Windows XP workstations behave,
    how they operate with SMS, SQL & MSDE, and more.

    Regardless of the press that has been made of SP2's imminent arrival, for
    Microsoft to "force" SP2 on customers has the potential of causing as many
    (or more) problems as the security issues that they address. Undoubtedly,
    these security enhancements are needed, but at what cost should they be
    "forced" on customers? There is the very real possibility of customer's
    losing money and productivity as SP2's "enhanced security infrastructure"
    causes IT workers worldwide to address the "changes in functionality" that
    SP2 will bring into effect.

    It is my opinion that Microsoft should NOT change their Automatic Updates
    policy in regards to automatically deploying service packs. If you agree
    with this opinion, please contact your Microsoft representative and make
    your feelings known.

    Respectfully,

    Chris Shilt
    Systems Administrator
    The Relizon Company

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Andrew Aronoff: "Get a Load of the W2K Run line!"

    Relevant Pages

    • RE: Windows 2000 VPN No Longer Connecting
      ... VPN Client Cannot Establish a Connection After You Install a Service Pack ... This article contains information about modifying the registry. ... your Windows XP or Windows 2000 PPTP client to your corporate network, ... obtain the latest service pack for Microsoft ...
      (microsoft.public.win2000.networking)
    • [NT] Buffer Overrun in JPEG Processing (GDI+) Allows Code Execution (MS04-028)
      ... privately reported vulnerability. ... * Microsoft Windows XP and Microsoft Windows XP Service Pack 1 ...
      (Securiteam)
    • Re: Remote Access Wizard - SBS 2003 SP1
      ... Windows Server 2003 Service Pack 1 ... Windows SharePoint Services 2.0 Service Pack 1 ... Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • Re: When Automatic Updates can be harmful
      ... For years I've been advising Windows consumers to disable ... Automatic Updates: Keep Microsoft's mitts off your machine ... Microsoft pushes out the Patch Tuesday door. ...
      (microsoft.public.windowsxp.general)
    • Re: When Automatic Updates can be harmful
      ... For years I've been advising Windows consumers to disable Automatic ... Updates bar at the top - Microsoft has the dialog box rigged to turn ... the "Automatic Updates" line at the bottom of the Security Center. ... everything Microsoft pushes out the Patch Tuesday door. ...
      (microsoft.public.windowsxp.general)