Windows Update / Office Update again!
From: Fish (fish_at_INFIDELS.ORG)
Date: Fri, 17 Sep 2004 19:21:56 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-----BEGIN PGP SIGNED MESSAGE-----
Perhaps this falls under the heading of "beating a dead horse",
BUT... the "horse" is still very much alive and kicking, and when it
kicks, IT HURTS.
I finally got around to installing Microsoft's latest hot-fixes this
morning (MS04-027 & MS04-028), but when I checked afterwards (to make
sure they 'took'), I discovered much to my dismay that they DIDN'T.
I use Shavlik's HFNetChk Pro 4 to push patches to all of the
workstation in my little home network (which only has two
workstations but that's completely beside the point) and HFNetChk
kept saying my wife's computer was still missing MS04-027.
("Vulnerability in WordPerfect Converter Could Allow Code Execution
(What the frick? I just *applied* the dang thing. What's going on?)
(And yes, the system WAS rebooted afterwards)
Tried again with identical results: it said it wasn't installed, I
installed it (remotely from my system), and then walked over and
WATCHED my wife's computer reboot and then returned back to my system
to run the scan again to verify it got installed and it didn't.
So okay, fine, I'll do it manually since her computer is just in the
next room (but the whole point of this post is that for OTHERS [using
patch management products like HFNetChk Pro to patch all their
systems] it/they might NOT be, so what I'm about to describe *is* a
"big deal" in my opinion.
Fired up Windows Update.
That was my first mistake. It of course said there were no
patches/fixes/updates to be installed since Microsoft's left hand
(Windows Update) doesn't seem to know what it's right hand (OFFICE
Update) is doing.
So okay. Let's try OFFICE Update this time.
Ah! THERE's the sucker.
Click, click, clickity, click goes my mouse and in short order the
update is downloaded and launched, ... only to discover that:
I NEED TO INSERT THE ORIGINAL OFFICE CDROM IN ORDER TO APPLY THE
What the F**K??!!!
Why, oh, WHY, Microsoft, does a critical (okay "important")
**SECURITY UPDATE** require MANUAL INTERVENTION in order to be
I was lucky in that I was able to quickly locate it (after scrounging
around for it a while) and happened to have physical access to the
system being patched, but what about other admins out there that need
to patch hundred or possible THOUSANDS of systems in their network?
What are they going to do? Send Robby the Robot around to everyone's
workstation so it can manually insert the CDROM whenever the patch
asks for it?
Please, PLEASE, **PLEASE!** get your act together Microsoft.
There should only be ONE "Windows Update" center, not two separate
ones, and for $DEITY's sake, installation of a SECURITY PATCH
*shouldn't* require manual insertion of the original product CDROM
before it'll install a *SECURITY* patch!
"Fish" (David B. Trout)
Fight Spam! Join CAUCE!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
-----END PGP SIGNATURE-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.