Windows Update / Office Update again!

From: Fish (fish_at_INFIDELS.ORG)
Date: 09/18/04

  • Next message: Steve Warrick: "Announcing Windows Open Source Security Framework"
    Date:         Fri, 17 Sep 2004 19:21:56 -0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Perhaps this falls under the heading of "beating a dead horse",
    BUT... the "horse" is still very much alive and kicking, and when it
    kicks, IT HURTS.

    I finally got around to installing Microsoft's latest hot-fixes this
    morning (MS04-027 & MS04-028), but when I checked afterwards (to make
    sure they 'took'), I discovered much to my dismay that they DIDN'T.
    ('take')

    I use Shavlik's HFNetChk Pro 4 to push patches to all of the
    workstation in my little home network (which only has two
    workstations but that's completely beside the point) and HFNetChk
    kept saying my wife's computer was still missing MS04-027.
    ("Vulnerability in WordPerfect Converter Could Allow Code Execution
    (884933)").

    (What the frick? I just *applied* the dang thing. What's going on?)
    (And yes, the system WAS rebooted afterwards)

    Tried again with identical results: it said it wasn't installed, I
    installed it (remotely from my system), and then walked over and
    WATCHED my wife's computer reboot and then returned back to my system
    to run the scan again to verify it got installed and it didn't.

    (sigh)

    So okay, fine, I'll do it manually since her computer is just in the
    next room (but the whole point of this post is that for OTHERS [using
    patch management products like HFNetChk Pro to patch all their
    systems] it/they might NOT be, so what I'm about to describe *is* a
    "big deal" in my opinion.

    Fired up Windows Update.

    That was my first mistake. It of course said there were no
    patches/fixes/updates to be installed since Microsoft's left hand
    (Windows Update) doesn't seem to know what it's right hand (OFFICE
    Update) is doing.

    (SIGH!)

    So okay. Let's try OFFICE Update this time.

    Ah! THERE's the sucker.

    Click, click, clickity, click goes my mouse and in short order the
    update is downloaded and launched, ... only to discover that:

    I NEED TO INSERT THE ORIGINAL OFFICE CDROM IN ORDER TO APPLY THE
    UPDATE/FIX!

    What the F**K??!!!

    Why, oh, WHY, Microsoft, does a critical (okay "important")
    **SECURITY UPDATE** require MANUAL INTERVENTION in order to be
    applied?!

    I was lucky in that I was able to quickly locate it (after scrounging
    around for it a while) and happened to have physical access to the
    system being patched, but what about other admins out there that need
    to patch hundred or possible THOUSANDS of systems in their network?
    What are they going to do? Send Robby the Robot around to everyone's
    workstation so it can manually insert the CDROM whenever the patch
    asks for it?

    That's nuts.

    Please, PLEASE, **PLEASE!** get your act together Microsoft.

    There should only be ONE "Windows Update" center, not two separate
    ones, and for $DEITY's sake, installation of a SECURITY PATCH
    *shouldn't* require manual insertion of the original product CDROM
    before it'll install a *SECURITY* patch!

    >:(

    - --
    "Fish" (David B. Trout)
     fish(at)infidels.org

    Fight Spam! Join CAUCE!
    http://www.cauce.org/

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.4

    iQA/AwUBQUubw0j11/TE7j4qEQIfmQCfQkCEPCKzmtXs83b3YdXc4Uu/hYkAn3a8
    6fXQYxYN78yk3l/eKflIwWd0
    =FBMx
    -----END PGP SIGNATURE-----

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Steve Warrick: "Announcing Windows Open Source Security Framework"

    Relevant Pages

    • Re: Yet more Windows XP security patches
      ... > In order to make the decision not to install a Critical Update, ... Thorough understanding of the patch especially the potential ... > consequences of not installing the patch. ... >>> A security issue has been identified in the Plug and Play service ...
      (microsoft.public.windowsxp.general)
    • Security Update 811493 Causes Slowdown?
      ... I've had the same problem after installing the 811493 ... security patch as well. ... general security discussion. ... It used to load programs very fast. ...
      (microsoft.public.windowsxp.security_admin)
    • 9_Recommended error codes (specifically return code 5)
      ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
      (SunManagers)
    • Re: Which security patch NOT to install
      ... This revised patch corrects an installation issue that some customers ... has caused some customers difficulty installing the patch. ... Unless she has the previous patch for those languages installed why ... (Command Software A/V) ...
      (microsoft.public.win2000.general)
    • Re: MS02-018 Breaking ASP ODBC
      ... > after installing the latest security hotfixes as of April ... >>1) IIS 5 web server can't be contacted. ... >>before the patch and that fixed that problem. ... >>load some VB components that fail to connect to my Oracle ...
      (microsoft.public.inetserver.iis.security)