Hotfixes overwritten?
From: Greene, Michael (MGreene@lrs.com)Date: 05/17/02
- Previous message: Joachim Nasslander aka count: "Re: XP or not XP - enterprise desktop?"
- Next in thread: Greene, Michael: "RE: Hotfixes overwritten?"
- Reply: Greene, Michael: "RE: Hotfixes overwritten?"
- Reply: Dennis M. Depp: "RE: Hotfixes overwritten?"
- Reply: Sergey Latkin: "Re: Hotfixes overwritten?"
- Reply: emann@questinc.org: "RE: Hotfixes overwritten?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greene, Michael" <MGreene@lrs.com> To: focus-ms@securityfocus.com Date: Fri, 17 May 2002 09:05:31 -0500
Microsoft has published information about slip-streaming service packs into
CD images. This is normally done by expanding the service pack files and
overwriting the respective contents of the i386 directory. The intentions
here are to prevent changed files from being overwritten on the hard drive
when the operating system requests the CD. For instance, if an
administrator needed to add a Windows 2000 component such as DNS, the CD
would now be up to date so that the service pack would not have to be
reapplied after installation. It is a well-known concept (or it should be)
that if you make changes to the operating system files without using a
slip-streamed CD, you should reapply service packs to prevent known issues.
So what about security hotfixes? There is apparently no way to take this
kind of action when applying the Post Service Pack 2 Security Roll-up. Nor
is there any way to slipstream the "critical updates" Microsoft so
frequently releases. So, when a new service is installed from the CD, are
the security hotfixes overwritten?
There IS an article on the Microsoft web site that explains how to chain the
hotfixes to the installation point so they are applied after installation.
Please, don't confuse this with slip-streaming the files directly into the
cd.
Neither hfnetchk, MBSA, or Windows Update do a full check of the files or
registry keys changed by hotfixes, so the reports of these scanners are
insufficient to report when a server has become vulnerable because of an
overwritten hotfix. So the only logical conclusion is that anytime a new
service is installed, the only way to insure the security of the data on the
machine (speaking strictly in terms of operating system flaws) is to
uninstall every hotfix and reapply them. Granted, this should not be an all
day task using Qchain to apply regression tested hotfixes from a network
installation point.
But my question is, why on earth would Microsoft include the ability to
slipstream service packs but not security hotfixes?
____________________________
Michael Greene
Levi, Ray and Shoup, Inc.
IT Solutions - Security Team
(217)793-3800 x1253
- Previous message: Joachim Nasslander aka count: "Re: XP or not XP - enterprise desktop?"
- Next in thread: Greene, Michael: "RE: Hotfixes overwritten?"
- Reply: Greene, Michael: "RE: Hotfixes overwritten?"
- Reply: Dennis M. Depp: "RE: Hotfixes overwritten?"
- Reply: Sergey Latkin: "Re: Hotfixes overwritten?"
- Reply: emann@questinc.org: "RE: Hotfixes overwritten?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
