RE: Hotfixes overwritten?
From: Greene, Michael (MGreene@lrs.com)Date: 05/17/02
- Previous message: Greene, Michael: "RE: XP or not XP - enterprise desktop?"
- Maybe in reply to: Greene, Michael: "Hotfixes overwritten?"
- Next in thread: Tod Beardsley: "Re: Hotfixes overwritten?"
- Next in thread: Dennis M. Depp: "RE: Hotfixes overwritten?"
- Reply: Tod Beardsley: "Re: Hotfixes overwritten?"
- Reply: Darren W. MacDonald: "RE: Hotfixes overwritten?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greene, Michael" <MGreene@lrs.com> To: "'Dennis M. Depp'" <dwd@ornl.gov> Date: Fri, 17 May 2002 11:00:59 -0500
Thank you Dennis. I should correct myself. The service pack files are not
overwritten, Windows should prompt for a service pack installation point.
However, this article specifically states that hotfixes are overwritten
without any notice to the user or event log, and there is no way to tell
after the fact.
Does anyone else find this disturbing? Is there a solution?
Not Necessary to Reinstall Windows 2000 Service Packs After System State
Changes (Q274215)
----------------------------------------------------------------------------
---- The information in this article applies to:Microsoft Windows versions 2000 SP1 , 2000 SP2 , Professional Microsoft Windows versions 2000 SP1 , 2000 SP2 , Server Microsoft Windows versions 2000 SP1 , 2000 SP2 , Advanced Server
---------------------------------------------------------------------------- ----
SUMMARY After you change the system state by adding or changing additional Windows 2000 components, you do not need to reapply Windows 2000 service packs.
MORE INFORMATION When you install a Windows 2000 service pack, the Update.exe tool performs the following actions:
The Layout.inf file is updated with an additional source for Windows 2000 service pack files so when you add or change additional components the Layout.inf file points to the correct source. The source location is stored in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePa ckSourcePath The source could be a network share of the Windows 2000 service pack, the Windows 2000 service pack CD-ROM, or if you install the Windows 2000 service pack by using the Express Installation from the Web, the source is set to the %systemroot%\servicepackfiles folder.
Windows 2000 service packs also update the Drvindex.inf file to point to an additional .cab file for drivers that are updated in the Windows 2000 service pack. The name of this .cab file is Spn.cab (where n is the service pack version number) and this file is installed to the %systemroot%\driver cache\i386 folder.
A new Spn.cat file (where n is the service pack version number) is also installed for the updated files. This replaces any previously installed Spn.cat file that was installed with a Windows 2000 hotfix. The Spn.cat file is installed to the %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder.
Hotfixes do not update the Layout.inf file. Therefore, if you install a hotfix and system state changes occur, you may need to reapply the hotfix.
Windows 2000 service packs also perform version checking on files so that post Windows 2000 SPn hotfixes (where n is the service pack version number) remain in place and do not need to be reapplied after installation of the service pack. For example, hotfixes prior to Windows 2000 Service Pack (SP1) are updated to the service pack files.
-----Original Message----- From: Dennis M. Depp [mailto:dwd@ornl.gov] Sent: Friday, May 17, 2002 10:11 AM To: Greene, Michael; focus-ms@securityfocus.com Subject: RE: Hotfixes overwritten?
Please correct me if I am wrong. My understanding is with Windows 2000 the process of having to reinstall a service pack or hotfix after installing a new service was eliminated. I don't understand the technical features of this process, but when I install a new service, are not the necessary files already supposed to be implace? Have you checked to verify that not all the files for the service were updated? If so, can you give a more specific senario?
Dennis
-----Original Message----- From: Greene, Michael [mailto:MGreene@lrs.com] Sent: Friday, May 17, 2002 10:06 AM To: focus-ms@securityfocus.com Subject: Hotfixes overwritten?
Microsoft has published information about slip-streaming service packs into CD images. This is normally done by expanding the service pack files and overwriting the respective contents of the i386 directory. The intentions here are to prevent changed files from being overwritten on the hard drive when the operating system requests the CD. For instance, if an administrator needed to add a Windows 2000 component such as DNS, the CD would now be up to date so that the service pack would not have to be reapplied after installation. It is a well-known concept (or it should be) that if you make changes to the operating system files without using a slip-streamed CD, you should reapply service packs to prevent known issues.
So what about security hotfixes? There is apparently no way to take this kind of action when applying the Post Service Pack 2 Security Roll-up. Nor is there any way to slipstream the "critical updates" Microsoft so frequently releases. So, when a new service is installed from the CD, are the security hotfixes overwritten?
There IS an article on the Microsoft web site that explains how to chain the hotfixes to the installation point so they are applied after installation. Please, don't confuse this with slip-streaming the files directly into the cd.
Neither hfnetchk, MBSA, or Windows Update do a full check of the files or registry keys changed by hotfixes, so the reports of these scanners are insufficient to report when a server has become vulnerable because of an overwritten hotfix. So the only logical conclusion is that anytime a new service is installed, the only way to insure the security of the data on the machine (speaking strictly in terms of operating system flaws) is to uninstall every hotfix and reapply them. Granted, this should not be an all day task using Qchain to apply regression tested hotfixes from a network installation point.
But my question is, why on earth would Microsoft include the ability to slipstream service packs but not security hotfixes?
____________________________ Michael Greene Levi, Ray and Shoup, Inc. IT Solutions - Security Team (217)793-3800 x1253
- Previous message: Greene, Michael: "RE: XP or not XP - enterprise desktop?"
- Maybe in reply to: Greene, Michael: "Hotfixes overwritten?"
- Next in thread: Tod Beardsley: "Re: Hotfixes overwritten?"
- Next in thread: Dennis M. Depp: "RE: Hotfixes overwritten?"
- Reply: Tod Beardsley: "Re: Hotfixes overwritten?"
- Reply: Darren W. MacDonald: "RE: Hotfixes overwritten?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
