MS03-032 - Win2K + IE6 Pre-SP1

From: Jeff Salisbury (jeffs_at_belkin.com.nospam)
Date: 09/15/03 

Date: Mon, 15 Sep 2003 11:32:49 -0700

We are using SMS Software Update Services to distribute MS03-032 (822925)
to our population of primarily Windows 2000 workstations. The Windows
2000 workstations with IE6 do not have IE6 SP1 applied, and MS03-032 has
been re-running repeatedly on these workstations.

Apparently the XML file that lists what patches are applicable on
workstations thinks that MS03-032 applies, so the patch tries to run.
Microsoft didn't make a IE6 pre-SP1 version of the patch for Windows 2000
- they only released one for Windows XP - so the patch fails to update
the workstation.

Interestingly, the Software Update Installer reports back to SMS that it
has installed the patch and it updates the WMI repository to show it
being installed. If you have a recurring advertisement set up for the
security updates, then next time it runs it will determine that MS03-032
really isn't installed and it will try to run it again, and again, and
again....

One fix is obviously to go push out SP1 for IE6, which we will do after
it has been tested a bit more. This whole issue raises some questions
that Microsoft might be able to answer:
 - Why does the Security Patch Bulletin Catalog (MSSecure.xml) think that
MS03-032 applies to IE6 pre-SP1 running on Windows 2000 if it doesn't
apply ?
 - How can you issue a "cumulative patch that includes the functionality
of all previously released patches for Internet Explorer 5.01, 5.5, and
6.0" and not make a version of the cumulative patch that runs on IE 6
pre-SP1?
 - If the decision was made to not release a cumulative patch for IE6
pre-SP1 on Windows 2000 because the intention was that these users have
to install SP1, shouldn't something explicitly state that? For example, I
believe the MS03-026 patch originally wouldn't run unless you were on
Win2K SP3 or later - at least the bulletin told us this up front.

Relevant Pages

  • Re: Patch Package defies solutions
    ... I finally got it to work, by redownloading the windows reinstaller utility. ... How long ago did you run the Windows installer cleanup utility?? ... I cannot do as I receive the error message "This Patch package cannot be ... Office XP separately from SP for Frontpage 2003. ...
    (microsoft.public.office.setup)
  • Re: "Windows cannot open this file"
    ... XP SP3 computers. ... When I tried to install the patch, ... received the following Windows error message on both computers: ... Installer 4.5, reboot, and try the patch again. ...
    (microsoft.public.windowsxp.general)
  • Re: MSI install deletes contents of C:WINNTInstaller
    ... The windows 2000 workstations do not have any failed installs so using ... There seems to be a coruption of some type with the MSI installer on ... Upgrading Windows Installer to V2 also ...
    (microsoft.public.win2000.general)
  • Re: Patch Package defies solutions
    ... How long ago did you run the Windows installer cleanup utility?? ... I cannot do as I receive the error message "This Patch package cannot be ... Office XP separately from SP for Frontpage 2003. ...
    (microsoft.public.office.setup)
  • Re: Patch Package defies solutions
    ... How long ago did you run the Windows installer cleanup utility?? ... I cannot do as I receive the error message "This Patch package cannot be ... Office XP separately from SP for Frontpage 2003. ...
    (microsoft.public.office.setup)
Loading