Sean, et. al....

At our organization, we have developed a patch management system which
verifies that all of our client's servers are compliant with a hotfix based
on file dates, not registry keys. For example, let's assume that a hotfix
fixes "buggy.dll", with a new version that is dated 5/4/2001. Our patch
management system will constantly scan all of our servers to make sure that
"buggy.dll" is always dated 5/4/2001 or greater - if not, we will receive
alerts that one of our systems is non-compliant on a hotfix.

Based on your message, I ran some testing and here is what I've found:

Test basis: a Win2k server with SP1 installed, followed by approximately 24
post-SP1 hotfixes and six post-SP2 hotfixes.

After installing SP2, I noticed that none of the hotfixes could be found in
"add/remove programs". I didn't check the registry keys. However, our
compliance checking program indicated that the system was compliant with all
hotfixes.

To be sure, I picked one post-SP2 hotfix at random --- MS01-013 "Windows
2000 Event Viewer Contains Unchecked Buffer" and unpacked it. It updates
"els.dll" to a version dated 2/14/2001. On the system I just patched with
SP2, "els.dll" is still dated 2/14/2001 - indicating that SP2 is not
unrolling that actual file in a hotfix, although it may be unrolling the
registry entries or add/remove program entries.

On a side note - I found this odd - if you attempt to install Service Pack 2
on a system with the Print Spooler service disabled, it will tell you that
it can not install. The specific message I received was "Cannot install the
service pack. The Print Spooler service is not started." Now why on earth
must I be running print spooler in order to deploy SP2??? This makes my
deployment much more of a headache, as we have hundreds of Windows servers
that have been hardened (i.e.: no extraneous services running).

-Douglas Toombs
-Senior Windows Architect
-ServerVault.com
-"Securing The Internet"

-----Original Message-----
From: Sean Kronberg [mailto:skronbergVIACK.COM]
Sent: Friday, May 18, 2001 2:22 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Windows 2000 SP2 uninstalls Pre-SP3 Security Patches

I believe that all Pre_SP3 Security Patches are automatically removed by
installing Window 2000 SP2. I've verified that the Pre-SP3 QXXXXXX are
not listed under the following registry key:
HKEY_LOCAL_MACHINE
\Software\Microsoft\WindowsNT\CurrentVersion\Hotfix\Q######

after installing SP2.

If you do a search by Product and Service Pack at
<http://www.microsoft.com/technet/security/current.asp> for Security
Patches using:
Product: Windows 2000 Adv. Server
Service Pack: Windows 2000 Service Pack 2

You'll find that MS will list a number of security patches that need to
be installed after installing Window 2000 SP2. I had those same
security patches installed prior to the installation of Windows 2000 SP2
- but now I need to re-install them all?? The same goes for IIS 5.0
patches.

I can not confirm these findings anywhere on Microsoft's web site or in
the Readme's, but using the registry as my guide, the Pre-SP3 patches
have been uninstalled during the install of Windows Service Pack 2.

Anyone else see the same problem?

Sean Kronberg
Network Administrator
VIACK Corporation
Phone: 425.605.7474
skronbergviack.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]