Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
manual patching required on Win2k?
From: Mike Coppins (mikeLEGOLAS.COM)
Date: Wed Jun 04 2003 - 03:37:51 CDT
I think Win2k patches released by MS don't bother installing their files
if the installer detects that the patch has been installed before. This
is obviously a problem if one has to reinstall for example IIS.
I'm running Win2k at home, doing a number of things. My install routine
is outlined here:
(btw, www.legolas.com/wac/ is an obscure technical reference library I'm
building up for Windows)
I installed IIS (www, smtp and ftp) as I usually do, and then put SP2,
then all patches in order of release after that. Checking smtpsvc.dll
and the output of telnetting to the machine's port 25 gives me version
5.0.2195.4905, which seems to be the latest version available for people
not running SP3 (nasty EULA amongst other things).
I made a slight screwup in my installation, and so decided to
un/reinstall IIS SMTP the usual way (add/remove windows components), and
then looked through the patches I had already downloaded for the ones
that contained smtpsvc.dll. I then applied those patches in order, but
when I checked the version of smtpsvc.dll in inetsrv, and by telnetting
to port 25, it still showed 5.0.2195.2966. I tried reinstalling the
patches again, but to no avail. In the end I just copied the old
version smtp*.dll files I found with the newest versions I found in the
Before I reinstalled IIS SMTP I had emptied the dllcache (as it messes
with the DirectX installation), but left the contents of
servicepackfiles intact. The version of smtpsvc.dll was the same in
servicepackfiles as the old one in inetsrv (5.0.2195.2966) even after
the second round of patching.
I think there might be a problem with how patching is done on win2k,
that if the installer detects the patch has been installed already, it
doesn't bother doing anything.
Also - the latest IIS 5 cumulative patch (Q811114) doesn't patch
smtpsvc.dll, so I'm not sure how it can be called a cumulative patch.
Delivery co-sponsored by TruSecure
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!