Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Aj Effin Reznor (ajreznor.com)
Date: Thu Apr 25 2002 - 10:20:33 CDT
"John McGuire was known to say....."
> There has been a lot of confusion about MBSA and hotfixes.
> Last night I set up a test of one IIS4 and one IIS5 box to
> verify results I have seen when patching and testing
> production servers. I wanted to be able to sketch out the
> capabilities of three update methods and the different ways
> to validate installation of patches.
> I am posting to ask any interested parties to check out my
> methods and findings to validate them. The results are
> pretty confusing, but are also scary. I have been working
> on this off and on for the last week and am pretty
> confident of these findings:
> - ms02-018 does not update IIS boxes with all hotfixes that
> are supposed to be included.
> - Windows update doesn't either. It removes ms02-018 fixes
> when previously installed on win2k.
> - All the MS testing tools could not seem to report an
> accurate picture of what patches were installed or missing
> from a system.
> - Even file dates of seemingly up to date patches didn't
> quite match what Microsoft documents in the Q article for
> the hotfix.
(Pardon the excessive quoting, folks, the above is at least
mentioned, tho not necc. resolved, in the link below)
I noticed actually that you were referrenced in an eWeek article
which I haven't seen referrenced here yet:
I noticed you were quoted directly in the article, which cites
potential causes for some of the inaccuracies that you outline
I mention it here because it only reinforces what you state
and backs it up with similar experiences from other administrators,
and while Microsoft has gotten several "Atta boy!"s this week here
for making attempts with MBSA, eWeek does a fair job of exposing
serious (and potentially fatal) flaws in the interopability of
the MS offerings. (I'm not speaking so much of flaws within
MBSA but severe differences in the findings between MBSA
and Windows Update (WU)).
A few brief points that it makes:
"But confusion has risen with patch management in WU because
Microsoft has at least four mechanisms for installing patches,
each with its own vagaries and nuances. The complexity has led
to technical glitches and patch mismanagement."
"Many of the problems with the automated updates have surfaced
only recently as customers have begun using the new - and also
flawed - Microsoft Baseline Security Analyzer tool to scan their
systems for missing virus patches."
Interestingly, the patch that John cites above (MS02-018) is not
one of the two that MS admits to having been causing problems
(MS02-008 and -009).
> On behalf of any of us and others who will benefit from
> this information, thanks for your help!
While I can't offer too much in the way of serious additional
material to lift the fog, I can only agree that what you are seeing
is beeing seen by many others.