Software update snafus block Microsoft patches
- 24 June, 2008 08:33
Microsoft Corp. scrambled last week to fix a flaw -- or multiple flaws -- in two of its patch-distribution tools after some systems administrators reported that they had been blocked from installing its latest batch of security updates on PCs.
The problems, which Microsoft first acknowledged late on the night of June 13, affected admins who use the company's System Center Configuration Manager 2007 software to update PCs running its Systems Management Server (SMS) 2003 client.
After initially recommending a work-around that involved using Configuration Manager's software-distribution feature to roll out the seven security fixes it issued June 10, Microsoft last Tuesday released an update to the systems management software itself.
But then on Wednesday, Microsoft disclosed via a blog post that its Windows Server Update Services (WSUS) tool was being blocked from distributing updates to PCs running Office 2003 or pieces of the desktop application suite. The blog post detailed a multistep work-around for WSUS users.
In both cases, the company said that the update snafus stemmed from recent changes related to Office 2003 Service Pack 1. But a Microsoft spokesman wouldn't comment on whether the troubles with the two tools were caused by the same problem, saying only that the vendor was "actively investigating."
Andrew Storms, director of security operations at software vendor nCircle Network Security Inc., said he couldn't think of earlier instances of a single flaw affecting both WSUS and the more sophisticated Configuration Manager software.
The two tools use completely different update approaches, according to Storms. Like SMS 2003, which it replaced, Configuration Manager lets IT staffers automatically push updates to PCs, he said. In contrast, WSUS stores the updates on a server and then relies on PCs to download them via Microsoft's Windows Update client.
Microsoft issued a security advisory about the bug in Configuration Manager, saying that it could affect the "overall security" of users by hampering their ability to install software updates.
- MSP Guides for effective Endpoint Management Solutions
- Smart Cloud Provisioning: Low Cost and highly Scalable Entry Point into Cloud Computing
- New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection (Sponsored by McAfee)
- McAfee Whitepaper: Building the Business Case for Privacy
- Modernizing Security for the Small and Mid-Sized Business – Recommendations for 2013 (Sponsored by McAfee)
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Qureshi addresses the trend of ‘mojility’
- CITRIX SYNERGY ’13: IT needs to be empowered, says Sallam
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
Box buys iOS app to improve its own
Growing mobile malware threat swirls (mostly) around Android
Barracuda Networks raises free capacity of Copy.com to 15GB
Coke gives peace a chance ( +16 photos)