Microsoft has recently re-released Security Patches 2 or more times
with the same KB and MSxx-0xx number. These updates have been changed
to include different file versions. This makes it difficult to spot
check a machine to verify it has been patched. In our company we have a
large number of computers belonging to third parties that connect to
the network. We have always validated them by checking their list of
installed hotfixes. This will no longer work.
For example MS06-042 (KB918899) was released three times 8/8/06,
8/22/06, 9/12/06, with updated files. With different content. If one
was going to check the registry or under Add/Remove programs it would
appear as the patch was installed, but you wouldn't know what version
it was.
I realize WSUS, Automatic Updates, and other utilities will look at
actual file versions to insure they are correct this makes life very
difficult for administrators.
What is Microsoft's logic for changing files without issuing a new
patch number? Are they just trying to keep the numbers down? If your
fixing minor items in a patch (like detection method) which doesn't
affect the outcome of the installed files I can see keeping the number
the same, but once you change one file you change the entire patch.
Lets say we are having a problem with a few servers crashing and we are
comparing updates on the servers, we look and all servers have MS06-042
installed, but in reality they have different versions of patch.
I guess this is just another major MONKEY WRENCH in the Windows Update
Saga.
|
Similar Threads
Linear Mode
