"Coruscant" <> wrote in message
news:...
|> Thus, WU will not offer you the post-SP1 updates for installation.
|
| Why not? I thought Windows Server 2003 RTM was still supported.
It is... absolutely... but the default behavior of WU is to offer you the most
recent and complete patch package. Rather than the couple dozen pre-SP1
patches it offers Service Pack 1, without choice.
If you choose Custom updates you'll have the option to decline Service Pack 1,
and if you do that, then WU will present the individual pre-SP1 patches.
| Besides
| most of the insatlled patches are for this year and all the most recent ones
| (August and October) were made available for my RTM server as well as for my
| SP1 server.
The fact that an update was released after a service pack does not imply at
all that the update will only apply to the service pack. Many security
vulnerabilities that are discovered exist in the original release, as well as
the service packs, so the updates will apply to /all/ versions of the
platform.
| Two months ago I built a 2003-RTM server and all it took for MBSA2 to
| declare it secure was Windows Installer 3.1, a reboot, about 16 Microsoft
| Update patches and another reboot. Cut to today and MBSA2 will not declare
| a 2003-RTM server secure after a complete Microsoft Update.
Interesting....
But keep something else in mind. MBSA is a /security/ analyzer. It scans for
/security/ issues and missing /security/ updates. It does not check for
non-security related patches.
|
| Victor
|
|
|
| "Lawrence Garvin [MVP]" <> wrote in message
| news:...
| >
| > Most likely, the 28 updates you installed from WU are pre-SP1
| > updates, but you did not install SP1.
| >
| > Thus, WU will not offer you the post-SP1 updates for installation.
| >
| > MBSA, however, doesn't apply that kind of logic, it merely notes
| > what is missing, and what is probably missing are the 27 post-SP1
| > updates, plus SP1 (or perhaps not). Have you enabled the option
| > (perhaps via policy) that blocks the installation of Win2003 SP1?
| > (Which would account for why WU offered you the pre-SP1 updates
| > instead of just offering SP1 .... which is what it does by default.)
| >
| >
| >
| > "Coruscant" <> wrote in message
| > news:%...
| > | I've encountered something similar.
| > |
| > | I've just built two new W2K3 servers and applied Windows Update to
| > it.
| > | First comes Windows Installer 3.1 v2 and then a list of updates
| > required
| > | (around 28). When I rerun Windows Update at the end of the
| > process, no
| > | updates are listed as needed. However, MBSA 2.0 (when executed
| > both locally
| > | and remotely) indicates that I need another 24 updates. What's
| > happening
| > | here?
| > |
| > | Victor
| > |
| > | "Brad" <> wrote in message
| > | news:0FEFF175-2B05-4E06-9485-...
| > | > Hi there,
| > | >
| > | > We use WU to patch our servers. All servers appear to patch as
| > expected.
| > | > However, one server identified the need for the latest Oct
| > patches,
| > | > downloaded and installed them. When running WU again, it reports
| > no
| > | > Updates
| > | > required.
| > | >
| > | > But when running MBSA v2.0 on the server, it reports 22 patches
| > are
| > | > required. I used SMS, and found similar results. In addition,
| > certain
| > | > vulnerabilites don't even appear to be scanned for with the MBSA
| > v2.0 or
| > | > SMS.
| > | > (i.e MS03-23, MS03-39 + six others aren't listed as compliant or
| > | > missing).Therefore the server is deficient in 22 patches + the 8
| > | > vulnerabilities not listed.
| > | >
| > | > For some reason WU isn't identifying the required patches. Is
| > there some
| > | > way
| > | > to find out what WU uses to talk to the server and delete /edit
| > it in
| > | > order
| > | > for WU to fully scan the server ..
| > | > Thanks in advance
| > |
| > |
| >
| >
|
|
|
Similar Threads
Linear Mode
