Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

WSUS downloading IE7 Spanish?

November 22nd 2006 in Uncategorized

There are several reports of the Spanish version of IE7 being downloaded instead of the English version. 


We have also seen one report of the Spanish version of IE7 being offered for install on client machines despite IE7 apparently being blocked (unconfirmed).


More information as it comes to hand will be on the WSUS blog:
http://blogs.technet.com/wsus/default.aspx


Update: Bobbie Harder has posted to microsoft.public.windows.server.update_services advising that MS have confirmed the problem and have a fix, and advice for those affected.  You will need to access the article using NNTP to access the batch file.


http://groups.google.com/group/microsoft.public.windows.server.update_services/browse_frm/thread/416dbe5eea65a2f1/a31aa73870520969#a31aa73870520969


Hi Folks –
We have verified a problem in the metadata for the latest  IE7.0 update
rollup package which impacts the installation behavior for all locales, and
results in an Spanish error dialog after installation as reported..


To immediately address the spread of this issue, the IE7.0 update package
has been expired effective 5:00PM PST, Wednesday, 11/22/06.  Synchronizing
WSUS servers after 5:00PM PST will ensure the expiration status is applied
to the latest IE7.0 update rollup package, released 11/21/06.


Clients which are currently displaying a Spanish error dialog, or are
rechecking for this update package, can be stopped from doing so via the
following steps:
If the update was approved for a scheduled installation:
1.       Stop the AU service.
2.       Kill the following processes –
a.       Iesetup.exe
b.      Ie7-WindowsXP-x86-esn.exe
3.       Start the AU service after you have synchronized the WSUS server to
expire the IE7 update.
4.       Run the command wuauclt.exe /detectnow.  We have to do this to
reset the IE 7 status on the client.  In my test, it offered the IE7 update
again, so it did not check back with the WSUS server where it had been
changed to detect only status.
.
If it is a manual kick off with the AU icon from systray, then clicking okay
to the error message, clears the IE setup executables, so we can just do the
following –
1.       Stop the AU service
2.       Start the AU service after you have synchronized the WSUS server to
expire the IE7 update.
3.       Run the command wuauclt.exe /detectnow.  We have to do this to
reset the IE 7 status on the client.  In my test, it offered the IE7 update
again, so it did not check back with the WSUS server where it had been
changed to detect only status.

If other updates were installed at the same time, a reboot will be required
to finish off the updates that did install for both scenarios above.

Attached is a sample batch file Before running a similar batch file you will
have had to either synchronize to ensure the update is expired , or have had
changed the update approval  to Not Approved or Dectect Only.  The batch
file sample can be run on the client system either from a logon script or
running it manually on the client.
A new update rollup package for this IE 7.0 release will be available for
synchronization early next week.  We regret the inconvenience and confusion
this issue may have caused WSUS customers.  Thank you for your reports and
enabling us to get this issue headed off so quickly.

– Bobbie Harder

PM, WSUS


Comments are closed.

The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain.
No patch – workaround is to turn off “Remember passwords for sites”
Once again, myspace is apparently being used […]

Previous Entry

Discussed on spamnotes.com:http://spamnotes.com/2006/11/19/4th-circuit-beats-back-antispam-plaintiff.aspx
Also discussed here – easier for the layperson to understand:http://blog.ericgoldman.org/archives/2006/11/fourth_circuit_1.htm
and here:http://womblencappellate.blogspot.com/2006/11/fourth-circuit-spam-anyone.html
I haven’t had a chance to sit down and ponder the end result of the ruling for spam’s victim-in-the-street but a quick scan of the articles cited above doesn’t reveal anything that jumps out at me as a questionable assessment of effect.

Next Entry

Archives