What SMS shops need to know about October’s bulletins and the MS04-028 Scan Tool

Along with this month’s Security Updates, Microsoft has also released utilities for SMS and non-SMS environments to Scan and Patch their systems for MS04-028. You can find them here:


 


KB 885920 – How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that use Systems Management Server


http://support.microsoft.com/default.aspx?scid=KB;EN-US;885920 – Will be available by noon PDT Tuesday


Public download location (Available by noon PDT)


http://www.microsoft.com/downloads/details.aspx?FamilyId=C4745685-9521-4B63-A338-0B3E2DCBF2BB&displaylang=en


KB 886988 How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that do not use Systems Management Server


http://support.microsoft.com/default.aspx?scid=KB;EN-US;886988 – Will be available by noon PDT Tuesday


Public download location (Available by noon PDT)


http://www.microsoft.com/downloads/details.aspx?FamilyId=70E1C04D-47E2-4EA6-A638-11AB6AD9BD6E&displaylang=en


 


There are a few things to know about this as well as this month’s security bulletins.


1. This MS04-028 Scan Tool works for BOTH SMS 2.0 and SMS 2003


2. You DO NOT need to upgrade to the SMS 2003 SP1 Scan Tools to install this update.


3. MS04-038 has a caveat on IE 6.0 SP1 where the MBSA cannot detect it but READ THE BULLETIN!!!! The SMS Team created pointers in the Security Bulletin Catalog (MSSECURE.XML) for this update to run a SMS specific hotfix which supports the standard IE switches (/q:a /r:n).  This enables you to deploy this update in the same DSUW created SMS package as the other updates this month. As per the bulletin:


 


Can I use Systems Management Server (SMS) to determine if this update is required?
SMS can successfully deploy this update for all versions of Internet Explorer, except for Internet Explorer 6 SP1. As noted in the Affected Components section of this bulletin, this release includes two packages for Internet Explorer 6 SP1. One package is designed for Windows 2000, Windows XP, and Windows XPSP1. This package uses the Update.exe installation technology discussed above. The second package is designed for Windows NT, Windows 98, and Windows Me. MBSA is not able to determine which Internet Explorer 6 SP1 update is required for a specific Operating System. A package intended for SMS Deployment only has been created that contains both versions of the Internet Explorer 6 SP1 updates. When deployed with SMS, this package will detect the operating system and install the correct version of the update for that operating system. MBSA when used with SMS, will instruct SMS administrators to deploy this SMS Deployment package. For more information on this update, please see
Microsoft Knowledge Base Article 887437.


This means that all bulletins this month are SMS deployable because of the extra work ahead of time that the SMS Team put in to make this so. Great job!

One thought on “What SMS shops need to know about October’s bulletins and the MS04-028 Scan Tool

  1. I tried using the logging switches for the .NET Framework patch. I ran patchinstall manually on a Win 2K server. The patch did not install and worse popped up a dialog box with a problem in the .tmp file it was working out of. I removed the logging switches and stuck with /I /q, after that the update installed successfully.

    Thanks for the IE info, I hadn’t gotten to that one yet.

Leave a Reply

Your email address will not be published. Required fields are marked *