Microsoft's security patches hit snagLatest updates appear to have overwritten a file used to keep track of approved updatesBy Robert McMillan, IDG News ServiceDecember 14, 2005 print thisPrinter Friendly VersionSome users of Microsoft (Profile, Products, Articles) Corp.'s Software Update Services (SUS) may be experiencing a minor annoyance, thanks to a glitch in the company's latest security patches, released Tuesday. The latest update may be changing the status of software updates that had been previously approved by administrators who use the service, according to Microsoft.SPONSORIT STRATEGY GUIDE: BUSINESS PROCESS MANAGEMENT (BPM)Sponsored by BMC SoftwareSPONSORIT STRATEGY GUIDE: SERVICE-ORIENTED ARCHITECTURESponsored by Flashline"If you synchronize your server after December 12, 2005, all previously approved updates may be unapproved and the status may appear as 'updated,' Microsoft said in a note published Wednesday. (http://support.microsoft.com/?kbid=912307)SUS is used by Microsoft administrators to gain more control over which Microsoft software patches get installed on their network. When a patch has been tested and determined to be appropriate for installation, it can be marked as "approved" and then automatically installed on the PCs being managed by the service.Tuesday's glitch disrupts that process.The problem is that the latest updates appear to have overwritten a file that is used to keep track of approved updates, said Russ Cooper, a scientist at security vendor Cybertrust Inc.Microsoft's note lists a number of work-arounds for this issue, but the simplest solution is to simply restore this file, called Approveditems.txt, from a backup copy, Cooper said."This shouldn't be a big problem for anybody because you're backing up that text file, aren't you?" he said. "But if you're not, be prepared to do a bunch of clicking."Microsoft plans to release a script that will reset these settings to a previous state, the company said.
Recent IT Security Articles that include actual security compromises of companies, corporations and government entities. Also, in most cases,provides the breakdown in regulatory and industry security monitoring/protection requirements.
Friday, December 16, 2005
Microsoft's security patches hit snag
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment