Microsoft snafu blocks enterprise patching

Microsoft Corp. confirmed late Friday that enterprise administrators using one of its patch-distribution tools have not been able to install last week's security updates.
The company offered a work-around and said it is working on a fix.

"We're aware of an issue that is affecting the deployment of the June 2008 security updates," acknowledged Christopher Budd, spokesman for the Microsoft Security Response Center (MSRC), in a post to the group's blog Friday night.

Only corporate administrators using System Center Configuration Manager (ConfigMgr) 2007, which itself was just updated to Service Pack 1 (SP1), are affected, and only those systems running System Management Server (SMS) 2003 client software refuse to update. "The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients," said Budd.

Last Tuesday, Microsoft published its usual monthly batch of security updates, which for June patched 10 vulnerabilities in Windows and Internet Explorer.

The successor to SMS 2003, System Center Configuration Manager assesses, deploys and updates server and client systems.

The MSRC also posted a security advisory on Friday, even though Microsoft doesn't strictly consider the problem security-related. "This issue is not a security vulnerability in System Center Configuration Manager 2007," the advisory stated. "[But] in this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."

According to an entry added to another company blog last Thursday, the glitch stems from "an issue with updated content published for the Office 2003 Service Pack 1 update, " said J.C. Hornbeck, an engineer at Microsoft's manageability group. "The June 10, 2008, release of the WSUS Offline Scan Catalog (wsusscn2.cb) fails to synchronize on a ConfigMgr 2007 or ConfigMgr 2007 SP1 site server using the Inventory Tool for Microsoft Updates (ITMU)."

No other information was provided about the source of the problem or why the Office 2003 SP1 update caused the trouble now. Office 2003 SP1 was first released in mid-2004.

And although Office 2007 SP1 was updated last Tuesday to fix a problem on Windows Server Update Services (WSUS) that caused some language-specific content to fail to download, Microsoft said there was no connection between that fix and the ConfigMrg problem caused by Office 2003 SP1.

Administrators can determine if the June 10 updates were deployed by examining the Wsyncmgr.log on the ConfigMgr 2007 site server, added Hornbeck.

Budd said that Microsoft is working on a patch. In the meantime, he recommended that administrators use the Software Distribution feature within ConfigMgr 2007 to roll out the June security updates.

For any help related to Microsoft you can go for Microsoft Help

source:computerworld.com