Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Critical Update Not Downloaded

1 view
Skip to first unread message

Buck Turgidson

unread,
Jul 8, 2009, 10:43:42 AM7/8/09
to
We are told that the update described in the link below is required for one
of our servers. However, the windows update does not report it as being
required.

Are there some critical udpates that are outside of the standard Windows
Update procedures?

Thanks.

http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx


Lawrence Garvin [MVP]

unread,
Jul 8, 2009, 12:29:39 PM7/8/09
to

"Buck Turgidson" <jc...@hotmail.com> wrote in message
news:h32bav$ph$1...@news.eternal-september.org...

> We are told that the update described in the link below is required for
> one of our servers.

> http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx


WHAT is telling you that this =2007= update is required?


> However, the windows update does not report it as being required.

And what makes the above source more reliable to you than the Windows Update
Agent?


> Are there some critical updates that are outside of the standard Windows
> Update procedures?

No.

This update, MS07-040, is applicable to three .NET Framework platforms...
.NET10SP3, .NET11SP1, and .NET20RTM.

The update was superseded by .NET20SP1, which should be installed on that
server if it has .NET20 installed.

If this is a Win2003SP1 or later machine, it has .NET11SP1 installed and
this update should be applicable -- unless it's already been installed.

There are three different packages for MS07-040 that might be applicable, so
the other question is: WHICH PACKAGE...

KB928366 for .NET11SP1 systems not installed on Windows Server 2003
KB933854 for .NET11SP1 systems on Windows Server 2003
KB928365 for .NET20 systems.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Buck Turgidson

unread,
Jul 8, 2009, 12:42:08 PM7/8/09
to
>
>> We are told that the update described in the link below is required for
>> one of our servers.
>
>> http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
>
>
> WHAT is telling you that this =2007= update is required?

A security vendor's scanning tool.

>
>
>> However, the windows update does not report it as being required.
>
> And what makes the above source more reliable to you than the Windows
> Update Agent?

Cuz we pay them, and our boss listens to them :)


>
>
>> Are there some critical updates that are outside of the standard Windows
>> Update procedures?
>
> No.
>
> This update, MS07-040, is applicable to three .NET Framework platforms...
> .NET10SP3, .NET11SP1, and .NET20RTM.
>
> The update was superseded by .NET20SP1, which should be installed on that
> server if it has .NET20 installed.
>
> If this is a Win2003SP1 or later machine, it has .NET11SP1 installed and
> this update should be applicable -- unless it's already been installed.
>
> There are three different packages for MS07-040 that might be applicable,
> so the other question is: WHICH PACKAGE...
>
> KB928366 for .NET11SP1 systems not installed on Windows Server 2003
> KB933854 for .NET11SP1 systems on Windows Server 2003
> KB928365 for .NET20 systems.
>
>


This is 2003 SP2. It says that .NET 2.0 is installed, but it doesn't
mention anything at SP1.

I hope this give you a clearer picture of my question.


Lawrence Garvin [MVP]

unread,
Jul 8, 2009, 2:09:33 PM7/8/09
to

"Buck Turgidson" <jc...@hotmail.com> wrote in message
news:h32i92$qe9$1...@news.eternal-september.org...

>>> We are told that the update described in the link below is required for
>>> one of our servers.
>>
>>> http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
>>
>>
>> WHAT is telling you that this =2007= update is required?

> A security vendor's scanning tool.

WHAT security vendor's scanning tool...

AND when's the last time the CATALOG for this scanning tool was updated?


>>> However, the windows update does not report it as being required.
>>
>> And what makes the above source more reliable to you than the Windows
>> Update Agent?

> Cuz we pay them, and our boss listens to them :)

Maybe good political reasons...

but absolutely useless and dangerous TECHNICAL reasons!

The metadata written in Microsoft update packages is written based on the
engine built into the WUAgent and the MU/WSUS catalogs. The most reliable
interpretation of that metadata possible is that which is reported by the
WUAgent (using the MU catalog or a WSUS Server).

Anything else must be dependent upon choosing a "catalog" to scan against,
and the validity of that catalog.


>> There are three different packages for MS07-040 that might be applicable,
>> so the other question is: WHICH PACKAGE...
>>
>> KB928366 for .NET11SP1 systems not installed on Windows Server 2003
>> KB933854 for .NET11SP1 systems on Windows Server 2003
>> KB928365 for .NET20 systems.
>>

> This is 2003 SP2. It says that .NET 2.0 is installed, but it doesn't
> mention anything at SP1.

This is where understanding what installs what is a really good thing.

Windows Server 2003 *includes* the .NET Framework v1.1
Windows Server 2003 SP1 *includes* the .NET Framework v1.1 Service Pack 1
(as does Win2003SP2).

It's the only OS platform that has ever actually included the .NET Framework
as part of the core OS installation (and now, of course, MS understands why
including .NET11 in Win2003 was a bad idea).

So we know for a fact the machine has .NET11SP1 installed -- there's no
choice in the matter.


The .NET Framework v2.0 is an add-on only package and if .NET 20 Service
Pack 1 had been installed, you'd have that logged in your WSUS Server (since
.NET20SP1 was a WSUS-distributed OS update).

You can also inspect the HKLM\Software\Microsoft\NET Framework
Setup\NDP\v2.0.50727 registry key for the current SP level of the .NET
Framework v2.0.

It's *possible* (though highly unlikely) that the detection of the .NET11SP1
version of MS07-040 is being masked by the presence of .NET20SP1 -- assuming
it's installed.

The best way to evaluate this is to look for the specific update packages I
enumerated in the previous message and identifying the status for each of
those packages:

>> KB933854 for .NET11SP1 systems on Windows Server 2003
>> KB928365 for .NET20 systems.

Harry Johnston [MVP]

unread,
Jul 8, 2009, 5:42:52 PM7/8/09
to

Buck Turgidson wrote:

> We are told that the update described in the link below is required for one
> of our servers. However, the windows update does not report it as being
> required.

Is this Windows Update (the web site) or are you using a WSUS server?

Are any other updates being reported as required? (If so, Windows Update could
be offering you another update which includes this one.)

Harry.

0 new messages