Microsoft fixes patch-blocking bug
- 18 June, 2008 07:54
Microsoft Tuesday fixed a flaw in an enterprise patch distribution tool that had blocked administrators from rolling out last week's bug patches.
The problem, which Microsoft acknowledged late last Friday, affected administrators using System Center Configuration Manager (ConfigMgr) 2007 to update users' PCs running System Management Server (SMS) 2003 software.
System Center Configuration Manager 2007 is the successor to SMS 2003, and assesses, deploys and updates server and client computers.
According to Microsoft, customers with that combination had been unable to push June's security updates to end users' PCs. Those updates, which patched 10 vulnerabilities in Windows and Internet Explorer (IE), were released on June 10.
Friday, Microsoft took the unusual step of issuing a security advisory, even though the problem didn't strictly fit into the category. "We are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates," Microsoft noted in the advisory. "Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."
Tuesday, Microsoft posted a fix to its support site and offered more information on the cause of the problem. Previously, the company had only said that the snafu stemmed from Office 2003 Service Pack 1 (SP1), a mid-2004 update; it had declined to elaborate when asked to clarify the cause.
"This problem occurs because of changes that were made for the June 10, 2008 [security] release," noted a support document posted by Microsoft today. "Additional metadata that is associated with Microsoft Office 2003 SP1 was added to the Wsusscn2.cab file. The catalog synchronization process was not designed to handle the specific changes that were made."
A fix, Microsoft added, was applied to the catalog synchronization executable, which must be installed on a Configuration Manager 2007 site server. The revised Updatewuscatalog.exe file is a 132K download.
Although Microsoft told users last week that they could work around the updating block by using the Software Distribution feature within Configuration Manager 2007, today it urged administrators to apply the fix. "We recommend any ConfigMgr 2007 customers with System Management Server (SMS) 2003 clients go ahead and review the KB and plan to deploy the update," Christopher Budd, spokesman for the Microsoft Security Response Center (MSRC), said in a post to the group's blog.