Microsoft has recently re-released Security Patches 2 or more times with the same KB and MSxx-0xx number. These updates have been changed to include different file versions. This makes it difficult to spot check a machine to verify it has been patched. In our company we have a
large number of computers belonging to third parties that connect to the network. We have always validated them by checking their list of installed hotfixes. This will no longer work.
For example MS06-042 (KB918899) was released three times 8/8/06, 8/22/06, 9/12/06, with updated files. With different content. If one was going to check the registry or under Add/Remove programs it would appear as the patch was installed, but you wouldn't know what version
it was.
I realize WSUS, Automatic Updates, and other utilities will look at actual file versions to insure they are correct this makes life very difficult for administrators.
What is Microsoft's logic for changing files without issuing a new patch number? Are they just trying to keep the numbers down? If your fixing minor items in a patch (like detection method) which doesn't affect the outcome of the installed files I can see keeping the number the same, but once you change one file you change the entire patch.
Lets say we are having a problem with a few servers crashing and we are comparing updates on the servers, we look and all servers that have MS06-042 installed, but in reality they have different versions of patch.
I guess this is just another major MONKEY WRENCH in the Windows Update Saga.
large number of computers belonging to third parties that connect to the network. We have always validated them by checking their list of installed hotfixes. This will no longer work.
For example MS06-042 (KB918899) was released three times 8/8/06, 8/22/06, 9/12/06, with updated files. With different content. If one was going to check the registry or under Add/Remove programs it would appear as the patch was installed, but you wouldn't know what version
it was.
I realize WSUS, Automatic Updates, and other utilities will look at actual file versions to insure they are correct this makes life very difficult for administrators.
What is Microsoft's logic for changing files without issuing a new patch number? Are they just trying to keep the numbers down? If your fixing minor items in a patch (like detection method) which doesn't affect the outcome of the installed files I can see keeping the number the same, but once you change one file you change the entire patch.
Lets say we are having a problem with a few servers crashing and we are comparing updates on the servers, we look and all servers that have MS06-042 installed, but in reality they have different versions of patch.
I guess this is just another major MONKEY WRENCH in the Windows Update Saga.