Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Update Inconsitentency 1

Status
Not open for further replies.
craigs99

craigs99

IS-IT--Management
Mar 3, 2005
8
GB
Need some help with a patching issue from our 2003 WSUS3 SP2 server.
The workstations in our domain are XP SP3 with a small scattering of Windows 7.
The workstations are all Office 2003 with Office 2007 compatability pack installed.
Both WSUS and update.microsoft.com say the machines are fully patched.
An auditor recently used Nessus to run a vulnerability scan and found a number of Widnwos updates needed to the workstations. An example is MS10-056: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (2269638).
Now I think Nessus is just scanning for the signature of a file and becuase it sees the version of wordconv.dll as beng out of date is saying the box isn't patched.
However if I try to manually install any of the kb's for 2007 or the compatability pack or even word viewer then I'm told the required software isn't installed.

Any ideas on how to patch the machines or how to argue with the auditor that WSUS is doing what it should?

Thanks in advance guys
 
Sort by date Sort by votes
It is hard to tell who is correct in these cases. Sometimes a poorly designed application install will overwrite a file in one of the updates.

I would assume that if it comes down to who is right or wrong on whether or not an install is needed I would have to go with MS rather than the third party because they make their logic for their app based on what MS tells them.

Here is a link to a vbs file that has worked out some bugs for me in the past. For instance one time I could not get IE 8 installed on a few computers for the life of me. Turns out that an update was not correct or missing. When I ran this script it found that I was missing serveral updates that needed to be applied first.


If wscript is your default script engine you will get a lot of annoying popup dialogs for every message that the script has so you may want to run it from the command line with cscript

%windir%\system32\cscript.exe {Path2VBSFile}\wsusupdate.vbs

This will show you what it found, what is being installed and if you need a reboot before you can apply more. As far as I can tell it works with windowsupdate.microsoft.com or if you have an interal patch server like WSUS or SUS.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
440
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
555
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
371
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
788
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
472
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top