Tag Archives: microsoft updates

You’re telling me someone gave a stranger his password?

I was talking breaches last week when a very high-up joined the conversation in mid-stream.

“Start over, Dave.”

“OK. I’m talking about breaches.”

“I know what you’re talking about,” he said, knowingly and very clearly interested.

Continue reading You’re telling me someone gave a stranger his password?

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.

I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.

Continue reading Why every breach is different

Happy Patch Tuesday, September 2011

Microsoft has five updates and Adobe has two for us on this fine Patch Tuesday, in addition to a patch Mozilla pushed out for Firefox last week.

Don’t get too complacent if you run something other than Windows. If you run Microsoft Office on a Mac, or Adobe Reader or Acrobat on a Mac, or Adobe Reader on Unix or Linux, you’re vulnerable. The vulnerabilities in those affected products are more serious than the vulnerabilities for Windows. So keep that in mind. Don’t be smug about security. It’ll bite you.

Continue reading Happy Patch Tuesday, September 2011

What to do when a Microsoft patch won’t install

So, Microsoft KB947742, an old .NET 1.1 fix, refused to install on one of the servers at work. When I ran the executable, all it did was pop up the window showing the Windows Installer switches or parameters. Searching Google turned up a number of people having the problem, but no solutions that worked, although reinstalling the .NET 1.1 Framework and the latest version of the Windows Installer are always good ideas when you run into weird problems. .NET 1.1 is extremely fragile anyway, and reinstalling it along with all applicable hotfixes has worked for me in the past to resolve weird issues, such as permissions issues showing up in the security log. Or .NET applications just suddenly not running anymore, even though they ran just fine yesterday.

I tried everything I could think of and finally stumbled on a solution. I have absolutely no idea why this works. First, I opened a command line, changed into the directory where I had stored the patch, and I ran the following command:

NDP1.1sp1-kb947742-x86.exe /extract .\947742

This extracts the update to a directory called 947742. Inside that directory, I found a single file, named NDP1.1sp1-kb947742-x86.msp. When I double-clicked on the file from Windows Explorer, it installed.

Ive applied this patch on more than 100 servers and I recall only having the problem on one of them. And, oddly, all other .NET patches and for that matter all other recent Microsoft updates apply to this machine just fine.

I suppose the same fix could work on other Windows updates that supply only a window full of switches instead of installing, or other weird installation issues. Its worth a shot if nothing else works and you cant (or would rather not) open a support case with Microsoft.

This is a strange case. If you’re running WSUS or (better yet) Shavlik Netchk and a patch refuses to install, try logging in, downloading and running the offending patch manually and note any error messages. Maybe, just maybe, this fix will help you. Or better yet, maybe the patch will tell you what you need to fix, but don’t count on it.

When absurdity strikes, try extracting the patch and poking around inside, like I did in this case.