The WSUS Support Team Blog

Advance Notification for the November 2009 Security Bulletin Release

2009-11-05T22:57:38Z

Just a heads up but the folks at the MSRC just announced their Advance Notification for the November 2009 Security Bulletin Release:

To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins. The Office bulletins may not require a restart if the components being updated are not in use. More information about the upcoming security updates can be found on the TechNet Web site.

To read all the details see http://blogs.technet.com/msrc/archive/2009/11/05/november-2009-bulletin-release-advance-notification.aspx

J.C. Hornbeck | Manageability Knowledge Engineer

Automatic FixIt: You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version

2009-11-05T21:29:45Z

I asked the FixIt team for this a while back and they have delivered. Now if you ever run into the symptoms below the chances are good we can automatically fix it with just a few clicks of the mouse:

The Symptoms: When you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or a later version, you may receive an error message that resembles the following:

HTTP 401.1 – Unauthorized: Logon Failed

Note You only receive this error message if you try to browse the Web site directly on the server. If you browse the Web site from a client computer, the Web site works as expected.

Additionally, an event message that resembles the following event message is logged in the Security Event log. This event message includes some strange characters in the value for the Logon Process entry:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number

The Cause: This issue occurs when the web site uses Integrated Authentication and has a name that is mapped to the local loopback address.

The Fix: If you happen to come across any symptoms like this then take a look at the following Knowledge Base article:

896861 - You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version

The cool part is that this KB article contains a link to a Wizard that will fix this issue for you automatically. All you have to do is download and run it. This Loopback issue impacts almost any product that uses IIS, including your very own favorite, WSUS.

Jarrett Renshaw | Content Quality Program Manager

Update released for MS09-054

2009-11-03T13:29:32Z

From the MSRC blog:

Today we released an update 976749 that addresses two issues with MS09-054 that a limited number customers reported to us through our Customer Service and Support (CSS) group. These two issues can affect the proper display of web pages.

For all the details see http://blogs.technet.com/msrc/archive/2009/11/02/update-released-for-ms09-054.aspx

J.C. Hornbeck | Manageability Knowledge Engineer

Upgrading WSUS Service Pack 1 to Service Pack 2

2009-11-02T22:53:03Z

I get this question every once in a while so I thought I’d share what I learned here. We have two options to upgrade WSUS SP1 to SP2:

1. As an offer from Microsoft Update

KB972455 is the WSUS SP2 update. If you want to see SP2 in the list of updates make sure you have selected Service Packs in the Classification list. Custom view has been added for Service Packs in the below screenshot.

For WSUS SP2 to be offered on the server running WSUS SP1, the following conditions should not be true:

1. SQL is running remote

2. Server is running MOM version of SCE

We are checking for the following registry keys to know if above conditions are met. If SP2 is not offered on the server running SP1 we may need to install SP2 manually in these scenarios.

“HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Microsoft Operations Manager\3.0\Setup" Value="ServerVersion" Comparison="EqualTo" Data="6.0.1251.0"

"HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Microsoft Operations Manager\3.0\Setup" Value="ServerVersion" Comparison="EqualTo" Data="6.0.5000.0"

"HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Update Services\Server\Setup" Value="SqlInstanceIsRemote" Comparison="EqualTo" Data="1"

"HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\System Center Essentials\2.0\Setup\Components" Value="SERVER-VERSION" Type="REG_SZ"

If the above conditions are not true, SP2 will be offered to any server running SP1 if the following conditions are true:

"HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup”

Value="Version" Comparison="EqualTo" Data="3"

Value="ServicePackLevel" Comparison="EqualTo" Data="1"

Value="VersionString" Comparison="EqualTo" Data="3.1.6001.65"

If SP2 is offered for the server running SP1 then we can approve the update for the installation. This update is not for the WSUS Clients. Following are some of the screenshots showing the SP2 installation through WSUS.

Note: SP2 upgrade is not a silent process, Admin intervention is required.

If WSUS SP2 is offered through WSUS, the installation process will first backup the SUSDB and we will see the following line in the WSUSSetup.log.

2009-09-06 02:40:39 Success MWUSSetup Creating database backup...

2. Manual Upgrade

As mentioned earlier, if SQL is on a remote machine we have to download the SP2 setup from the below link and run the upgrade manually on the server. Before running the setup you need to backup the SUSDB manually from the remote SQL box as the upgrade process will not take any backup of the database.

http://www.microsoft.com/downloads/details.aspx?FamilyId=a206ae20-2695-436c-9578-3403a7d46e40&displaylang=en

Once the setup is finished, the regular configuration wizard will start which can be ignored by clicking cancel.

How to check if Upgrade was Successful?

The installation of SP2 can be verified from Add/Remove Programs:

or from the Console:

or via the Registry:

Note: Administrative Tools will not show any Service Pack version at this time.

Hope this helps,

Mohammed Tajammul Hussain | Technical Support Lead

New WSUS Product Category for Microsoft System Center Virtual Machine Manager 2008 R2

2009-10-26T14:03:16Z

In case you missed the announcement on Friday, there will be a new product category added to the WSUS server Products and Classifications dialog under the existing System Center Virtual Machine Manager family called Microsoft System Center Virtual Machine Manager 2008 R2. This new category will allow all classifications of updates to be offered to the Microsoft System Center Virtual Machine Manager 2008 R2 product. For more information see http://blogs.technet.com/wsus/archive/2009/10/23/new-product-category-for-microsoft-system-center-virtual-machine-manager-2008-r2.aspx...(read more)

Troubleshooting and data gathering for WSUS

2009-10-21T19:08:28Z

I was working with the Windows Server Update Services (WSUS) support team a few months back looking for a way that we could help reduce the amount of time it takes to resolve a case as well as reduce the number of incidents we get, and one of the things that was suggested at the time was a site explaining some of the initial troubleshooting and data gathering steps we traditionally do for the majority of our cases. That way you can get a head start on any issue you’re calling about, plus we...(read more)

Questions and answers from the October security bulletin webcast

2009-10-21T14:16:31Z

The folks at the MSRC have posted the questions and answers from the security bulletin webcast we conducted on October 14 at this link . It was clear from all of the questions concerning MS09-062 (the GDI+ update) that there is some confusion on how to apply the update when you have a combination of SQL Server and Windows 2000 clients. For all the details and to watch the video see http://blogs.technet.com/msrc/archive/2009/10/20/october-2009-security-bulletin-webcast-questions-and-answers.aspx Enjoy!...(read more)

The System Center Online Desktop Manager beta is coming soon

2009-10-14T13:40:17Z

You’ve heard about it and read about and now you’ll soon have the chance to try it out yourself. The System Center Online Desktop Manager beta is coming soon: The System Center Online team has been working hard in preparation for its next beta release of System Center Online Desktop Manager , expected in the fall of this year. This exclusive beta will only be available to a select number of customers. Our last beta was only offered to a small audience and resulted in a lot of great...(read more)

October 2009 Security Bulletin Release

2009-10-14T13:26:48Z

Below is the summary of Microsoft’s Security Bulletin Release for October 2009: This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”? The short answer to that question is yes. However, we have, on several occasions, released between 10 and 12 bulletins so this is business...(read more)

Visual Studio product family to be renamed "Developer Tools, Runtimes, and Redistributables"

2009-10-13T14:00:00Z

Looks like soon the Visual Studio product family will be renamed to "Developer Tools, Runtimes, and Redistributables" within WSUS. The WSUS Product Team Blog has a post on this and you can read all the details below: ======== Very soon, the "Visual Studio" product family will be renamed to "Developer Tools, Runtimes, and Redistributables". The reason for the change is to more accurately reflect the various developer related products that will be serviced via Microsoft Update and WSUS. To continue...(read more)

October 2009 Bulletin Release Advance Notification

2009-10-09T01:34:36Z

The folks over on the MSRC blog just announced Advance Notification for the October 2009 Security Bulletin Release: For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning. Among the updates this month, we are closing out two current security advisories:...(read more)

September 2009 Security Bulletin Webcast Video and Customer Q and A

2009-09-15T16:34:26Z

In case you missed the announcement last Friday, the MSRC released the September 2009 security bulletin webcast where it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. To read more details and check out the video see http://blogs.technet.com/msrc/archive/2009/09/11/september-2009-security-bulletin-webcast-video-and-customer-q-and-a.aspx Enjoy! J.C. Hornbeck | Manageability Knowledge Engineer...(read more)

New WSUS KB: KB974500 - After you disable the "Download express installation files" option, client computers may be unable to receive new updates

2009-09-14T17:55:00Z

We had a new WSUS related Knowledge Base article published last week, this one describing an issue where after you disable the "Download express installation files" option in Windows Server Update Services 3.0, client computers may be unable to receive new updates:

KB974500 - After you disable the "Download express installation files" option in Windows Server Update Services 3.0, client computers may be unable to receive new updates

Enjoy!

J.C. Hornbeck | Manageability Knowledge Engineer

Microsoft Security Advisory 975497 Released

2009-09-09T16:52:00Z

Just a heads up that yesterday we released Security Advisory 975497 that provides information about a new, irresponsibly reported vulnerability in SMB 2.0. Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability.

To read all the details see the MSRC blog at http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx.

J.C. Hornbeck | Manageability Knowledge Engineer

September 2009 Security Bulletin Release

2009-09-09T00:07:37Z

This month we released five critical bulletins to address vulnerabilities in Windows and protect customers from two types of threats:

1. Browser based attacks where websites hosting malicious code attempt to compromise visitors. This includes MS09-045, MS09-046 and MS09-047.

2. Network based scenarios where attackers attempt Remote Code Execution (RCE) or Denial-of-Service (DoS) type attacks. This includes MS09-048 and MS09-049.

For this set of bulletins, we consider the first category to be the biggest threat to customers overall as reflected in our Severity and Exploitability Index slide where we present a high level, aggregate view of each bulletin…

J.C. Hornbeck | Manageability Knowledge Engineer