Missing Update KB2719615 in WSUS
-
Tuesday, June 19, 2012 9:59 AM
Hi, the following post on the SUS boards suggest that the critical update for KB2719615 is available via WSUS http://blogs.technet.com/b/sus/archive/2012/06/14/will-security-advisory-kb2719615-be-added-to-the-offline-microsoft-update-catalog.aspx "...It is also available via WSUS Server..."
I believe I have the relevant product updates selected in products and classifications. Can anyone suggest why I do not see it? A search for the KB number in WSUS does not return any results.
I'm aware that the Fix-It is available, but was hoping to deploy this critical update via WSUS if possible.
Thanks in advance
All Replies
-
Wednesday, June 20, 2012 5:50 AMModerator
Hi,
For more information about this workaround, visit the following Microsoft Security Advisory webpage:
It is not available via WSUS Server.It is not a security update,just a hotfix that you need to manually install it thru the KB article.You can install it if necessary according to your OS environment. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.
Regards,Clarence
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Edited by Clarence ZhangModerator Wednesday, June 20, 2012 5:55 AM
- Marked As Answer by Clarence ZhangModerator Friday, June 29, 2012 5:53 AM
-
Wednesday, June 20, 2012 8:24 PMIf this is so critical, which i believe it is, why hasn't MS made this a security update which companies using WSUS can easily deploy to their environment?
-
Friday, June 29, 2012 2:28 PM
If it is not going to be available in WSUS then why does J.C Horbeck in his blog says that it will be in WSUS?
J.C. Hornbeck
J.C. Hornbeck
MicrosoftKB2719615 is a critical update, so like all other MSRC security advisories that are released as a Critical Update, it will not be in the WSUSSCN2.CAB for use by SMS 2003 and MBSA. However, it is available via Windows and Automatic updates for consumers. It is also available via WSUS Server (which includes ConfigMgr 2007 and ConfigMgr 2012, Intune, SBS, SCE and MBSA) and the MU Catalog site.
-
Saturday, June 30, 2012 5:06 AM
If it is not going to be available in WSUS then why does J.C Horbeck in his blog says that it will be in WSUS?
J.C. Hornbeck
J.C. Hornbeck
MicrosoftKB2719615 is a critical update, so like all other MSRC security advisories that are released as a Critical Update, it will not be in the WSUSSCN2.CAB for use by SMS 2003 and MBSA. However, it is available via Windows and Automatic updates for consumers. It is also available via WSUS Server (which includes ConfigMgr 2007 and ConfigMgr 2012, Intune, SBS, SCE and MBSA) and the MU Catalog site.
revised blog post is on the wsus blog:
http://blogs.technet.com/b/sus/archive/2012/06/14/will-security-advisory-kb2719615-be-added-to-the-offline-microsoft-update-catalog.aspxThis MSXML advisory is also unique in that it is not available on Microsoft Update, which means it cannot be obtained via Automatic Updates, Windows Update, Microsoft Update, or any enterprise management tool (WSUS Server, SMS/SCCM, Intune) or the MU Catalog.
Don
-
Tuesday, July 03, 2012 6:34 PM
It would be nice to see a bold note a the top of each related page indicating essentially what Don has spelled out above (My understanding from reading the KB and these comments is that no other solution exists, therefore the majority of windows users globally should be deploying the Fix-It on a case by case basis.). And, the note should also indicate that when a better solution (via auto updates, etc) is available, that information will also be clearly noted at the top of these pages as well.
http://support.microsoft.com/kb/2719615
http://technet.microsoft.com/en-us/security/advisory/2719615
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889
The requirement for individuals to act should be clearer if the threat is as egregious as I understand it to be, and no good fix can be implemented via typical security software or automated system updates.
Agreed?
- Edited by brewmaster3000 Tuesday, July 03, 2012 6:38 PM
-
Wednesday, July 04, 2012 1:22 AMModerator
I believe every KB article, MSRC Security Bulletin, and MSRC Security Advisory has a link or reference somewhere in the document for providing feedback. That would be the appropriate vector for this information. There's nothing we can do in this forum about the formatting of those documents.It would be nice to see a bold note a the top of each related page indicating essentially what Don has spelled out above
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Product Manager, SolarWinds
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin -
Wednesday, July 04, 2012 1:26 AMModerator
If this is so critical, which i believe it is, why hasn't MS made this a security update which companies using WSUS can easily deploy to their environment?
Where did you get "critical" from?
As for why it's not a security update yet.. because Microsoft is still investigating as the Security Advisory clearly states.
There is no known exploit for this issue at present, it is merely a possible attack vector with fairly particular requirements -- the most notable being the requirement to socially engineer a person into going to a 'specially crafted website'. As noted in the advisory, if further investigation shows that a generally available update is necessary, it will be created.
In the meantime, if you wish to mitigate your possible risk against this issue, you can follow the guidance in the Security Advisory.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Product Manager, SolarWinds
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
.png)
