none
Missing Update KB2719615 in WSUS

Respostas

  • Hi,

    It is not available via WSUS Server.It is not a security update,just a hotfix that you need to manually install it thru the KB article.You can install it if necessary according to your OS environment. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.

    For more information about this workaround, visit the following Microsoft Security Advisory webpage:



    Regards,

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    quarta-feira, 20 de junho de 2012 05:50
    Moderador

Todas as Respostas

  • Hi,

    It is not available via WSUS Server.It is not a security update,just a hotfix that you need to manually install it thru the KB article.You can install it if necessary according to your OS environment. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.

    For more information about this workaround, visit the following Microsoft Security Advisory webpage:



    Regards,

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    quarta-feira, 20 de junho de 2012 05:50
    Moderador
  • If this is so critical, which i believe it is, why hasn't MS made this a security update which companies using WSUS can easily deploy to their environment?
    quarta-feira, 20 de junho de 2012 20:24
  • If it is not going to be available in WSUS then why does J.C Horbeck in his blog says that it will be in WSUS?

    http://blogs.technet.com/b/configurationmgr/archive/2012/06/14/will-security-advisory-kb2719615-be-added-to-the-offline-microsoft-update-catalog.aspx

     J.C. Hornbeck
    Avatar of J.C. Hornbeck

    J.C. Hornbeck
    Microsoft

    KB2719615 is a critical update, so like all other MSRC security advisories that are released as a Critical Update, it will not be in the WSUSSCN2.CAB for use by SMS 2003 and MBSA.  However, it is available via Windows and Automatic updates for consumers. It is also available via WSUS Server (which includes ConfigMgr 2007 and ConfigMgr 2012, Intune, SBS, SCE and MBSA) and the MU Catalog site.

    sexta-feira, 29 de junho de 2012 14:28
  • If it is not going to be available in WSUS then why does J.C Horbeck in his blog says that it will be in WSUS?

    http://blogs.technet.com/b/configurationmgr/archive/2012/06/14/will-security-advisory-kb2719615-be-added-to-the-offline-microsoft-update-catalog.aspx

     J.C. Hornbeck
    Avatar of J.C. Hornbeck

    J.C. Hornbeck
    Microsoft

    KB2719615 is a critical update, so like all other MSRC security advisories that are released as a Critical Update, it will not be in the WSUSSCN2.CAB for use by SMS 2003 and MBSA.  However, it is available via Windows and Automatic updates for consumers. It is also available via WSUS Server (which includes ConfigMgr 2007 and ConfigMgr 2012, Intune, SBS, SCE and MBSA) and the MU Catalog site.

    revised blog post is on the wsus blog:
    http://blogs.technet.com/b/sus/archive/2012/06/14/will-security-advisory-kb2719615-be-added-to-the-offline-microsoft-update-catalog.aspx

    This MSXML advisory is also unique in that it is not available on Microsoft Update, which means it cannot be obtained via Automatic Updates, Windows Update, Microsoft Update, or any enterprise management tool (WSUS Server, SMS/SCCM, Intune) or the MU Catalog.


    Don

    sábado, 30 de junho de 2012 05:06
  • It would be nice to see a bold note a the top of each related page indicating essentially what Don has spelled out above (My understanding from reading the KB and these comments is that no other solution exists, therefore the majority of windows users globally should be deploying the Fix-It on a case by case basis.). And, the note should also indicate that when a better solution (via auto updates, etc) is available, that information will also be clearly noted at the top of these pages as well.

    http://support.microsoft.com/kb/2719615

    http://technet.microsoft.com/en-us/security/advisory/2719615

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889

    The requirement for individuals to act should be clearer if the threat is as egregious as I understand it to be, and no good fix can be implemented via typical security software or automated system updates.

    Agreed?

    terça-feira, 3 de julho de 2012 18:34
  • It would be nice to see a bold note a the top of each related page indicating essentially what Don has spelled out above

    I believe every KB article, MSRC Security Bulletin, and MSRC Security Advisory has a link or reference somewhere in the document for providing feedback. That would be the appropriate vector for this information. There's nothing we can do in this forum about the formatting of those documents.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    quarta-feira, 4 de julho de 2012 01:22
    Moderador
  • If this is so critical, which i believe it is, why hasn't MS made this a security update which companies using WSUS can easily deploy to their environment?

    Where did you get "critical" from?

    As for why it's not a security update yet.. because Microsoft is still investigating as the Security Advisory clearly states.

    There is no known exploit for this issue at present, it is merely a possible attack vector with fairly particular requirements -- the most notable being the requirement to socially engineer a person into going to a 'specially crafted website'. As noted in the advisory, if further investigation shows that a generally available update is necessary, it will be created.

    In the meantime, if you wish to mitigate your possible risk against this issue, you can follow the guidance in the Security Advisory.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    quarta-feira, 4 de julho de 2012 01:26
    Moderador