locked
Question(s) RE: May 1st Zero-Day Vulnerability Patch Release(s) and WSUS RRS feed

  • Question

  • 1.Will WSUS properly handle the zero-day patch (KB2964358 & KB2964444) distribution to machines that are either in a “not installed” or “pending reboot” state for the April’s IE cumulative updates (KB2936068, KB 2925418, KB2929437, etc.) ? e.g. if both the IE updates from April and the zero-day patches are downloaded to a workstation simultaneously (or between reboots), will the workstation handle the install(s) properly?   

    2. Can more details be provided for the “potential compatibility issues” that could arise happens if the zero-day patches get installed before April’s IE Cumulative updates?

    Friday, May 2, 2014 4:21 PM

Answers

  • A machine in a "Pending Reboot" state will not install updates. Period. It must be rebooted.

    If the updates are downloaded *simultaneously*, both updates will be installed and the system will reboot once. This is how Windows Update has functioned for the past fourteen years.

    There are no "potential compatibity issues"... either the Cumulative Security update supersedes the zero-day patch, or it doesn't. In the former, only the CumSecUpdate is required; in the latter, both are required, and not only does the installation order generally not matter.. you can't actually control the installation order anyway -- unless you explicity try to... and what would be the point of that?


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Saturday, May 3, 2014 11:53 PM

All replies

  • Here is information that you have requested for firts update

    https://technet.microsoft.com/library/security/ms14-may

    Look for other MS Bulletine information that apply to other KBs.

    M.

    Saturday, May 3, 2014 6:55 AM
  • A machine in a "Pending Reboot" state will not install updates. Period. It must be rebooted.

    If the updates are downloaded *simultaneously*, both updates will be installed and the system will reboot once. This is how Windows Update has functioned for the past fourteen years.

    There are no "potential compatibity issues"... either the Cumulative Security update supersedes the zero-day patch, or it doesn't. In the former, only the CumSecUpdate is required; in the latter, both are required, and not only does the installation order generally not matter.. you can't actually control the installation order anyway -- unless you explicity try to... and what would be the point of that?


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Saturday, May 3, 2014 11:53 PM