MS09-054: Hotfixes available - when in Bigfix?

(imported topic written by akummer)

Hi,

Microsoft published several Hotfixes following MS09-054 (another one following the October patches). See here: http://support.microsoft.com/kb/976749

This has also been automatically deployed by MS Update Service last week - so there is some need to deploy it!

Will this also be provided by Bigfix? If yes, when? Its already almost one week old.

Best regards

Andreas

(imported comment written by akummer)

Hi,

it would be great if we get a short information from Bigfix wether the hotfixes will be available or not.

If not we have to create it ourself because we urgently need it!

See also here: http://blogs.technet.com/msrc/archive/2009/11/02/update-released-for-ms09-054.aspx

Regards

Andreas

(imported comment written by akummer)

Hi,

a simple question seems not to be able to be answered easily … :o((

I could raise a more general question - how does Bigfix handle such kind of updates, especially when MS addressed them as important to update?

Regards

Andreas

(imported comment written by JackCoates91)

Hi Andreas,

I’m sorry it’s been so long - I’ll look into this today. Is the patch security-related, or repairing functionality damaged by a security patch? If the former, we should pick it up quickly; if the latter, it may not be picked up by our process.

(imported comment written by akummer)

Thanks for the response!

Its the second case - but its the same situation as KB974234 which you provided earlier.

And the Hotfixes now are even more needed as Microsoft stated itself - and deployed it via automatic Windows Update (see the blog entry above).

As a start we now have to take MS09-054 out off the monthly baseline. In this special case WSUS would be a better choise…

Regards

Andreas

(imported comment written by liuhoting91)

We’ve actually been working on providing the hotfixes, and we’re currently doing testing on them. We hope to have them out by tomorrow. If we’re talking about the same hotfixes (976749), they fix errors in specific browsing scenarios caused by apply MS09-054. They’ve been a bit lower priority since they weren’t patching security vulnerabilities, but we’re working on getting this out to everyone.

I think the general rule is that if Microsoft releases a hotfix that fixes things directly related to applying an MS-XX security vulnerability, we provide that for our customers, but on a different timeline than normal security bulletins.

We’re also being especially cautious here since in specific scenarios, if you apply this update incorrectly it seems to completely break IE.

Thanks for poking us!

(imported comment written by akummer)

You’re welcome! :slight_smile:

Many thanks for the update which clarifies the situation.

This gives us much more planning reliability for patch rollouts!

Best regards

Andreas

(imported comment written by liuhoting91)

Oh right, this got published yesterday.

I think in the future we might have a more reliable way of telling you what patches and hotfixes and bugfixes we’re working on. Right now we’ve got the forums, open support tickets, and BES Admin announcements. Maybe in 8.0?