MS11-049 For SQL Server 2008

fermt · August 1, 2016, 5:34pm

Has anyone success installing the following patch with BigFix?

MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure - SQL Server 2008 R2 - QFE Branch

I know BigFix doesn’t provide an automation for it, but maybe someone has created the fixlet and worked successful, I would like to hear about your results.

My first attempt has been the following:

IF{x64 of operating system}
    
    prefetch SQLServer2008R2-KB2494086-x86.exe sha1:85c6be53312909c858dbd491877af3b3824f93fa size:207808352 http://download.microsoft.com/download/3/E/7/3E7DF332-6D24-47B7-A4A1-B516541C85F6/SQLServer2008R2-KB2494086-x86.exe
    waithidden __Download\SQLServer2008R2-KB2494086-x86.exe /quiet /allinstances
    
ELSE

    prefetch SQLServer2008R2-KB2494086-x64.exe sha1:16e204f4312c6c1b4132e77e7ad3f26d872a6844 size:309354336 http://download.microsoft.com/download/3/E/7/3E7DF332-6D24-47B7-A4A1-B516541C85F6/SQLServer2008R2-KB2494086-x64.exe
    waithidden __Download\SQLServer2008R2-KB2494086-x64.exe /quiet /allinstances

ENDIF
action may require restart

I have to test.

travis.mallet · August 1, 2016, 6:18pm

What I did to fix this. Is download directly form the link that is already there. Then pushed it to my machines. The problem seemed to be with the download from Microsoft. I know this is the industry standard best practices but It go the job done.

fermt · August 1, 2016, 6:55pm

Haven’t you had any issue with your databases Instances after deploying the patch?

fermt · August 1, 2016, 7:07pm

@AlanM any thought on this?

AlanM · August 1, 2016, 8:12pm

The mentioned KB download states on its page:

In addition to the security update described in bulletin MS11-049, this 
security update also contains all the updates that are included in 
cumulative update packages 1 through 7.

So it sounds like this is just a bundle of previous patches? I’m not sure if we provide the bundles or just the individuals.

It also looks like from the actionscript you have it backwards as on the 64 bit path you are downloading the x86 patch.

fermt · August 1, 2016, 8:26pm

You were right, I also realized about the download links.

I’m more interested in know if someone had problems with the installation of this kind of update using BigFix.
For some reason, BigFix developers don’t provide the automation, even though the download page says it’s possible a silent installation.

Installing without user interventionFor GDR update of SQL Server 2008 R2:
SQLServer2008R2-KB2494088-x86-enu.exe /quiet /allinstances