INTRODUCTION
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
http://technet.microsoft.com/en-us/security/advisory/2820197
More Information
Download packages
The following files are available for download from the Microsoft Download Center:
For all supported x86-based versions of Windows 8
For all supported x64-based versions of Windows 8
For all supported x64-based versions of Windows Server 2012
Windows 7, 32-bit versions
Windows 7, 64-bit versions
Windows Server 2008 R2, x64-based versions
Windows Server 2008 R2, Itanium-based systems
Windows Vista, 32-bit versions
Windows Vista, x64 versions
Windows Server 2008, 32-bit versions
Windows Server 2008, x64-based versions
Windows Server 2008, Itanium-based systems
Windows XP, x86-based versions
Windows XP Professional x64 Edition
Windows Server 2003, x64-based versions
Windows Server 2003, x86-based versions
Windows Server 2003 for Itanium-based systems
119591 How to obtain Microsoft support files from online servicesMicrosoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Deployment information
Windows XP
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing without requiring user intervention |
Windows XP:Windowsxp-KB2820197-x86-enu/quiet |
||
|
Windows XP Professional x64 Edition:WindowsServer2003.WindowsXP-KB2820197-x64-enu/quiet |
|||
|
Installing without restarting |
Windows XP:Windowsxp-KB2820197-x86-enu/norestart |
||
|
Windows XP Professional x64 Edition:WindowsServer2003.WindowsXP-KB2820197-x64-enu/norestart |
|||
|
Update log file |
All supported versions of Windows XP and Windows XP Professional:KB2820197.log |
||
|
More information |
See the "Detection and Deployment Tools and Guidance" section. |
||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
Not applicable. |
||
|
Removal information |
All supported versions of Windows XP and Windows XP Professional:Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB2820197$\Spuninst folder. |
||
|
Registry subkey verification |
Windows XP:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2820197\Filelist |
||
|
Windows XP Professional x64 Edition:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2820197\Filelist |
Note The security update for supported versions of Windows XP Professional x64 Edition is the same as the security update for supported versions of Windows Server 2003 x64 Edition.
Deployment information
To install the update
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches.
|
Switch |
Description |
|||
|---|---|---|---|---|
|
/help |
Displays the command-line options. |
|||
|
Setup modes |
||||
|
/passive |
Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds. |
|||
|
/quiet |
Quiet mode. This is the same as unattended mode, but no status or error messages are displayed. |
|||
|
Restart options |
||||
|
/norestart |
Does not restart the computer when the installation has completed. |
|||
|
/forcerestart |
Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close. |
|||
|
/warnrestart[:x] |
Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch. |
|||
|
/promptrestart |
Displays a dialog box that prompts the local user to allow for a restart. |
|||
|
Special options |
||||
|
/overwriteoem |
Overwrites OEM files without prompting. |
|||
|
/nobackup |
Does not back up files that are needed for uninstallation. |
|||
|
/forceappsclose |
Forces other programs to close when the computer shuts down. |
|||
|
/log:path |
Allows for the redirection of installation log files. |
|||
|
/integrate:path |
Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch. |
|||
|
/extract[:path] |
Extracts files, and the Setup program is not started. |
|||
|
/ER |
Enables extended error reporting. |
|||
|
/verbose |
Enables verbose logging. During installation, creates a %Windir%\CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower. |
Note You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:
262841Command-line switches for Windows software update packages
To remove the update
Note We do not recommend that you ever uninstall a security update. This security update supports the following setup switches.
|
Switch |
Description |
|||
|---|---|---|---|---|
|
/help |
Displays the command-line options. |
|||
|
Setup modes |
||||
|
/passive |
Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds. |
|||
|
/quiet |
Quiet mode. This is the same as unattended mode, but no status or error messages are displayed. |
|||
|
Restart options |
||||
|
/norestart |
Does not restart the computer when the installation has completed. |
|||
|
/forcerestart |
Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close. |
|||
|
/warnrestart[:x] |
Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch. |
|||
|
/promptrestart |
Displays a dialog box that prompts the local user to allow for a restart. |
|||
|
Special options |
||||
|
/forceappsclose |
Forces other programs to close when the computer shuts down. |
|||
|
/log:path |
Allows for the redirection of installation log files. |
To verify that the update was applied
-
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and Deployment Tools and Guidance" section for more information.
-
Registry subkey verificationYou may also be able to verify the files that this security update has installed by reviewing the registry subkeys listed in the reference table in this section. These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.
Windows Server 2003
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing with requiring user intervention |
Windows Server 2003:Windowsserver2003-KB2820197-x86-enu /quiet |
||
|
Windows Server 2003, x64-based versions:WindowsServer2003.WindowsXP-KB2820197-x64-enu /quiet |
|||
|
Windows Server 2003 for Itanium-based systems:Windowsserver2003-KB2820197-ia64-enu /quiet |
|||
|
Installing without restarting |
Windows Server 2003 :Windowsserver2003-KB2820197-x86-enu /norestart |
||
|
Windows Server 2003, x64-based versions:WindowsServer2003.WindowsXP-KB2820197-x64-enu /norestart |
|||
|
Windows Server 2003 for Itanium-based systems:Windowsserver2003-KB2820197-ia64-enu /norestart |
|||
|
Update log file |
All supported Windows Server 2003 x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:KB2820197.log |
||
|
More information |
See the "Detection and Deployment Tools and Guidance" section. |
||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
This security update does not support HotPatching. For more information about HotPatching, see Microsoft Knowledge Base Article 897341. |
||
|
Removal information |
All supported x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB2820197$\Spuninst folder. |
||
|
Registry subkey verification |
All supported versions of Windows Server 2003:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2820197\Filelist |
Deployment information
To install the update
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches.
|
Switch |
Description |
|||
|---|---|---|---|---|
|
/help |
Displays the command-line options. |
|||
|
Setup modes |
||||
|
/passive |
Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds. |
|||
|
/quiet |
Quiet mode. This is the same as unattended mode, but no status or error messages are displayed. |
|||
|
Restart options |
||||
|
/norestart |
Does not restart the computer when the installation has completed. |
|||
|
/forcerestart |
Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close. |
|||
|
/warnrestart[:x] |
Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch. |
|||
|
/promptrestart |
Displays a dialog box that prompts the local user to allow for a restart. |
|||
|
Special options |
||||
|
/overwriteoem |
Overwrites OEM files without prompting. |
|||
|
/nobackup |
Does not back up files that are needed for uninstallation. |
|||
|
/forceappsclose |
Forces other programs to close when the computer shuts down. |
|||
|
/log:path |
Allows for the redirection of installation log files. |
|||
|
/integrate:path |
Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch. |
|||
|
/extract[:path] |
Extracts files, and the Setup program is not started. |
|||
|
/ER |
Enables extended error reporting. |
|||
|
/verbose |
Enables verbose logging. During installation, creates a %Windir%\CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower. |
Note You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:
262841Command-line switches for Windows software update packages
To remove the update
Note We do not recommend that you ever uninstall a security update. This security update supports the following setup switches.
|
Switch |
Description |
|||
|---|---|---|---|---|
|
/help |
Displays the command-line options. |
|||
|
Setup modes |
||||
|
/passive |
Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds. |
|||
|
/quiet |
Quiet mode. This is the same as unattended mode, but no status or error messages are displayed. |
|||
|
Restart options |
||||
|
/norestart |
Does not restart the computer when the installation has completed. |
|||
|
/forcerestart |
Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close. |
|||
|
/warnrestart[:x] |
Presents a dialog box to the user together with a timer warning that the computer will restart in x seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch. |
|||
|
/promptrestart |
Displays a dialog box that prompts the local user to allow for a restart. |
|||
|
Special options |
||||
|
/forceappsclose |
Forces other programs to close when the computer shuts down. |
|||
|
/log:path |
Allows for the redirection of installation log files. |
To verify that the update was applied.
-
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and Deployment Tools and Guidance" section for more information.
-
Registry subkey verificationYou may also be able to verify the files that this security update has installed by reviewing the registry subkeys that are listed in the reference table in this section. These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.
Windows Vista
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing without requiring user intervention |
All supported 32-bit versions of Windows Vista:Windows6.0-KB2820197-x86/quiet |
||
|
All supported 64-bit versions of Windows Vista:Windows6.0-KB2820197-x64/quiet |
|||
|
Installing without restarting |
All supported 32-bit versions of Windows Vista:Windows6.0-KB2820197-x86/quiet/norestart |
||
|
All supported 64-bit versions of Windows Vista:Windows6.0-KB2820197-x64/quiet/norestart |
|||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
Not applicable. |
||
|
Removal Information |
WUSA.exe does not support the removal of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
||
|
Registry subkey verification |
A registry subkey does not exist to validate the presence of this update. |
Deployment information
To install the update
When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches.
|
Supported security update installation switches |
Switch |
|
|---|---|---|
|
Description |
||
|
/?, /h, /help |
Displays help on supported switches. |
|
|
/quiet |
Suppresses the display of status or error messages. |
|
|
/norestart |
When this switch is combined with the /quiet switch, the system is not restarted after installation even if a restart is required to complete the installation. |
For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:
934307Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2
To verify that the update was applied
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and Deployment Tools and Guidance" section for more information.
Windows Server 2008
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing without requiring user intervention |
All supported 32-bit versions of Windows Server 2008:Windows6.0-KB2820197-x86/quiet |
||
|
All supported 64-bit versions of Windows Server 2008:Windows6.0-KB2820197-x64/quiet |
|||
|
All supported Itanium-based versions of Windows Server 2008:Windows6.0-KB2820197-ia64/quiet |
|||
|
Installing without restarting |
All supported 32-bit versions of Windows Server 2008:Windows6.0-KB2820197-x86/quiet/norestart |
||
|
All supported 64-bit versions of Windows Server 2008:Windows6.0-KB2820197-x64/quiet/norestart |
|||
|
All supported Itanium-based versions of Windows Server 2008:Windows6.0-KB2820197-ia64/quiet/norestart |
|||
|
More information |
See the "Detection and Deployment Tools and Guidance" section. |
||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
Not applicable. |
||
|
Removal Information |
WUSA.exe does not support the removal of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
||
|
Registry subkey verification |
A registry subkey does not exist to validate the presence of this update. |
Deployment information
To install the update
When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches:
|
Switch |
Description |
|---|---|
|
/?, /h, /help |
Displays help on supported switches. |
|
/quiet |
Suppresses the display of status or error messages. |
|
/norestart |
When you combine this switch with the /quiet switch, the system is not restarted after installation even if a restart is required to complete installation. |
For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:
934307Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2
To verify that the update was applied
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and Deployment Tools and Guidance" section for more information.
Windows 7
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing without requiring user intervention |
All supported 32-bit versions of Windows 7: |
||
|
Windows6.1-KB2820197-x86/quiet |
|||
|
All supported 64-bit versions of Windows 7: |
|||
|
Windows6.1-KB2820197-x64/quiet |
|||
|
All supported 64-bit versions of Windows 7: |
|||
|
Windows6.1-KB2820197-ia64/quiet |
|||
|
Installing without restarting |
All supported 32-bit versions of Windows 7: |
||
|
Windows6.1-KB2820197-x86/quiet /norestart |
|||
|
All supported 32-bit versions of Windows 7: |
|||
|
Windows6.1-KB2820197-x64/quiet/norestart |
|||
|
All supported 64-bit versions of Windows 7: |
|||
|
Windows6.1-KB2820197-ia64/quiet /norestart |
|||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
Not applicable. |
||
|
Removal information |
WUSA.exe does not support the removal of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
||
|
Registry subkey verification |
A registry subkey does not exist to validate the presence of this update. |
Deployment information
To install the update
When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches.
|
Supported security update installation switches |
|
|---|---|
|
Switch |
Description |
|
/?, /h, /help |
Displays help on supported switches. |
|
/quiet |
Suppresses the display of status or error messages. |
|
/norestart |
When this switch is combined with the /quiet switch, the system is not restarted after installation even if a restart is required to complete the installation. |
For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:
934307Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2
To verify that the update was applied
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and Deployment Tools and Guidance" section for more information.
Windows Server 2008 R2
Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.
|
Inclusion in future service packs |
The update for this issue will be included in a future service pack or update rollup |
||
|---|---|---|---|
|
Deployment |
|||
|
Installing without requiring user intervention |
All supported 32-bit versions of Windows Server 2008 R2: |
||
|
Windows6.1-KB2820197-x86/quiet |
|||
|
All supported 64-bit versions of Windows Server 2008 R2: |
|||
|
Windows6.1-KB2820197-x64/quiet |
|||
|
All supported Itanium-based versions of Windows Server 2008 R2: |
|||
|
Windows6.1-KB2820197-ia64/quiet |
|||
|
Installing without restarting |
All supported 32-bit versions of Windows Server 2008 R2: |
||
|
Windows6.1-KB2820197-x86/quiet/norestart |
|||
|
All supported 64-bit versions of Windows Server 2008 R2: |
|||
|
Windows6.1-KB2820197-x64/quiet/norestart |
|||
|
All supported Itanium-based versions of Windows Server 2008 R2: |
|||
|
Windows6.1-KB2820197-ia64/quiet/norestart |
|||
|
More information |
See the "Detection and deployment tools and guidance" section. |
||
|
Restart requirement |
|||
|
Restart required? |
In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart. |
||
|
HotPatching |
Not applicable. |
||
|
Removal information |
WUSA.exe does not support the removal of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
||
|
Registry subkey verification |
A registry subkey does not exist to validate the presence of this update. |
Deployment information
To install the update
When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix. For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updatesThis security update supports the following setup switches.
|
Switch |
Description |
|---|---|
|
/?, /h, /help |
Displays help on supported switches. |
|
/quiet |
Suppresses the display of status or error messages. |
|
/norestart |
When you combine this switch with the /quiet switch, the system is not restarted after installation even if a restart is required to complete installation. |
For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:
934307Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2
To verify that the update was applied
Microsoft Baseline Security AnalyzerTo verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the "Detection and deployment tools and guidance" section for more information.
Detection and Deployment Tools and Guidance
This section describes how to manage the software and security updates that you have to deploy to the servers, to the desktop computers, and to the mobile computers in your organization. For more information, go to the following Microsoft TechNet Update Management Center webpage:
http://technet.microsoft.com/en-us/updatemanagement/default.aspxFor more information about security in Microsoft products, go to the following Microsoft TechNet Security webpage:
http://technet.microsoft.com/en-us/security/default.aspxSecurity updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update."Finally, security updates can be downloaded from the Microsoft Update Catalog. For more information, go to the following Microsoft webpage:
http://catalog.update.microsoft.com/v7/site/Home.aspxThe Microsoft Update Catalog provides a catalog of content that is searchable and that is available through Windows Update and through Microsoft Update. This content includes security updates, drivers, and service packs. By using a security bulletin number such as "MS08-010" for your search, you can add all the applicable updates to your basket. You can also add different languages for an update to your basket, and you can Download the content to any folder that you want. For more information about the Microsoft Update Catalog, go to the following Microsoft Update Catalog FAQ webpage:
http://catalog.update.microsoft.com/v7/site/faq.aspx
Detection and Deployment Guidance
Microsoft has provided detection and deployment guidance for this month's security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update. These tools include Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), and the Extended Security Update Inventory Tool.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
910723Summary list of monthly detection and deployment guidance articles
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates. The Microsoft Baseline Security Analyzer can also identify common security misconfigurations. For more information, go to the following Microsoft Baseline Security Analyzer webpage:
http://technet.microsoft.com/en-us/security/cc184924.aspxThe following table provides the MBSA detection summary for this security update.
|
Software |
MBSA 2.1 |
|---|---|
|
Windows XP |
Yes |
|
Windows XP Professional x64 Edition |
Yes |
|
Windows Server 2003, x86-based versions |
Yes |
|
Windows Server 2003, x64-based versions |
Yes |
|
Windows Server 2003 Itanium-based systems |
Yes |
|
Windows Vista |
Yes |
|
Windows Vista, 64-bit versions |
Yes |
|
Windows Server 2008 for 32-bit systems |
Yes |
|
Windows Server 2008 for 64-bit systems |
Yes |
|
Windows Server 2008 for Itanium-based systems |
Yes |
|
Windows 7 |
Yes |
|
Windows 7, 64-bit versions |
Yes |
|
Windows Server 2008 R2 for 64-bit systems |
Yes |
|
Windows Server 2008 R2 for Itanium-based systems |
Yes |
For more information about MBSA 2.1, go to the following Microsoft MBSA 2.1 Frequently Asked Questions webpage:
Windows Server Update Services
By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for supported versions of Windows, Office, Exchange Server, and SQL Server. For more information about how to deploy this security update by using Windows Server Update Services, go to the following Microsoft Windows Server Update Services Product Overview webpage:
Systems Management Server
The following table provides the SMS detection and deployment summary for this security update.
|
Software |
SMS 2003 with ITMU |
Configuration Manager 2007 |
|---|---|---|
|
Windows XP Service Pack 3 |
Yes |
Yes |
|
Windows XP Professional x64 Edition Service Pack 2 |
Yes |
Yes |
|
Windows Server 2003 Service Pack 2 |
Yes |
Yes |
|
Windows Server 2003 x64 Edition Service Pack 2 |
Yes |
Yes |
|
Windows Server 2003 with SP2 for Itanium-based Systems |
Yes |
Yes |
|
Windows Vista Service Pack 1 and Windows Vista Service Pack 2 |
Yes |
Yes |
|
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 |
Yes |
Yes |
|
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 |
Yes |
Yes |
|
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 |
Yes |
Yes |
|
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Yes |
Yes |
|
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 |
Yes |
Yes |
|
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 |
Yes |
Yes |
|
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Yes |
Yes |
|
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Yes |
Yes |
For SMS 2.0 and for SMS 2003, the SMS SUS Feature Pack (SUSFP) that includes the Security Update Inventory Tool (SUIT) can be used by SMS to detect security updates. For more information, go to the following Microsoft webpage for Downloads for Systems Management Server 2.0:
http://technet.microsoft.com/en-us/sms/bb676799.aspxFor SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, go to the following Microsoft webpage for SMS 2003 Inventory Tool for Microsoft Updates:
http://technet.microsoft.com/en-us/sms/bb676783.aspxSMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications. For more information, go to the following Microsoft webpages:
-
Systems Management Server 2003 Software Update Scanning Tools
-
Downloads for Systems Management Server 2003
System Center Configuration Manager 2007 uses WSUS 3.0 for detection of updates. For more information about System Center Configuration Manager 2007 Software Update Management, go to the following Microsoft webpage:
http://technet.microsoft.com/en-us/library/bb735860.aspxNote for Windows Vista and Windows Server 2008Microsoft Systems Management Server 2003 with Service Pack 3 includes support for Windows Vista and Windows Server 2008. For more information about SMS, go to the following Microsoft SMS webpage:
http://www.microsoft.com/smserver/default.mspxFor more information about detection and deployment guidance articles, click the following article number to view the article in the Microsoft Knowledge Base:
910723Summary list of monthly detection and deployment guidance articles
