1. Do we urgently recommend the systematic deployment of security bulletin updates?
Yes, we do. As with any OS security update, we recommend immediate deployment upon publishing.
2. What is the connection between Security Bulletin Updates for Office Server products and normal Server Cumulative Update packages?
Security Bulletin updates are released upon threat identification (no precise date or release plan) and are always included into the up-coming CUs.
One can track them by using the following site:
a. Are you supposed to install both?
Yes, but for convenience purposes, we recommend you always install the latest CUs as these already contain the latest security bulletin updates. This also keeps any exposure period at a minimum.
b. Do the Security Bulletin updates alter the database schemas/versions?
The only information our Product Groups provide as to what files are updated by these security bulletin updates is located in the individual KB articles of these updates: Ex. http://support.microsoft.com/kb/957175
c. Is it necessary to run the Post Setup Configuration Wizard after security bulletin updates have been deployed?
In most cases, yes.
From the heading “Stand-alone installations” of the same TechNet article http://technet.microsoft.com/en-us/library/cc263467(office.12).aspx
If the update is a public update and you have a stand-alone installation with automatic updates configured, the update silently runs Psconfigui.exe, and does not display the user interface until the update is installed. A localized update has the same behavior on a stand-alone installation as a public update.
For any deployment other than a deployment on a stand-alone server configured by using the Basic installation, you must visit the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=24367&clcid=0x409) to download and then install the software update that you want.
In a server farm environment software updates are not installed automatically, even if the Automatic Updates feature is enabled on your Web servers. You cannot use the Windows Update (http://go.microsoft.com/fwlink/?LinkID=133349&clcid=0x409) Web site or the Microsoft Update (http://go.microsoft.com/fwlink/?LinkID=133318&clcid=0x409)Web site to initiate the software update installation.
The software update program checks the Windows Registry and blocks automatic installation on any Web server that does not contain the value "Serverrole"="SINGLESERVER" in the HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web server extensions\12.0\WSS\key.
d. How can one detect the automatic roll-out of such security bulletin updates? (if, for example, performed by the platforms team in your organization)
As this is difficult to detect, our recomendation to your internal platforms team is to cease automatic roll-out of these Security Bulletin updates to your Production Farm from now on. All updates should be evaluated in a Testing environment by the SharePoint and Project Server administrators first. The Post-Setup Configuration Wizard (psconfigui.exe) will also need to be executed manually if you are not using Windows Update or SMS.
Raksta ID: 2522602. Pēdējo reizi pārskatīts: 2011. gada 12. jūl.. Pārskatījums: 1