I posted this to someone today and thought I’d blog this here as well: Regarding the patches that came out last week, consider two of them to be Service Packs and plan accordingly:  There are two BIG hunking patches in this go round that one really needs to treat like service packs. 1.  Exchange.  This is a denial of service and there’s no mitigation.  Big whoop they will target Vlad first and his big Exchange servers first, I can make a backup and install carefully.  You are replacing store.exe so it’s like it’s a sp1 or sp2.  Treat accordingly.  2007 does not need a reboot but I have seen these Update rollups sometimes need to be reinstalled as the initial install may mess up.  2k3 does need a reboot and a mere stopping of services and restarting on a SBS 2k3 box isn’t enough. 2.  SQL and on a SBS box we have ‘em coming out of our ears.  It’s replacing SQL engine as well.  Also treat like a service pack.  Only nails you if you have an external web site exposed and they can get in through cross site scripting, so I don’t see that we should be patching quickly on this one, we have time.  Treat also like a service pack as if the permissions in that database are horked you are calling a PSS SQL expert as there’s no easy blog answer as someone has to dig out the log file and read it

In the SBS 2003 R2 patch report sometimes you’ll get a computer that indicates it has patching issues: So you go in and see that a workstation is having issues…. And when you click on it, it says…”What errors?” So what’s going on here is that an event does occur with the patch.  But the workstation usually fixes itself up.  BUT that error only gets cleared out of the Update screen after 15 days.  Sooooooo…

http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx Brianna the SQL server reports that she did fine with the SQL server patch this month but see’s seeing that these patches take a while.  Exchange is a big patch as well. You might see the issue where if you didn’t properly update from msde to SQL 2000 and then up to sp4, http://support.microsoft.com/kb/967096/ You may need to run that SP4 install again before attempting the patch.  Issues with a security patch are a free call, and some of those SQL patches may need some professional help to get the permissions just so.  Call Customer Support Services if you need to.

The likelihood of a vulnerability being exploited is actually somewhat taken into account in the security bulletin criticality ratings as Microsoft allows various security mechanisms implemented in e.g.

Microsoft Security Bulletin MS09-004 – Important.

The security bulletin describes any known issues related to the updates.

Feb 10th, 2009 by Microsoft Download Center Feed. This update addresses the Microsoft Exchange Server vulnerability addressed in the Microsoft Security Bulletin MS09-003. Microsoft Download Link… …

Time to head on over to your favorite Microsoft Update page, and fix your Windows! So what does dear ol’ Microsoft have in store for us today? Well, the company is planning to release four security updates, of which two are rated critical

I can’t believe it’s 2009 and we still have issues with DST and calendar items! Several of us just discovered (here on Feb-10-2009) that an event we are entering for August 2009 in Outlook 2007 is showing up an hour earlier on our WM6.1 phones.

Saturday, January 31, 2009 19:35 - 0 Comments · Security Minded - from Kai the Security Guy : Hello Baby! Saturday, January 31, 2009 19:00 - 0 Comments · Microsoft Update Slips In a Firefox Extension | American News … …

Microsoft update adds an un-uninstallable extension to Firefox.

I’m writing this to set the record straight on some statements made earlier this month by Jeff Jones, a security strategy director at Microsoft. In analysis published on his Technet Security Blog and at cio.com, Jeff picked apart research I conducted in 2007, which found that Microsoft’s Internet Explorer browser was unsafe for 284 days in 2006