INTRODUCTION Microsoft SQL Server 2005 hotfixes are created for specific SQL Server service packs. You must apply a SQL Server 2005 Service Pack 3 hotfix to an installation of SQL Server 2005 Service Pack 3. By default, any hotfix that is provided in Read More……( read more )

I posted this to someone today and thought I’d blog this here as well: Regarding the patches that came out last week, consider two of them to be Service Packs and plan accordingly:  There are two BIG hunking patches in this go round that one really needs to treat like service packs. 1.  Exchange.  This is a denial of service and there’s no mitigation.  Big whoop they will target Vlad first and his big Exchange servers first, I can make a backup and install carefully.  You are replacing store.exe so it’s like it’s a sp1 or sp2.  Treat accordingly.  2007 does not need a reboot but I have seen these Update rollups sometimes need to be reinstalled as the initial install may mess up.  2k3 does need a reboot and a mere stopping of services and restarting on a SBS 2k3 box isn’t enough. 2.  SQL and on a SBS box we have ‘em coming out of our ears.  It’s replacing SQL engine as well.  Also treat like a service pack.  Only nails you if you have an external web site exposed and they can get in through cross site scripting, so I don’t see that we should be patching quickly on this one, we have time.  Treat also like a service pack as if the permissions in that database are horked you are calling a PSS SQL expert as there’s no easy blog answer as someone has to dig out the log file and read it

In the SBS 2003 R2 patch report sometimes you’ll get a computer that indicates it has patching issues: So you go in and see that a workstation is having issues…. And when you click on it, it says…”What errors?” So what’s going on here is that an event does occur with the patch.  But the workstation usually fixes itself up.  BUT that error only gets cleared out of the Update screen after 15 days.  Sooooooo…

As part of the Microsoft Security Bulletin Summary for February 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Office, …

Microsoft this morning announced a $250,000 reward and an industry alliance in an effort to stop the spread of the Conficker worm, which targets a Windows Server service vulnerability that the company patched last October . The worm, also known as Downadup, has continued to spread by infecting unpatched systems

Should Microsoft decouple IE from Patch Tuesday? | Zero Day | ZDNet.com: http://blogs.zdnet.com/security/?p=2558 This comes up now and then.  Should Microsoft release patches at any time and not wait for Patch Tuesday

I just saw that the folks over on the MSRC blog just posted the info for the February security bulleting release.

Microsoft has recently released the February update for the Outlook 2003/2007 Junk E-mail Filter. ” This update provides the Junk E-mail Filter in Microsoft Office Outlook with a more current definition of which e-mail messages should be considered junk e-mail

On February 5th, 2009 Caphyon Ltd. announced the latest edition of its Windows Installer authoring tool. The new Advanced Installer enables developers and system administrators to easily build and repackage complex applications into reliable, ready to deploy MSI and EXE installers, patches and on-line updates

The security bulletin describes any known issues related to the updates.

The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects.

Microsoft Security Bulletin MS09-005 - Important: Vulnerabilities in Microsoft Office … - This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a …