Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

WSUS Patch Listing

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 05-13-2009
WSUS Admin 411
 

Posts: n/a
WSUS Patch Listing
Does anyone know if Microsoft has a website that lists all patches released
through WSUS for a given month? I used to believe that this site was such a
list - http://support.microsoft.com/?kbid=894199. But now, I'm finding
patches (Silverlight patches for example) delivered by our WSUS server that
is not listed on that websight.

Thanks in advance

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-13-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: WSUS Patch Listing
Right pew, wrong church. Forwarded to WSUS newsgroup
(microsoft.public.windows.server.update_services) via crosspost as a
convenience to OP.

On the web:
http://www.microsoft.com/communities... date_services

In your newsreader:
news://msnews.microsoft.com/microsof...pdate_services

KB894199 is the most appropriate page AFAIK.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

WSUS Admin 411 wrote:
> Does anyone know if Microsoft has a website that lists all patches
> released
> through WSUS for a given month? I used to believe that this site was such
> a
> list - http://support.microsoft.com/?kbid=894199. But now, I'm finding
> patches (Silverlight patches for example) delivered by our WSUS server
> that
> is not listed on that websight.
>
> Thanks in advance


Reply With Quote
  #3 (permalink)  
Old 05-13-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: WSUS Patch Listing
"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:%23JatlVA1JHA.3988@TK2MSFTNGP05.phx.gbl...

> WSUS Admin 411 wrote:


> Does anyone know if Microsoft has a website that lists all patches
> released
> through WSUS for a given month? I used to believe that this site was such
> a
> list - http://support.microsoft.com/?kbid=894199. But now, I'm finding
> patches (Silverlight patches for example) delivered by our WSUS server
> that is not listed on that websight.


> KB894199 is the most appropriate page AFAIK.


Robear's answer is the correct answer. KB894199 is the authoritative source
for updates released via WSUS ==for 2009==!!

The key to understanding why certain content is not present is in reading
the details of that KB article, specifically the statement:

This article lists changes that were made on or after January 13, 2009. It
does not list changes that were made before that date. For more information
about changes that occurred before January 13, 2009, see the "References"
section.

And in the "References" section... specifically the =2008= KB article
(KB961825) is where you'll likely find the Silverlight product information.

(http://support.microsoft.com/kb/961825/ ) Description of Software Update
Services and Windows Server Update Services changes in content for 2008

(http://support.microsoft.com/kb/947503/ ) Description of Software Update
Services and Windows Server Update Services changes in content for 2007

(http://support.microsoft.com/kb/930858/ ) Description of Software Update
Services and Windows Server Update Services changes in content for 2006

(http://support.microsoft.com/kb/918043/ ) Description of Software Update
Services and Windows Server Update Services changes in content for 2005




--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
  #4 (permalink)  
Old 05-14-2009
WSUS Admin 411
 

Posts: n/a
Re: WSUS Patch Listing
Lawrence and PA Bear,

I appreciate your confirmation that KB894199 is the authoritative source for
updates released via WSUS.

However, if one were to follow this Silverlight update related KB article
(http://support.microsoft.com/kb/960353), one would find that it was released
in February 2009 (this is Microsoft's release date, not mine). You'll have to
trust me when I tell you that it is currently sitting in our WSUS server
waiting to be approved. Yet, I cannot find this update listed in KB894199.

In the 'audit-fearin' world I now find myself in, this is a very big
omission. So, I'm hoping someone (maybe from MS?) can give me a website (or
KB or Technet page, etc...) that will list every patch released through WSUS
for a given month.

Thanks

"Lawrence Garvin [MVP]" wrote:

> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:%23JatlVA1JHA.3988@TK2MSFTNGP05.phx.gbl...
>
> > WSUS Admin 411 wrote:

>
> > Does anyone know if Microsoft has a website that lists all patches
> > released
> > through WSUS for a given month? I used to believe that this site was such
> > a
> > list - http://support.microsoft.com/?kbid=894199. But now, I'm finding
> > patches (Silverlight patches for example) delivered by our WSUS server
> > that is not listed on that websight.

>
> > KB894199 is the most appropriate page AFAIK.

>
> Robear's answer is the correct answer. KB894199 is the authoritative source
> for updates released via WSUS ==for 2009==!!
>
> The key to understanding why certain content is not present is in reading
> the details of that KB article, specifically the statement:
>
> This article lists changes that were made on or after January 13, 2009. It
> does not list changes that were made before that date. For more information
> about changes that occurred before January 13, 2009, see the "References"
> section.
>
> And in the "References" section... specifically the =2008= KB article
> (KB961825) is where you'll likely find the Silverlight product information.
>
> (http://support.microsoft.com/kb/961825/ ) Description of Software Update
> Services and Windows Server Update Services changes in content for 2008
>
> (http://support.microsoft.com/kb/947503/ ) Description of Software Update
> Services and Windows Server Update Services changes in content for 2007
>
> (http://support.microsoft.com/kb/930858/ ) Description of Software Update
> Services and Windows Server Update Services changes in content for 2006
>
> (http://support.microsoft.com/kb/918043/ ) Description of Software Update
> Services and Windows Server Update Services changes in content for 2005
>
>
>
>
> --
> Lawrence Garvin, M.S., MCITP:EA, MCDBA
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>
>

Reply With Quote
  #5 (permalink)  
Old 05-14-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: WSUS Patch Listing
"WSUS Admin 411" <WSUSAdmin411@discussions.microsoft.com> wrote in message
news:14C07207-9202-42E8-8FCA-B5CB59A5D694@microsoft.com...
> Lawrence and PA Bear,
>
> I appreciate your confirmation that KB894199 is the authoritative source
> for
> updates released via WSUS.
>
> However, if one were to follow this Silverlight update related KB article
> (http://support.microsoft.com/kb/960353), one would find that it was
> released
> in February 2009 (this is Microsoft's release date, not mine).


Well, first of all, that's the date of the *DOCUMENT*, not the date of the
product/update.

Second, that KB article applies to an +UPDATE+ for Microsoft Silverlight
(which happens to be Silverlight v2.0), not the original product.


> You'll have to
> trust me when I tell you that it is currently sitting in our WSUS server
> waiting to be approved. Yet, I cannot find this update listed in KB894199.


I believe you see what you see; and I believe you cannot find anything under
KB894199..

The *CURRENT* Silverlight package is published under KB960353, but that's
the only update published in 2009.

The remainder of the Silverlight packages were all published in 2008.

>
> In the 'audit-fearin' world I now find myself in, this is a very big
> omission. So, I'm hoping someone (maybe from MS?) can give me a website
> (or
> KB or Technet page, etc...) that will list every patch released through
> WSUS
> for a given month.


The never ending problem of auditors is trying to bend reality to policies
and compliance, rather than adapting policies and compliance to accept
reality

--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
  #6 (permalink)  
Old 05-14-2009
WSUS Admin 411
 

Posts: n/a
Re: WSUS Patch Listing
Lawrence,

I'll try one more time. Both the date of the Silverlight update (KB960353)
and the 'release date' property of the of the Silverlight patch sitting in my
WSUS server are in February 2009. I understand that the product was released
in 2008, but this particular update to that product was released in February
2009.

Also, if anyone were to search for the text string 'silver' within KB894199,
their search would return a phrase similar to "Text not found". It's not
just me. It's anyone.

Lastly, Microsoft release this update in February 2009. As you had stated
"...article lists changes that were made on or after January 13, 2009...".
This update is a change that was made on or after January 13, 2009. KB894199
maybe the authoritative source for updates released via WSUS, but I need a
source that lists all Microsoft updates released via WSUS for a given month.
This includes updates to 2008 products.

Thanks


"Lawrence Garvin [MVP]" wrote:

> "WSUS Admin 411" <WSUSAdmin411@discussions.microsoft.com> wrote in message
> news:14C07207-9202-42E8-8FCA-B5CB59A5D694@microsoft.com...
> > Lawrence and PA Bear,
> >
> > I appreciate your confirmation that KB894199 is the authoritative source
> > for
> > updates released via WSUS.
> >
> > However, if one were to follow this Silverlight update related KB article
> > (http://support.microsoft.com/kb/960353), one would find that it was
> > released
> > in February 2009 (this is Microsoft's release date, not mine).

>
> Well, first of all, that's the date of the *DOCUMENT*, not the date of the
> product/update.
>
> Second, that KB article applies to an +UPDATE+ for Microsoft Silverlight
> (which happens to be Silverlight v2.0), not the original product.
>
>
> > You'll have to
> > trust me when I tell you that it is currently sitting in our WSUS server
> > waiting to be approved. Yet, I cannot find this update listed in KB894199.

>
> I believe you see what you see; and I believe you cannot find anything under
> KB894199..
>
> The *CURRENT* Silverlight package is published under KB960353, but that's
> the only update published in 2009.
>
> The remainder of the Silverlight packages were all published in 2008.
>
> >
> > In the 'audit-fearin' world I now find myself in, this is a very big
> > omission. So, I'm hoping someone (maybe from MS?) can give me a website
> > (or
> > KB or Technet page, etc...) that will list every patch released through
> > WSUS
> > for a given month.

>
> The never ending problem of auditors is trying to bend reality to policies
> and compliance, rather than adapting policies and compliance to accept
> reality
>
> --
> Lawrence Garvin, M.S., MCITP:EA, MCDBA
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>
>

Reply With Quote
  #7 (permalink)  
Old 05-14-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: WSUS Patch Listing
"Lawrence Garvin [MVP]" <lawrence@news.postalias> wrote in message
news:ePzo6uM1JHA.1380@TK2MSFTNGP05.phx.gbl...
> "WSUS Admin 411" <WSUSAdmin411@discussions.microsoft.com> wrote in message
> news:14C07207-9202-42E8-8FCA-B5CB59A5D694@microsoft.com...
>> Lawrence and PA Bear,
>>
>> I appreciate your confirmation that KB894199 is the authoritative source
>> for updates released via WSUS.
>>
>> However, if one were to follow this Silverlight update related KB article
>> (http://support.microsoft.com/kb/960353), one would find that it was
>> released in February 2009 (this is Microsoft's release date, not mine).


And, I'll concede this point, KB960353 is not listed in KB894199.


>The *CURRENT* Silverlight package is published under KB960353, but that's
>the only update published in 2009.


This is what happens when one (-=me=-) writes a reply under a time pressure,
rather than waiting to research/write until I have more than 2 minutes to
finish the work.


> In the 'audit-fearin' world I now find myself in, this is a very big
> omission.


Okay.. so... your concern is that KB960353 is not listed in KB894199 (or,
more generally, that KB894199 appears to be not as comprehensive as you
expected). I can appreciate that concern; however...



> So, I'm hoping someone (maybe from MS?) can give me a website (or KB or
> Technet page, etc...) that will list every patch released through WSUS for
> a given month.


That's the challenge here.. KB894199 is intended to be an informational
article. It's actually authored/maintained by the WSUS documentation team,
but that documentation group isn't the gatekeeper of the content that gets
published, so there is a potential for errors. To that point, while I stated
the KB article was "authoritative" for updates released via WSUS -- I
probably misused the word "authoritative", if that word is interpreted to
mean the 'official/always correct - must be in this list to get published"
list.

I used the word to mean that it was the only Microsoft published list, and
to the extent that any such list exists - this is the most trustworthy one
that exists.

To be perfectly honest with you -- the BEST source for updates published via
WSUS are the updates that actually arrive on your machine. In fact, not all
published updates are actually published to WSUS. For example, there are
some Windows Home Server updates -- not in WSUS. Internet Explorer v8 -- not
in WSUS (yet, but will be in July). You wanta send a SOX auditor in a
tizzy-spin.. point out to them that not even your WSUS Server is guaranteed
to contain all of the updates you need to apply to your systems.

To the question of auditors --- and, again, accept that I'm not particularly
fond of auditors -- particularly SOX auditors -- most of whom don't have a
clue about the realities of Technology Management -- it's virtually
*impossible* to keep up with, or maintain, anything resembling a
comprehensive list of every update released by Microsoft. Any auditor who
thinks that can be done, simply stated, proves my point that most "don't
have a clue". I'd go one step farther -- if an auditor tells you something
has to be done -- and you know it's not practical -- ask them to provide an
example of how another client of theirs complies with that requirement --
and then ask for a second example (and I bet you get two different examples,
neither of which achieve the stated objective to 100% certainty).

Although, If you wanted to do that, you could make a list by KB article and
start accounting for each and every KB article (oh .. yeah... make note that
about half the KB article numbers in a sequence never actually appear on a
publication list). There is, btw, a BLOG that lists each and every KB
article released for publication -- although, again, it's not guaranteed to
be perfect and its not impossible that a KB article could get published and
not actually make it on the list.

At the end of the day -- SOX Auditors are merely supposed to be ensuring
that an organization complies with THEIR OWN organizational policies -- not
to be imposing new policies on organizations -- which seems to be the
self-appointed role of many SOX auditors (generally, again, those that don't
have a clue). That is to say -- it's up to you (and your bosses) to
determine the WHAT and HOW of Patch Management that's appropriate for the
needs of your organization. All that the auditor should be interested in is
that you can document that you're actually in compliance with *your* stated
policies and procedures. So, rather than stating that "All Updates Published
By Microsoft" will be evaluated/approved, etc; try a variation that says
"All Updates Available on our WSUS Server" will be evaluated/approved, etc.

Furthermore, any given organization is probably concerned about less than a
quarter of the products in Microsoft's catalog, so of those several thousand
per year non-security related updates that are published... you'd have to
expend a lot of effort filtering out the thousand or so you might actually
need to be concerned with -- just to make sure they're on the WSUS Server?
(It would be more reliable to install a second "control" WSUS Server,
synchronizing all products and classifications, with no assigned clients --
just so you have a second database to reconcile the production server
against.)

In the end, the best you can do from the standpoint of inventorying
published updates is keep up with a comprehensive list of SECURITY updates,
which can be tracked by MSRC number, which generally count in the under 100
per year range, as opposed to KB articles, which number in the several
thousand per year range, when all products are considered.

And for the non-security updates, the best you can do is monitor KB894199
(and it's successors), and make sure *those* updates are accounted for, and
properly configured -- and accept that it's not going to be a perfect or
comprehensive document -- I doubt that any such suggestion or guarantee has
ever been made. And, perhaps, maintain a supplemental log that documents
"Updates on my WSUS Server not listed on KB894199" and the actions taken
with respect to those updates.

--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Patch KB909095 Avalability on WSUS 2 SP1 RayRay microsoft.public.windowsupdate 4 02-05-2009 17:37
Microsoft confirms WSUS patch problem Steve Security News 0 07-11-2008 18:10
Microsoft scrutinizes WSUS patch snafu Steve Security News 0 07-02-2008 18:00
Microsoft scrutinizes WSUS patch snafu Steve Security News 0 07-01-2008 21:10
Patch-blocking bug also stymies Microsoft's WSUS Steve Security News 0 06-24-2008 09:50




All times are GMT +1. The time now is 04:42.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120