RE: Critical Updates and hot-fixes
- From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 May 2002 08:17:05 -0700
But the problem is when downloading from windowsupdate.microsoft.com,
you can not just down load and then install later. It is done at the
same time.
What you can do, but is much more work, is run windows update, make a
list of all Q articles and patches listed, then go to Microsoft
Downloads and download them one by one.
The new corporate edition of Microsoft update, awaiting release of SP3,
will solve that as you will be able to download the patches, then
approve them and then install.
BTW, I have been talking to a member of the Microsoft Southern
California Consulting team about the issue with unsigned updates.
Basically, the patch/package itself is signed by Microsoft, but elements
within that package are not necessarily signed.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Alfonso Lopez de Ayala [mailto:alopezdeayala@xxxxxxxxxxxx]
Sent: Thursday, May 23, 2002 8:04 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Critical Updates and hot-fixes
http://www.ISAserver.org
I know this doesn't solve your problem... but just to relate my
experience: I recently had finished configuring a box with W2k AD DC,
Exchange and ISA in it (including the stringent HISECDC.inf high
security settings)... last thing I did was connect the server to the
Internet (with a static public routable IP address) and run Windows
Update... well, it did its thing, downloading and installing patches and
hotfixes and among other things it asked a couple of times for that
familiar "Digital signature not found, do you want to install?", to
which I just clicked ok... after Windows Update finished I reboot the
computer (and disconnect it from the Internet)... it starts up fine...
then I start noticing odd errors... I explore around and see that the
GUEST account had been enabled and made a member of the ADMINISTRATORS
group!!! ...explore around some more and notice lots of group policy and
registry settings relating to rights and permissions totally changed...
my computer had been hacked and taken control of!!! ...only way this
could have happened is thru some program that came from the net and I
let run in my server... I decided to wipe out the whole server and
reinstall everything from scratch after a disk scrub and reformat...
lesson learned: NEVER DO ANYTHING ON THE WEB WHEN LOGGED IN AS
ADMINISTRATOR... DOWNLOAD (in another machine) ANY UPDATES AND FIXES AND
SERVICE PACKS FROM MICROSOFT AND THEN, OFFLINE, RUN THOSE SPECIFIC FILES
TO INSTALL THEN IN THE SERVER...
-----Original Message-----
From: Chhatwal, Raminder S. [mailto:Raminder.Chhatwal@xxxxxxxxxxx]
Sent: Thursday, May 23, 2002 7:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Critical Updates and hot-fixes
http://www.ISAserver.org
I just used Windows Update to put on the latest Critical Updates and
hot-fixes on the server. Soon after that event log is filled with errors
about the ISA Server Control Service failing to start. I tried to start
the service manually and it says invalid handle.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alopezdeayala@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
