RE: Critical Updates and hot-fixes
- From: Mihnea Mironescu <MihneaM@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 24 May 2002 10:50:47 +0200
this is not true! you can go to http://corporate.windowsupdate.microsoft.com
and download all the fixes you need, then apply them at a latter time to
your machines.
----------------------------------------------------------------
Mihnea Mironescu
IT Manager
Papastratos Romania SRL
MihneaM@xxxxxxxxxxxxxx
Tel.: +40-1-221-9175
Fax: +40-1-430-4091
----------------------------------------------------------------
-----Original Message-----
From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx]
Sent: Thursday, May 23, 2002 5:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Critical Updates and hot-fixes
http://www.ISAserver.org
But the problem is when downloading from windowsupdate.microsoft.com,
you can not just down load and then install later. It is done at the
same time.
What you can do, but is much more work, is run windows update, make a
list of all Q articles and patches listed, then go to Microsoft
Downloads and download them one by one.
The new corporate edition of Microsoft update, awaiting release of SP3,
will solve that as you will be able to download the patches, then
approve them and then install.
BTW, I have been talking to a member of the Microsoft Southern
California Consulting team about the issue with unsigned updates.
Basically, the patch/package itself is signed by Microsoft, but elements
within that package are not necessarily signed.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Alfonso Lopez de Ayala [mailto:alopezdeayala@xxxxxxxxxxxx]
Sent: Thursday, May 23, 2002 8:04 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Critical Updates and hot-fixes
http://www.ISAserver.org
I know this doesn't solve your problem... but just to relate my
experience: I recently had finished configuring a box with W2k AD DC,
Exchange and ISA in it (including the stringent HISECDC.inf high
security settings)... last thing I did was connect the server to the
Internet (with a static public routable IP address) and run Windows
Update... well, it did its thing, downloading and installing patches and
hotfixes and among other things it asked a couple of times for that
familiar "Digital signature not found, do you want to install?", to
which I just clicked ok... after Windows Update finished I reboot the
computer (and disconnect it from the Internet)... it starts up fine...
then I start noticing odd errors... I explore around and see that the
GUEST account had been enabled and made a member of the ADMINISTRATORS
group!!! ...explore around some more and notice lots of group policy and
registry settings relating to rights and permissions totally changed...
my computer had been hacked and taken control of!!! ...only way this
could have happened is thru some program that came from the net and I
let run in my server... I decided to wipe out the whole server and
reinstall everything from scratch after a disk scrub and reformat...
lesson learned: NEVER DO ANYTHING ON THE WEB WHEN LOGGED IN AS
ADMINISTRATOR... DOWNLOAD (in another machine) ANY UPDATES AND FIXES AND
SERVICE PACKS FROM MICROSOFT AND THEN, OFFLINE, RUN THOSE SPECIFIC FILES
TO INSTALL THEN IN THE SERVER...
-----Original Message-----
From: Chhatwal, Raminder S. [mailto:Raminder.Chhatwal@xxxxxxxxxxx]
Sent: Thursday, May 23, 2002 7:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Critical Updates and hot-fixes
http://www.ISAserver.org
I just used Windows Update to put on the latest Critical Updates and
hot-fixes on the server. Soon after that event log is filled with errors
about the ISA Server Control Service failing to start. I tried to start
the service manually and it says invalid handle.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alopezdeayala@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mihneam@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
----------------------------------------------------------------------------
This email and any attached files are confidential and may be legally
privileged. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you have received this transmission in error please notify the sender
immediately and then delete this email from your system.
Email transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses and therefore Papastratos Romania
SRL does not accept legal responsibility for any errors or omissions in
the contents of this message which arise as a result of email transmission.
If verification is required please request a hard copy version.
----------------------------------------------------------------------------
Other related posts:
