Executive Summary

Summary
Title System Center Configuration Manager 2007 Blocked from Deploying Security Updates
Informations
Name KB954474 First vendor Publication 2008-06-13
Vendor Microsoft Last vendor Modification 2008-06-17
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into public reports of a non-security issue that affects environments with all supported versions of System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474. Microsoft encourages customers affected by this issue to review and install this update.

General Information

Overview

Purpose of Advisory: The purpose of this advisory is to inform customers of a non-security related issue that they may experience when attempting to install all updates using System Center Configuration Manager 2007 after the Microsoft security update release of June 10, 2008. This issue is limited to all supported versions of System Center Configuration Manager 2007 environments deploying updates to supported SMS 2003 clients.

This issue is not a security vulnerability in System Center Configuration Manager 2007. However, affected System Center Configuration Manager 2007 environments will be unable to deploy any updates to SMS 2003 clients.

Advisory Status: Microsoft Knowledge Base Article and associated update have been released to address this issue.

Recommendation: Review the referenced Knowledge Base Article and apply the appropriate update.

ReferencesIdentification
Microsoft Knowledge Base Article954474

This advisory discusses the following software.

Related Software
System Center Configuration Manager 2007
System Center Configuration Manager 2007 Service Pack 1

Frequently Asked Questions

What is the scope of the advisory?
This advisory and the related Microsoft Knowledge Base Article provide additional information on this issue as first described in the SMS and MOM Blog.

How can I verify if my deployments are impacted by the issue described in this advisory?
System Center Configuration Manager 2007 administrators can identify this issue by reviewing the Wsyncmgr.log on the ConfigMgr 2007 site server for the following entries:

  • Performing legacy sync

    STATMSG: ID=6709 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" ...

    Started with command line: C:\Program Files\Microsoft Configuration Manager\bin\i386\updatewuscatalog.exe ...

    Processing security catalog C:\Program Files\Microsoft Updates Inventory Tool\PkgSource\wsusscn2.cab ...

    Initializing catalog C:\Program Files\Microsoft Updates Inventory Tool\PkgSource\wsusscn2.cab for synchronization.

    Pre-processing updates...

    Error 0x80004005, Unexpected DeploymentAction for update 1293995. Returned from CreateUpdateNode

    Updates summary: 0 processed, 0 matched, 0 outdated, 0 updated

Is this a security vulnerability that requires Microsoft to issue a security update?
No. The inability to install updates from System Center Configuration Manager 2007 to SMS 2003 clients is not a security vulnerability. However, we have confirmed the issue and have released Microsoft Knowledge Base Article 954474 to correct the issue.

What versions of SMS are associated with this advisory?
This issue is limited to all supported versions of System Center Configuration Manager 2007 environments deploying updates to supported versions of SMS 2003 clients.

This is a security advisory about a non-security update. Isnt that a contradiction?
Security advisories address security changes that may not require a security bulletin but may still affect customers overall security. Security advisories are a way for Microsoft to communicate security-related information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin, or about issues for which no security bulletin has been released. In this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security.

Suggested Actions

Review the Microsoft Knowledge Base Article that is associated with this advisory

We encourage customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 954474.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/954474.mspx

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:07
  • Multiple Updates