Bug fouls Microsoft security patching

Microsoft has confirmed that enterprise administrators using one of its patch distribution tools have not been able to install last week's security updates.

The company offered a workaround and said it is working on a fix.

"We're aware of an issue that is affecting the deployment of the June 2008 security updates," acknowledged Christopher Budd, spokesman for the Microsoft Security Response Centre (MSRC), in a post to the group's blog Friday night.

Only corporate administrators using System Centre Configuration Manager (ConfigMgr) 2007, which itself was just updated to Service Pack 1 (SP1), are affected, Budd said, and only those systems running System Management Server (SMS) 2003 client software refuse to update.

"The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients," said Budd.

Last Tuesday, Microsoft published its usual monthly batch of security updates, which for June patched 10 vulnerabilities in Windows and Internet Explorer.

The successor to SMS 2003, System Centre Configuration Manager assesses, deploys and updates server and client system.

Office 2007 SP1, however, was updated last Tuesday, according to Microsoft's Office team, to fix a problem on Windows Server Update Services (WSUS) that caused some language-specific content to fail to download. It's not known if the two Office issues are related, and Microsoft was not available Sunday for comment or clarification.

Administrators can determine if the June 10 updates were deployed by examining the Wsyncmgr.log on the ConfigMgr 2007 site server, added Hornbeck.

Budd said that Microsoft is working on a patch. In the meantime, he recommended that administrators use the Software Distribution feature within ConfigMgr 2007 to roll out the June security updates.