Security Watch

Keeping Track of patches and hacks in the IT security world.

IE7 Coming Through on WSUS, Blocker Toolkit or Not

IE7 Coming Through On WSUS, Blocker Toolkit Or Not

Larry Seltzer here, pointing you to this recent Knowledge Base article with Microsoft's announcement that Internet Explorer 7 will be distributed through WSUS (Windows Software Update Services) on Feb. 12, 2008, which is the next Patch Tuesday. It will appear as an "Update Rollup."

The default configuration for WSUS is not to apply update rollups automatically. Note this, in contrast to some hysterical reporting using words such as "force" and "impending autoupgrade." So, unless you've changed that setting, you won't get IE7 on your IE6 systems without approval. If you have made such a change on your WSUS, you'll need to follow a procedure detailed in the KB article in order to skip this one.

You might be thinking about 18 months ago, just prior to the release of IE7, when Microsoft released a facility called the Blocker Toolkit for admins to block auto-upgrade of IE7. The disposition of this update won't be affected by the Blocker Toolkit. What matters is how your server treats update rollups.

So why is Microsoft releasing IE7 as an update rollup when it's already available as a normal high-priority update? Because they have decided, for security reasons, to make it available to users who would normally be blocked from it for not passing a WGA test; in other words, users that Microsoft suspects of piracy. Such users have always had access to critical security updates, so that's how Microsoft will treat IE7 from now on.

Of course, all of this applies only to IE6 users running Windows XP SP2. If you're still running such a configuration, you might also want to ask yourself why you're still avoiding IE7, a browser that is clearly safer than and superior to IE6. Is some app still not working with IE7? Why not?