Microsoft Corp. has shipped an update to Software Update Services 1.0 to correct a Patch Day glitch that caused some previously approved security updates to show up as “unapproved.”
The SUS 1.0 Service Pack 1 update comes in the form of a script that resets the approval settings. It is only applicable for SUS 1.0 SP1 servers that were deployed on or after Dec. 13, 2005.
The script has been added to a knowledge base article that was released on Patch Day this month to describe the glitch and offer workarounds.
Microsoft first acknowledged the glitch on the MSRC blog where the company explained that SUS 1.0 administrators may run into the problem of having all previously approved updates show up as “unapproved.”
” This doesnt impact the update level of your SUS clients, or the ability to deploy todays updates with SUS 1.0,” Microsoft explained.
The hiccup was caused when the patches in the two bulletins that shipped this month disrupted the process used by SUS 1.0 to test and approve patches for installation. In the KB article, Microsoft explained that the problem could be corrected by restoring the “Approveditems.txt” file from a back-up copy.
The issue caused client computers that did not download previously approved updates to be vulnerable to the flaws addressed in the two bulletins.
Vulnerable client machines may include new systems that have just been brought online, mobile systems that have been out of the environment and that have not used SUS for some time, and systems that have been turned off.
The two bulletins—MS05-054 and MS05-055—contained fixes for critical bugs in Internet Explorer and a Windows core processing kernel flaw affecting Windows 2000 Service Pack 4.
The cumulative for IE addressed four different vulnerabilities, including a publicly disclosed vulnerability in code used by IE to handle JavaScript “Window()” function calls.