Friday 24 October 2008

SBS - MS08-067 Critical - Update Blitz Results

We decided to run the Out-of-Band critical update: Microsoft Security Bulletin MS08-067 - Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644) on all of our client SBS, Win2K3, and Win2K8 servers last night.

Susan made the valid point about testing the patch on our own network servers first: Deploy the oxygen mask to yourself first and we did.

In our case, our SBS server disappeared off the map. It apparently did not come back up as all of the updates were run remotely. In checking the server, the problem was due to the ISA firewall service stalling because of an SSL certificate conflict. The conflict was resolved, and we were good to go. The problem had nothing to do with the update.

All of our client servers came back up with no issues.

Many of our clients have an Intel Remote Management Module 2 installed in their newly installed servers to provide us with Out-of-Band access if we are doing updates that will kill the RWW connection such as Exchange updates.

So, if we lost remote connectivity with any of them via RWW, we were at least good to go from the "console" provided by the RMM2.

And, as Susan also mentions: Microsoft Security Bulletin MS08-067 – Critical make sure you have the appropriate ports setup in the registry as indicated in her post to make sure the server does not disappear after a reboot or cause all kinds of internal network gremlin like behaviours.

Note the Windows operating systems affected by this update are essentially all from Windows 2000 going forward.

On that note: All client desktops that were online to receive the update last night will have rebooted. This is as good a time as any to send out a gentle reminder note to all client users that they should be always closing and saving their work and logging off the system or shutting it down when they leave their desktop for more than a couple of minutes or at the end of the day.

And finally: We could rest easy the rest of yesterday evening going forward knowing that our servers were patched!

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

1 comment:

Absoblogginlutely! said...

What a weekend eh? I've spent the best part of Friday and Saturday patching at our clients and a couple of hours tonight. At the same time I've updated some wsus installations that hadn't been done and done some really nasty hacking around with adsiedit on one site that choked after the reboot. Not sure if it was related to the patch or not but we had one server insisting it was ALSO the other server in AD - very confusing and weird.