M100944: Deploying patches from Microsoft Security Bulletin MS09-004

This article describes manual packaging steps that must be performed on packages that ManageSoft Security Patch Manager (SPM) automatically creates for patches in Microsoft Security Bulletin MS09-004 (Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution - 959420). These special steps need to be performed for releases of SPM earlier than 7.9.5, since these early releases are unable to automatically create fully operational packages for these patches.

The procedure, detailed below, involves changing external installers in the patch packages. If these packaging steps are not performed, MS09-004 patch packages prepared in SPM earlier than 7.9.5 are likely to fail to install once deployed. These changes are not required if you are using ManageSoft Security Patch Manager 7.9.5 or later on your administration server.

Configure external installers

Once packages have been generated by ManageSoft Security Patch Manager 7.9 or earlier for the patches in the bulletin, some changes are required to the external installers of the packages. These changes are not required if you are using ManageSoft Security Patch Manager 7.9.5 or later on your administration server.

If you are using ManageSoft Security Patch Manager 7.8.1 or earlier, open the package for each of the MS09-004 patches in turn and delete the x64 and ia64 external installers by performing the following steps:

  1. Under the Packaging > Project > External Installers > All External Installers node, locate the external installers that execute files with names matching the patterns *-x64-*.exe and *-ia64-*.exe, and delete those installers. These installers are not supported by your version of SPM. After doing this, only one external installer should remain configured in the package. 

  2. Delete the files named *-x64-*.exe and *-ia64-*.exe in the external installer's source folder; this folder will be named ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu.

That completes the process for ManageSoft Security Patch Manager release 7.8.1 or earlier.

If you are using ManageSoft Security Patch Manager 7.9 (not 7.9.5), open the package for each of the patches in turn and perform the following steps:

  1. Delete the ia64 external installer:
    1. Under the Packaging > Project > External Installers > All External Installers node, locate the external installer that executes a file with a name matching the pattern *-ia64-*.exe, and delete the installer.
    2. Delete the file named *-ia64-*.exe in the external installer's source folder (ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu).

Note: The following steps 2, 3 and 4 are not applicable to SQL Server 2000 SP4 GDR/QFE. Unless you are using that configuration, continue with the following:

  1. Configure appropriate architectures for the remaining external installers:
    1. View the Architectures tab of the project properties (from the Packaging > Project > Application Details node in the console), and add the following two architectures:
      • x86 32-bit (i386)
      • x64 64-bit (AMD64/Intel 64)
    2. Update the architectures of each of the two remaining external installers to match the architecture identified in the installer's executable name. For example, the installer for the *-x86-*.exe executable should only apply to the x86 32-bit (i386) architecture, while the installer for the *-x64-*.exeexecutable should only apply to the x64 64-bit (AMD64/Intel 64) architecture. 
  2. Change the source directory for the x64 external installer:
    1. Change the source directory for the *-x64-*.exe external installer from its default value (Source\neuor Source\eng) to Source\neu64 or Source\eng64.
    2. On Optional Settings tab, change the directory from its default value to the directory name configured in the previous step.
    3. Move the *-x64-*.exe file found in

      ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu

      to

      ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu64

      Use eng rather than neu as the directory name as appropriate to match the particular package/language.

  3. Fix the uninstall key for the x86 and x64 external installers:
    1. On Registry tab of the properties dialog for the *-x86-*.exe and *-x64-*.exe external installers, make sure the Uninstall Key is KB$(QNumber).
    2. Under the Project Variables > All Project Variables node, locate the QNumber variable and open its properties page. On Architectures tab, ensure that the checkboxes for architectures are checked.

Comments

Powered by Zendesk