This article describes manual packaging steps that must be performed on packages that ManageSoft Security Patch Manager (SPM) automatically creates for patches in Microsoft Security Bulletin MS08-040 (Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - 941203) and SQL 2005 specific patches in Microsoft Security Bulletin MS08-052 (Vulnerabilities in GDI+ Could Allow Remote Code Execution). These special steps need to be performed as not all releases of SPM are able to automatically create fully operational packages for these patches.
The steps, detailed below, include:
- Changing external installers in the patch packages
- Validating and possibly correcting command-line options used to install and uninstall the patches.
If these packaging steps are not performed, MS08-040 patch packages are likely to fail to install once deployed.
Configure external installers
Once packages have been generated by ManageSoft Security Patch Manager 7.9 or earlier for the patches in the bulletin, some changes are required to the external installers of the packages. These changes are NOT required if you are using ManageSoft Security Patch Manager 7.9.5 or later on your administration server.
If you are using ManageSoft Security Patch Manager 7.8.1 or earlier, open the package for each of the MS08-040 patches in turn and perform the following steps:
- Delete the x64 and ia64 external installers:
- Under the Packaging > Project > External Installers > All External Installers node, locate the external installers that execute files with names matching the patterns *-x64-*.exe and *-ia64-*.exe,and delete those installers. These installers are not supported by your version of SPM. After doing this, only one external installer should remain configured in the package.
- Delete the files named *-x64-*.exe and *-ia64-*.exe in the external installer's source folder; this folder will be named ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu.
If you are using ManageSoft Security Patch Manager 7.9 (not 7.9.5), open the package for each of the patches in turn and perform the following steps:
- Delete the ia64 external installer:
- Under the Packaging > Project > External Installers > All External Installers node, locate the external installer that executes a file with a name matching the pattern *-ia64-*.exe, and delete the installer.
- Delete the file named *-ia64-*.exe in the external installer's source folder (ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu).
- Configure appropriate architectures for the remaining external installers:
- View the Architectures tab of the project properties (from the Packaging > Project > Application Details node in the console), and add the following two architectures:
- x86 32-bit (i386)
- x64 64-bit (AMD64/Intel 64)
- Update the architectures of each of the two remaining external installers to match the architecture identified in the installer's executable name. For example, the installer for the *-x86-*.exe executable should only apply to the x86 32-bit (i386) architecture, while the installer for the *-x64-*.exeexecutable should only apply to the x64 64-bit (AMD64/Intel 64) architecture.
- View the Architectures tab of the project properties (from the Packaging > Project > Application Details node in the console), and add the following two architectures:
- Change the source directory for the x64 external installer:
- Change the source directory for the *-x64-*.exe external installer from its default value (Source\neuor Source\eng) to Source\neu64 or Source\eng64.
- On Optional Settings tab, change the directory from its default value to the directory name configured in the previous step.
- Move the *-x64-*.exe file found in
ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu
to
ManageSoft\Repository\Packages\SecurityPatch\<Bulletin ID>\<Bulletin ID> - <Patch Name>\Source\neu64
Use eng rather than neu as the directory name as appropriate to match the particular package/language.
- Fix the uninstall key for the x86 and x64 external installers:
- On Registry tab of the properties dialog for the *-x86-*.exe and *-x64-*.exe external installers, make sure the Uninstall Key is KB$(QNumber).
- Under the Project Variables > All Project Variables node, locate the QNumber variable and open its properties page. On Architectures tab, ensure that the checkboxes for architectures are checked.
Validation of command-line options
SPM may use incorrect command-line options on the install and uninstall command lines for these patch installers.
If packages for the patches in the bulletin have NOT yet been created:
- Open the properties of the bulletin, and view the Command-line options section of the properties.
- Ensure the following command lines for each patch are specified (if they are not there already):
- MS08-040 - SQL Server 2005 Service Pack 2
- MS08-040 - SQL Server 2005 Express Edition Service Pack 2
- MS08-040 - SQL Server 2000 Service Pack 4
- MS08-040 - SQL Server 2000 Desktop Engine Service Pack 4
- MS08-052 - SQL Server 2005 Service Pack 2 QFE
- MS08-052 - SQL Server 2005 Service Pack 2 GDR
The following options apply to all the above patches:
Install options: /quiet /norestart /allinstances
Uninstall options: /quiet /norestart- MS08-040 - Windows Server 2003
Install options: /quiet /allinstances /upgradesp sqlrun BLANKSAPWD=1
Uninstall options: /quiet /allinstances /upgradesp sqlrun BLANKSAPWD=1 - MS08-040 - Windows Server 2003 and Windows Server 2008
Install options: /q
Uninstall options: /q
If packages for the patches have already been created:
SQL Server packages:
- Open the package for each of the following patches in turn:
- MS08-040 - SQL Server 2005 Service Pack 2
- MS08-040 - SQL Server 2005 Express Edition Service Pack 2
- MS08-040 - SQL Server 2000 Service Pack 4
- MS08-040 - SQL Server 2000 Desktop Engine Service Pack 4
- MS08-052 - SQL Server 2005 Service Pack 2 QFE
- MS08-052 - SQL Server 2005 Service Pack 2 GDR
- Append the following options to the install command for each external installer that is under the Packaging > Project > External Installers > All External Installers node:
/quiet /norestart /allinstances
- Under the Project Variables > All Project Variables node, create a new Project Variable with the following values
- Variable: UninstallArgs
- Value: /quiet /norestart
- Value overrides managed device settings radio button selected
Windows Server 2003 package:
- Open the package for the following patch:
- MS08-040 - Windows Server 2003
- Append the following options to the install command for each external installer that is under the Packaging > Project > External Installers > All External Installers node:
/quiet /allinstances /upgradesp sqlrun BLANKSAPWD=1
- Under the Project Variables > All Project Variables node, create a new Project Variable with the following values
- Variable: UninstallArgs
- Value: /quiet /allinstances /upgradesp sqlrun BLANKSAPWD=1
- Value overrides managed device settings radio button selected
Windows Server 2003 and 2008 package:
- Open the package for the following patch:
- MS08-040 - Windows Server 2003 and Windows Server 2008
- Append the following options to the install command for each external installer that is under the Packaging > Project > External Installers > All External Installers node:
/q
- Under the Project Variables > All Project Variables node, create a new Project Variable with the following values
- Variable: UninstallArgs
- Value: /q
- Value overrides managed device settings radio button selected
Comments