Troubleshooting Security Patch Issues
| Deployingi security patches introduces new code into your network. Some of these patches can have an impact on how your existing systems operate. So how can you best deal with the issues? Check with your fellow small business consultant. On a regular basis in listserves, newsgroups, and user groups, consultants report on issues in their networks and the resolutions. Before deploying patches on systems where you know you have fellow consultants who are supporting similar systems, ask whether someone has tested the patches or had experience. Although each security bulletin contains a listing of "known issues," it may not include all the unusual line of business applications that your client uses. Some recommended resources for checking issues with security patches include
For more information, see Appendix A, "SBS Resources." Don't forget that any issue with a security patch or service pack is a free support call to Microsoft. Don't be hesitant to reach out and use the community resources you have to determine how best to keep your client patched and protected.
The key element in troubleshooting is ensuring that you review when the issue occurred and trace that back to the date the system was patched. If you are unsure, the best way to troubleshoot is to back off the patches one by one, and then manually install them, one by one. Review the monthly security bulletin, noting the Knowledge Base article numbers, and go into Add/Remove and manually uninstall each one that came out that month, going into safe mode if need be to remove the patches. Reboot the affected system and then see whether the symptoms disappear. Now one by one apply the security patches to see which one is the culprit. If the issue is a mere cosmetic annoyance, most consultants will typically leave the patch on. If, however, the issue is more business disruptive, most will remove the patch, determine the threat vectors of going without that patch (seeing whether exploits are in the wild from reading security vulnerability listserves), and then call Microsoft Product Support Services. If reading vulnerability postings from Full Disclosure security bulletins just is not how you want to spend your day, again, reach out to your community resources and ask. Invariably you will find someone like me who does like to keep track of such things who will let you know the risk you are taking by leaving something temporarily unpatched. Always review the security bulletin for the patch you removed for additional mitigation procedures that you may be able to perform and wait for a remedy without worrying about any risk to your client. This process will protect your client the most, instead of removing all the patches or using the roll back method on Windows XP. Ensuring that you've reviewed the bulletins before beginning the patching process will provide the best patch experience. The next troubleshooting that you will do is primarily that of the installation of the patches. As stated earlier, one particular log file needs to be reviewed. WindowsUpdate.log is the newer log file for the V.5 and above series of Windows Update, which includes Microsoft Update. Review the last entries in these log files and then inside the Microsoft Update interface, click on Help and Support, and then click on Try Solving Your Problem with the Troubleshooter. A sample error log file is as follows:
Some of the resources for troubleshooting Microsoft Update issues include the following Knowledge Base articles:
More resources can be found at the following search location: http://search.microsoft.com/search/results.aspx?View=en-us&p=2&c=10&st=b&qu=Microsoft+Update+web+site&na=31&cm=512 |
used: <(null)> Bypass List used : <(null)> Auth Schemes used : <(null);> 
EAN: 2147483647
Pages: 253