Highlighted
francis77 Trusted Contributor.
Trusted Contributor.
187 views

Repackaging and deploying Microsoft Windows Updates

Jump to solution

Hi,

I have come across a recent problem whereby I need to download and apply an old missing Windows update package KB2871997 (this is required for the Wdigest vulnerability and needs to be applied on Win 7 and 2008 hosts). Unfortunately the update is no longer available for download through Zenworks but the MS update is available and I have downloaded that. How would I redeploy/package this update and deploy it on the machines that are missing this update. Your help would be greatly appreciated, thanks

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: Repackaging and deploying Microsoft Windows Updates

Jump to solution

The KB is then most likely installed or included in another update.

Keep in mind that the patch in question does not in itself resolve any vulnerabilities.

It simply adds support for a registry setting.

That registry setting can address a vulnerability.

3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Repackaging and deploying Microsoft Windows Updates

Jump to solution

#1 -  You can deploy a KB using the "Launch Executable Action".

Use the command line switches here....

https://support.microsoft.com/en-us/help/262841/command-line-switches-for-windows-software-update-packages

I would set to run as "SYSTEM".

MS KB patches have built-in SysReqs so they will only install if required.

#2 - KB2871997 is still available via ZPM (Verified in my lab).  However, ZPM will only download a patch if a device is scanned that requires the patch.  If the patch is not available in your zone, then most likely all of your Win7 devices have applied this 5yr old update.  ZPM will clean up old patches that are no longer required.

0 Likes
francis77 Trusted Contributor.
Trusted Contributor.

Re: Repackaging and deploying Microsoft Windows Updates

Jump to solution

Hi Craig,

I have confirmed that the patch is no longer available in our zone therefore I would assume that this would be applied to the machines that are affected by the vulnerability. Have manually downloaded the KB2871997 and ran the installer on machines that are not showing the KB in the list and for some reason the message mentions the update is already installed on the system (have verified that this is the case on all machines that I have run the manual install)

Thanks

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Repackaging and deploying Microsoft Windows Updates

Jump to solution

The KB is then most likely installed or included in another update.

Keep in mind that the patch in question does not in itself resolve any vulnerabilities.

It simply adds support for a registry setting.

That registry setting can address a vulnerability.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.