QFE vs GDR/LDR hotfixes

  • Article

 

I sometimes get the following question from customers:

I’ve located KB ABC which is an exact match for our problem, but the build number of the files in it are from an older version than hotfix XYZ which we already have installed on our systems. Why isn’t my problem resolved by hotfix XYZ if it contains a more recent version of the system files than ABC?

Hotfixes are released in two different flavors (usually referred to as branches within Microsoft development):

GDR (General Distribution)
- a binary marked as GDR contains only security related changes that have been made to the binary, including changes that are relevant to this build of the file and from any earlier security hotfix that updates the same binary.

QFE (Quick Fix Engineering) – LDR (Limited Distribution Release)
- a binary marked as QFE/LDR contains both security related changes that have been made to the binary as well as any functionality changes that have been made to it, including changes that are relevant to this build of the file and from any earlier security fix or bug fix that updates the same binary.

In general, when you update a server from Windows Update the operating system will prefer to download only security related (GDR) hotfixes.

If you have however manually installed a non-security hotfix that updates a file on your system, that file will from now on be updated from the QFE/LDR tree.

Questions:

Q: What changes does a specific file on my system have, for example lsasrv.dll?
A: If you have the GDR version of a file it only contains security hotfixes that have been made since the last RTM or service pack was released. IF you have the QFE/LDR version it contains both security and functionality fixes.

Q: How do I see if I have the GDR or QFE/LDR version of a file?
A: For W2k3/XP you can run msinfo32 and scroll down to Software Environment/Loaded Modules and look at the file. The version column should have a reference to whether it is RTM/QFE/GDR.

For Vista/W2k8 you’ll need to look at the build version of the file.
- GDR’s on Vista will have build numbers beginning with 6.0.6000.16 (RTM) or 6.0.6001.18 (SP1) or 6.0.6002.18 (SP2)
- LDR’s on Vista will have build numbers beginning with 6.0.6000 .20 (RTM) or 6.0.6001.22 (SP1) or 6.0.6002.22 (SP2)

Q: Can I get back on the GDR branch for a file?
A: Only if you uninstall any and all QFE packages that have updated the file or install the latest service pack for the system.

Q: Should I prefer to be on the GDR or QFE/LDR branch?
A: GDR are must-have security fixes that are issued to address specific security concerns. QFE/LDR’s are functionality fixes that address specific problems. If you don’t have a specific problem you’re troubleshooting, remaining on the GDR branch should be sufficient.

 

Links:

Branching out
http://blogs.technet.com/mrsnrub/archive/2009/05/18/branching-out.aspx

 

What is the difference between general distribution and limited distribution releases?
http://blogs.msdn.com/windowsvistanow/archive/2008/03/11/what-is-the-difference-between-general-distribution-and-limited-distribution-releases.aspx

 

Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages
http://support.microsoft.com/kb/824994