SMS 2003 and Security Bulletin MS07-053

There has been some confusion with SMS 2003’s ability to detect and patch MS07-053 so hopefully I can clear some of that up.

The Subsystem for Unix applications on Windows Server 2003 is a native part of the Windows operating system which can be detected by MBSA 2.0.1.  You will therefore be able to detect this update in ITMU and deploy it with SMS 2003.

Services for Unix 3.0 and Services for Unix 3.5 are full-featured add-ons to Windows 2000, Windows XP, Windows Vista and Windows Server 2003.  These products have the same vulnerability as Windows but since they are not scanned by MBSA 2.0.1 ITMU cannot patch them. Windows Update, Microsoft Update and WSUS also have the same limitations per KB article 942399.   The Stand-alone Enterprise Scan Tool for September 2007 will cover detection of MS05-052 and MS07-053 on all supported platforms.  Patch deployment can be addressed by standard software distribution in this case.

The Extended Security Update Inventory Tool for SMS 2003 uses the same engine as the EST and can be used by SMS 2003 to scan for and deploy updates by products not covered by ITMU.  The current version of this tool is cumulative for all 40 updates that are not covered by ITMU going back to MS04-028.  If you already have the Extended Security Update Inventory Tool from a previous month, you will need to download the current version and upgrade in-place to get coverage of MS07-052 and MS07-053. 

Hope this helps!

Richard D. Pesenko