KB824146 patch not working

Topic

New Reply

I installed KB824146 patch on 09/15/03 and today (09/16/03) I let Windowsupdate scan my computer. It recommends to install patch KB824146 again.

I checked windowsupdate’s installation history, which says KB824146 was installed successfully.

I then checked c:windowsKB824146.log, which has on every line *FAILED*.

Microsoft’s KB824146 scanning tools confirms, that patch KB824146 has not been installed.

My confiration is Windows XP Pro SP1 English on a Compaq Evo D510 CMT P4 2.53 GHz.

[c:program fileskb824146scan]KB824146Scan.exe localhost

Microsoft ® KB824146 Scanner Version 1.00.0249 for 80×86
Copyright © Microsoft Corporation 2003. All rights reserved.

Starting scan (timeout = 5000 ms)

Checking 127.0.0.1
127.0.0.1: patched with KB823980

Scan completed

Statistics:

Patched with KB824146 and KB823980 …. 0
Patched with KB823980 …………….. 1
Unpatched ……………………….. 0
TOTAL HOSTS SCANNED ………………. 1

DCOM Disabled ……………………. 0
Needs Investigation ………………. 0
Connection refused ……………….. 0
Host unreachable …………………. 0
Other Errors …………………….. 0
TOTAL HOSTS SKIPPED ………………. 0

TOTAL ADDRESSES SCANNED …………… 1

[c:program fileskb824146scan]

Reply | Quote

Replies

Hi sarkeve,

Microsoft’s track record is, shall we say, less than pristine when it comes to being straightforward about things like patches and updates. Unfortunately, it’s hard to argue with the beast from Redmond. They have all the cards for the moment.

I’d just download the patch again and see if it takes the second time. It should, but post back if it doesn’t and we can investigate further.

Reply | Quote

Hi sarkeve,

Microsoft’s track record is, shall we say, less than pristine when it comes to being straightforward about things like patches and updates. Unfortunately, it’s hard to argue with the beast from Redmond. They have all the cards for the moment.

I’d just download the patch again and see if it takes the second time. It should, but post back if it doesn’t and we can investigate further.

Reply | Quote

Are you installing this one (WindowsXP-KB824146-x86-ENU.exe) for Windows XP? Perhaps a direct download will work better than WindowsUpdate?

Reply | Quote

Are you installing this one (WindowsXP-KB824146-x86-ENU.exe) for Windows XP? Perhaps a direct download will work better than WindowsUpdate?

Reply | Quote

Sarkeve–

You can settle the question of whether a hotfix is in or not by going to the registry and looking at the hotfix key and subkeys:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWAREMicrosoftWindows NTCurrentVersionHotfix

This applies to NT, Win 2K, and Win XP.

Also try:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1

This reminds me of good ‘ole

Windows Update Site Lists Updates That You Already Installed

There’s always also this proxy server glitch with WU, but I haven’t found many people with this problem:

312955: Windows Update May Not Work in Windows XP If an Authenticating Web Proxy Is Used

but every time I read the first KB it reminds me I’m glad I booted Windows Update a long time ago. I use the other Microsoft Sites to Update– and since 99% of Updates are security hotfixes, you can use the MS Security site for them, get them earlier, you shouldn’t have trouble downloading–they’re always on a complete,list if I want to hold back on any, and no one seems to have the awful hesitation problems I used to have ocassionally using WU. I’m springboarding here on Jefferson’s pulling the direct link for you.

The most effective way to troubleshoot Windows Update as it is currently configured and albatrossed with glitches is not to use it and use Microft Security’s Links to Downloads and Notifications by Email Instead[/i]

Best place to get your security hotfixes, and the same type of no difficulty download Jefferson linked you to above, a newsletter to get them before WU has them, and a list of all the security fixes–so you never have to worry about “storing” them from WU to see how they play out if you want to wait and see on some. I wouldn’t wait on any though that they designate as “critical.”

Security Hotfix Newsletter Subscription (Free) and Search List

Complete List of Previous Security Bulletins With None of the Windows Update Download Glitches

Microsoft Windows XP Hotfix Installation and Hotfix Guide

Windows Update Troubleshooting Links and Supports: Good Reasons To Save Time and Use the Security Site Instead:

Post 288653: Windows Update Troubleshooting Links and Posts Listed

Troubleshooting WinUpdate Links –Microsoft Security Hotfix Links

Post 288664: LinkList to Fix Specific Windows Update Glitches

Windows Update Support and Troubleshooting Sites Posts 290842,

hth,

SMBP

Reply | Quote

Personally, I wouldn’t rely on the Registry if an update failed part way through. One also would want to check the file versions. From MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs (MSKB 824146), here are the version numbers for the relevant DLLs post-update on Windows XP (Home or Pro):

   25-Aug-2003  22:29  5.1.2600.118   1,093,632  Ole32.dll  (pre-SP1)
   25-Aug-2003  22:29  5.1.2600.109     439,296  Rpcrt4.dll (pre-SP1)
   25-Aug-2003  22:29  5.1.2600.118     204,288  Rpcss.dll  (pre-SP1)
   25-Aug-2003  18:53  5.1.2600.1263  1,172,992  Ole32.dll  (with SP1)
   25-Aug-2003  18:53  5.1.2600.1254    532,480  Rpcrt4.dll (with SP1)
   25-Aug-2003  18:53  5.1.2600.1263    260,608  Rpcss.dll  (with SP1)

As for whether to load Critical updates immediately, this would depend on the other layers of defense one has deployed and one’s taste for installing patches. A firewall blocks PRC exploits from the ‘net; e-mail software’s attachment blocking prevents you from running executables that could exploit it locally; antivirus software will, sooner or later, detect any rogue installers that sneak through; and you also have the choice to turn off the service. So actually I tend to defer many updates because in my particular situation, given the various layers of defense protecting me, I conclude that they can wait. But each person has to make her or his own decision.

Reply | Quote

I appreciate this Jefferson, and if only every computer user had the heads up discerning attention you can pay to this and so many aspects of software it would be one extremely well informed Windows and Office world, but here’s the reality:

1) As recent history showed the clinical on the street situation rather explicitly most people aren’t even updating viral definitions, let alone getting critical patches–and during Msblast.exe that actually included a number of sophisticated IT departments.

2) I have collected nearly every Windows Update glitch known to man in the form of KB’s, troubleshooting sites for WU by MS and others–we’re talking a hefty number of glitches. The sheer volume of them drives me away from Windows Update.

3) I don’t see any of these glitches connected to using the Security Site for security upgrades and going to the less than 5 fingers number of other sites you need to be perfectly updated.

4) We’ve seen a lot of major hand wringing angst on the lounge by intelligent, careful experienced computer users who know their software having a cascade of unending problems with the Windows Update as it is currently.

5) This is all solved by using the Microsoft Security Update site (same company as Windows Update far as I can tell).

6) I don’t know of any single instance where the registry keys have failed to confirm the correct update and one can watch the update install and be recorded with its registry entry in real time as you know with one of the registry monitors. I don’t know of any ambiguity from looking in the registry keys.

7) How does the end user run into difficulty with the incantations of dll’s you screen shot when they get the security bulletin email and/or go here to get the update today by going the Security Site for Patch Updates and clicking on the link on the right dated September 10 SS below. As far as I can tell having used the Security newsletter for over two years, when they do update a problem patch, you get the notification for it and every other patch.

Aren’t these dll’s predetermined depending on which version of this patch update you select here?

8) One could hardly find any fault with this clear, very common sensicle approach, but if you look at newsgroups or the lounge, a lot of people are experiencing a lot of confusion in accomplishing what you stated here so crisply and precisely. That’s why using Microsoft’s other way that’s not nearly as well known–the Security Site newsletter linked above, works so well. With rare exception, side effects of the patches can be reversed by uninstalling them at Add/Remove.

SMBP

Reply | Quote

I agree that computer security is hard work.

I don’t fully understand your #7. I posted version numbers only for Windows XP Home and Pro; the version numbers could well be different for other versions of Windows. I didn’t go back to check.

Reply | Quote

It could well be my fault there, because I also may be missing your major point with the .dlls, because I should say the more I try to sort out or assign those dlls to downloadable entities for versions I’m not sure what they mean.

The security notification on this patch was emailed September 10–but nothing is unusual about having dates somewhat earlier (Aug 25) on the dlls or parts of the patch. Microsoft has held a number of the 100 plus patches issued since the XP launch for times variying from a few days to eleven weeks for the huge PC Health file vulnerability fixed with SP1. Patches get issued as everyone knows for whatever versions of IE, the OS, OE, the servers, WMP, Direct X or whatever its found out nees patching at the time. From what I can tell from MS03-039 there are six flavors of this patch– a download each for all versions of Windows Server 2003,(Standard and 64 Bit), XP, 2K, NT 4.0. Similar sets of dlls seem in this patch, I haven’t looked hard at others’ dlls to be in the exact same 6 .dll files (different sizes) and some added for 64 bit server editions, and the same folder, RTMGDR for Windows Server 32 bit or standard edition. For the 64 bit server enterprise and data center editions we have 4 additional .dll folders.

I guess what I’m saying, is I am not sure how or what for you’re using the “relevant” .dlls–I’m not sure how to use them for verification the patch is in–do you mean to hunt them down as confirmation?

The same bulletin endorses using a registry key to confirm the Windows XP Patches
____________________________________________________

You may also be able to verify the files that this security patch installed by reviewing the following registry keys:

For Windows XP Home Edition SP1; Windows XP Professional SP1; Windows XP 64-Bit Edition, Version 2002 SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP2KB824146Filelist

For Windows XP Home Edition; Windows XP Professional; Windows XP 64-Bit Edition, Version 2002:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1KB824146Filelist[/i]

Looks good to me unless you are using the exception above, and a significant number of people probably are.

I’m not arguing your .dll point at all, because I’m just trying to understand how you’re using them. But this MS Security bulletin and all the others you can look at clearly offer registry keys as confirmation so am I oversimplifying some significance that those .dll’s confer on confirmation the patch is in or anything else?

SMPB

Reply | Quote

I started my post this way: Personally, I wouldn’t rely on the Registry if an update failed part way through. Because I do not know the sequence in which the Registry and the files themselves are updated, if the update “failed,” one should check the files.

Reply | Quote

Jefferson

I would be staggered if any programmer, even one from Microsoft (!), would set anything to indicate that an update had been successfully installed before it had been successfully installed! My view would be that if the Registry HotFix key had been updated, then the fix had been successfully applied (or at least the programmer thought it had been). If that wasn’t the case, the entire system of verifying HotFix Applications would be crashing down around our ears!

Annoyingly the writeup for the scanning tool to determine whether the security patches KB824146 (and KB823980) to MS03-039 (and/or MS03-026) have been applied says that it checks machines for these Hot Fixes, but carefully fails to say how!

However, this article states (extract for Windows XP 32-bit only):

quote
You may also be able to verify that the security patch is installed on your computer by confirming that the following registry key exists:

Windows XP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1KB824146

Windows XP with Service Pack 1 (SP1)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP2KB824146
unquote

Reply | Quote

This thread is about an update gone wrong. It takes maybe 60 seconds to check the file information to see if they have been updated or not. Why not check? Have you found the registry to be an infallible indicator of the state of the file system?

Reply | Quote

Jefferson

I have 2,200-odd mostly NT workstations and about 170 NT & W2K servers in around 50 locations, all over England and Ireland. How long would I need to check these by manual methods? I don’t have the luxury of being able to do manual checks…

Reply | Quote

I don’t think I suggested that you check even one of your 2,200 computers. Now, again, here is my point:

The scenario in this thread is that the log file said the update failed. The response was that you can rely on the Registry to report whether the update installed successfully. I said I would not rely on the Registry, and that I also would check the files themselves before concluding that the log was incorrect.
[/list]Would you really just rely on the Registry under these circumstances? I find that hard to believe.

Reply | Quote

No, I accept your point – I was being overwhelmed by having to run this check a few times a day to observe the progress of the SMS job that applied the fix to MS03-039 throughout the network!

Thinking about the matter last night, the progress of applying an update is even more complicated than I indicated earlier. On my XP PC I use Mike Lin’s StartupMonitor, which reports when the Run-type keys, in this case specifically RunOnce, are modified in the Registry. This happens for many of the updates, indicating that an update cannot really be considered ‘complete’ until a reboot has taken place. Much of the time this just causes a tidy-up of left-over files and maybe directories, and so on, but occasionally it enables “usually in-use” files to be replaced by their updated versions, before they become “in-use” again. What I don’t know is at what point the Registry is updated with the HotFix key — is it before the reboot or (via the RunOnce key) after the reboot? I’ve never gone that far into the detail. Admittedly I’m talking about the non-average update, which (on XP at least) more rarely requires a reboot. Has anyone tested when the HotFix registry key is actually applied, say using SysInternal’s RegMon?

Incidentally, I’m sure I’ve pointed out before that Microsoft’s MS03-026 scanner (dunno about the MS03-039 scanner!) was regarded as less than perfect, and that the one from eEye Digital Security was considered better. I suspect Shavlik’s HfNetChk has been update to cope with the fixes — but when I tried it on our network it hadn’t completed even after a week – and five reboots of many of the PCs along the way!

Reply | Quote

No, I accept your point – I was being overwhelmed by having to run this check a few times a day to observe the progress of the SMS job that applied the fix to MS03-039 throughout the network!

Thinking about the matter last night, the progress of applying an update is even more complicated than I indicated earlier. On my XP PC I use Mike Lin’s StartupMonitor, which reports when the Run-type keys, in this case specifically RunOnce, are modified in the Registry. This happens for many of the updates, indicating that an update cannot really be considered ‘complete’ until a reboot has taken place. Much of the time this just causes a tidy-up of left-over files and maybe directories, and so on, but occasionally it enables “usually in-use” files to be replaced by their updated versions, before they become “in-use” again. What I don’t know is at what point the Registry is updated with the HotFix key — is it before the reboot or (via the RunOnce key) after the reboot? I’ve never gone that far into the detail. Admittedly I’m talking about the non-average update, which (on XP at least) more rarely requires a reboot. Has anyone tested when the HotFix registry key is actually applied, say using SysInternal’s RegMon?

Incidentally, I’m sure I’ve pointed out before that Microsoft’s MS03-026 scanner (dunno about the MS03-039 scanner!) was regarded as less than perfect, and that the one from eEye Digital Security was considered better. I suspect Shavlik’s HfNetChk has been update to cope with the fixes — but when I tried it on our network it hadn’t completed even after a week – and five reboots of many of the PCs along the way!

Reply | Quote

I don’t think I suggested that you check even one of your 2,200 computers. Now, again, here is my point:

The scenario in this thread is that the log file said the update failed. The response was that you can rely on the Registry to report whether the update installed successfully. I said I would not rely on the Registry, and that I also would check the files themselves before concluding that the log was incorrect.
[/list]Would you really just rely on the Registry under these circumstances? I find that hard to believe.

Reply | Quote

Jefferson

I have 2,200-odd mostly NT workstations and about 170 NT & W2K servers in around 50 locations, all over England and Ireland. How long would I need to check these by manual methods? I don’t have the luxury of being able to do manual checks…

Reply | Quote

[indent]

---

Have you found the registry to be an infallible indicator of the state of the file system?

---

[/indent]Surely that’s really a “how long is a piece of string?” question?
No, of course neither I nor anyone else could make that statement, for to do so would imply total knowledge of all possible update situations!

Provide you have

• a very small number of PCs
• complete knowledge of what the fix is deleting, replacing or adding (both files AND registry keys) — not always given by Microsoft
• the time to perform the check
  [/list]then you could with a fair degree of certainty say that the fix had been applied correctly to the limited number of PCs.

  As always, “the law of unintended consequences” could apply…

Reply | Quote

[indent]

---

Have you found the registry to be an infallible indicator of the state of the file system?

---

[/indent]Surely that’s really a “how long is a piece of string?” question?
No, of course neither I nor anyone else could make that statement, for to do so would imply total knowledge of all possible update situations!

Provide you have

• a very small number of PCs
• complete knowledge of what the fix is deleting, replacing or adding (both files AND registry keys) — not always given by Microsoft
• the time to perform the check
  [/list]then you could with a fair degree of certainty say that the fix had been applied correctly to the limited number of PCs.

  As always, “the law of unintended consequences” could apply…

Reply | Quote

This thread is about an update gone wrong. It takes maybe 60 seconds to check the file information to see if they have been updated or not. Why not check? Have you found the registry to be an infallible indicator of the state of the file system?

Reply | Quote

Jefferson

I would be staggered if any programmer, even one from Microsoft (!), would set anything to indicate that an update had been successfully installed before it had been successfully installed! My view would be that if the Registry HotFix key had been updated, then the fix had been successfully applied (or at least the programmer thought it had been). If that wasn’t the case, the entire system of verifying HotFix Applications would be crashing down around our ears!

Annoyingly the writeup for the scanning tool to determine whether the security patches KB824146 (and KB823980) to MS03-039 (and/or MS03-026) have been applied says that it checks machines for these Hot Fixes, but carefully fails to say how!

However, this article states (extract for Windows XP 32-bit only):

quote
You may also be able to verify that the security patch is installed on your computer by confirming that the following registry key exists:

Windows XP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1KB824146

Windows XP with Service Pack 1 (SP1)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP2KB824146
unquote

Reply | Quote

I started my post this way: Personally, I wouldn’t rely on the Registry if an update failed part way through. Because I do not know the sequence in which the Registry and the files themselves are updated, if the update “failed,” one should check the files.

Reply | Quote

It could well be my fault there, because I also may be missing your major point with the .dlls, because I should say the more I try to sort out or assign those dlls to downloadable entities for versions I’m not sure what they mean.

The security notification on this patch was emailed September 10–but nothing is unusual about having dates somewhat earlier (Aug 25) on the dlls or parts of the patch. Microsoft has held a number of the 100 plus patches issued since the XP launch for times variying from a few days to eleven weeks for the huge PC Health file vulnerability fixed with SP1. Patches get issued as everyone knows for whatever versions of IE, the OS, OE, the servers, WMP, Direct X or whatever its found out nees patching at the time. From what I can tell from MS03-039 there are six flavors of this patch– a download each for all versions of Windows Server 2003,(Standard and 64 Bit), XP, 2K, NT 4.0. Similar sets of dlls seem in this patch, I haven’t looked hard at others’ dlls to be in the exact same 6 .dll files (different sizes) and some added for 64 bit server editions, and the same folder, RTMGDR for Windows Server 32 bit or standard edition. For the 64 bit server enterprise and data center editions we have 4 additional .dll folders.

I guess what I’m saying, is I am not sure how or what for you’re using the “relevant” .dlls–I’m not sure how to use them for verification the patch is in–do you mean to hunt them down as confirmation?

The same bulletin endorses using a registry key to confirm the Windows XP Patches
____________________________________________________

You may also be able to verify the files that this security patch installed by reviewing the following registry keys:

For Windows XP Home Edition SP1; Windows XP Professional SP1; Windows XP 64-Bit Edition, Version 2002 SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP2KB824146Filelist

For Windows XP Home Edition; Windows XP Professional; Windows XP 64-Bit Edition, Version 2002:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1KB824146Filelist[/i]

Looks good to me unless you are using the exception above, and a significant number of people probably are.

I’m not arguing your .dll point at all, because I’m just trying to understand how you’re using them. But this MS Security bulletin and all the others you can look at clearly offer registry keys as confirmation so am I oversimplifying some significance that those .dll’s confer on confirmation the patch is in or anything else?

SMPB

Reply | Quote

I agree that computer security is hard work.

I don’t fully understand your #7. I posted version numbers only for Windows XP Home and Pro; the version numbers could well be different for other versions of Windows. I didn’t go back to check.

Reply | Quote

I appreciate this Jefferson, and if only every computer user had the heads up discerning attention you can pay to this and so many aspects of software it would be one extremely well informed Windows and Office world, but here’s the reality:

1) As recent history showed the clinical on the street situation rather explicitly most people aren’t even updating viral definitions, let alone getting critical patches–and during Msblast.exe that actually included a number of sophisticated IT departments.

2) I have collected nearly every Windows Update glitch known to man in the form of KB’s, troubleshooting sites for WU by MS and others–we’re talking a hefty number of glitches. The sheer volume of them drives me away from Windows Update.

3) I don’t see any of these glitches connected to using the Security Site for security upgrades and going to the less than 5 fingers number of other sites you need to be perfectly updated.

4) We’ve seen a lot of major hand wringing angst on the lounge by intelligent, careful experienced computer users who know their software having a cascade of unending problems with the Windows Update as it is currently.

5) This is all solved by using the Microsoft Security Update site (same company as Windows Update far as I can tell).

6) I don’t know of any single instance where the registry keys have failed to confirm the correct update and one can watch the update install and be recorded with its registry entry in real time as you know with one of the registry monitors. I don’t know of any ambiguity from looking in the registry keys.

7) How does the end user run into difficulty with the incantations of dll’s you screen shot when they get the security bulletin email and/or go here to get the update today by going the Security Site for Patch Updates and clicking on the link on the right dated September 10 SS below. As far as I can tell having used the Security newsletter for over two years, when they do update a problem patch, you get the notification for it and every other patch.

Aren’t these dll’s predetermined depending on which version of this patch update you select here?

8) One could hardly find any fault with this clear, very common sensicle approach, but if you look at newsgroups or the lounge, a lot of people are experiencing a lot of confusion in accomplishing what you stated here so crisply and precisely. That’s why using Microsoft’s other way that’s not nearly as well known–the Security Site newsletter linked above, works so well. With rare exception, side effects of the patches can be reversed by uninstalling them at Add/Remove.

SMBP

Reply | Quote

Personally, I wouldn’t rely on the Registry if an update failed part way through. One also would want to check the file versions. From MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs (MSKB 824146), here are the version numbers for the relevant DLLs post-update on Windows XP (Home or Pro):

   25-Aug-2003  22:29  5.1.2600.118   1,093,632  Ole32.dll  (pre-SP1)
   25-Aug-2003  22:29  5.1.2600.109     439,296  Rpcrt4.dll (pre-SP1)
   25-Aug-2003  22:29  5.1.2600.118     204,288  Rpcss.dll  (pre-SP1)
   25-Aug-2003  18:53  5.1.2600.1263  1,172,992  Ole32.dll  (with SP1)
   25-Aug-2003  18:53  5.1.2600.1254    532,480  Rpcrt4.dll (with SP1)
   25-Aug-2003  18:53  5.1.2600.1263    260,608  Rpcss.dll  (with SP1)

As for whether to load Critical updates immediately, this would depend on the other layers of defense one has deployed and one’s taste for installing patches. A firewall blocks PRC exploits from the ‘net; e-mail software’s attachment blocking prevents you from running executables that could exploit it locally; antivirus software will, sooner or later, detect any rogue installers that sneak through; and you also have the choice to turn off the service. So actually I tend to defer many updates because in my particular situation, given the various layers of defense protecting me, I conclude that they can wait. But each person has to make her or his own decision.

Reply | Quote

Sarkeve–

You can settle the question of whether a hotfix is in or not by going to the registry and looking at the hotfix key and subkeys:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWAREMicrosoftWindows NTCurrentVersionHotfix

This applies to NT, Win 2K, and Win XP.

Also try:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1

This reminds me of good ‘ole

Windows Update Site Lists Updates That You Already Installed

There’s always also this proxy server glitch with WU, but I haven’t found many people with this problem:

312955: Windows Update May Not Work in Windows XP If an Authenticating Web Proxy Is Used

but every time I read the first KB it reminds me I’m glad I booted Windows Update a long time ago. I use the other Microsoft Sites to Update– and since 99% of Updates are security hotfixes, you can use the MS Security site for them, get them earlier, you shouldn’t have trouble downloading–they’re always on a complete,list if I want to hold back on any, and no one seems to have the awful hesitation problems I used to have ocassionally using WU. I’m springboarding here on Jefferson’s pulling the direct link for you.

The most effective way to troubleshoot Windows Update as it is currently configured and albatrossed with glitches is not to use it and use Microft Security’s Links to Downloads and Notifications by Email Instead[/i]

Best place to get your security hotfixes, and the same type of no difficulty download Jefferson linked you to above, a newsletter to get them before WU has them, and a list of all the security fixes–so you never have to worry about “storing” them from WU to see how they play out if you want to wait and see on some. I wouldn’t wait on any though that they designate as “critical.”

Security Hotfix Newsletter Subscription (Free) and Search List

Complete List of Previous Security Bulletins With None of the Windows Update Download Glitches

Microsoft Windows XP Hotfix Installation and Hotfix Guide

Windows Update Troubleshooting Links and Supports: Good Reasons To Save Time and Use the Security Site Instead:

Post 288653: Windows Update Troubleshooting Links and Posts Listed

Troubleshooting WinUpdate Links –Microsoft Security Hotfix Links

Post 288664: LinkList to Fix Specific Windows Update Glitches

Windows Update Support and Troubleshooting Sites Posts 290842,

hth,

SMBP

Reply | Quote

Does the log show a failure for the FIRST time the patch was applied? It could be that subsequent attempts failed because the first actually succeeded. I cannot remember which patch is concerned, but there is a new one out there that reqires that you also make sure that the latest verion of windows update is required, or the patch will not register as having been applied. Worth checking.

Reply | Quote

Does the log show a failure for the FIRST time the patch was applied? It could be that subsequent attempts failed because the first actually succeeded. I cannot remember which patch is concerned, but there is a new one out there that reqires that you also make sure that the latest verion of windows update is required, or the patch will not register as having been applied. Worth checking.

Reply | Quote