On Mon, Aug 10, 2009 at 10:51 AM, Christopher Bodnar <[email protected]> wrote: > My reasoning is that it’s missing all the critical patches > that are included in the latest SP ( SP2 in this case) and > all the post SP updates.
Your understanding is wrong. Microsoft releases critical updates to fix problems likely to cause a tech support nightmare if they aren't fixed. Those would be security updates, and fixes to stability problems that affect a significant fraction of the user base. Critical updates are released for the current SP level. They also release critical updates for the *previous* SP level, with the possibility of an EOL date. For example, Windows XP. SP3 is the latest, and gets critical updates. SP2 is the previous, and also gets critical updates. SP1, being neither current nor previous, gets nothing. So an XP SP3 box can have the latest critical updates, and an XP SP2 box can have the latest critical updates, but an XP SP1 box will not get the latest critical updates. A given update will be tagged as part of some SP. That indicates the SP the update is scheduled *to be included in*. For example, current XP updates are tagged "SP4", as they will be included in SP4 if there is one (I suspect there won't be, but that's how Microsoft's nomenclature works). But those "SP4" updates will apply against SP2 and SP3, since those are the supported SP levels right now. A given SP level gives you all the critical updates released prior to that SP, along with whatever else Microsoft decides to throw in. An SP generally includes updates that weren't deemed "critical" but are deemed important enough to be included in the SP. Sometimes new functionality will be introduced, too. So if you don't have the latest SP, you don't get that stuff. But you do get the *critical* updates. > My colleague disagrees and says that as long as it > has the latest updates for its SP level it’s fully patched. There's no such thing as "fully patched". There are legions of QFE/LDR patches which you don't normally install (or even obtain) unless you have a specific need. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
