While the Unattended docs describe how to streamline a Servicepack into a Windows XP or 2000 installation, it doesn't describe how to also streamline a hotfix the same way. For most hotfixes there's no real need to integrate them into the base install, but MS03-26 and MS03-39 are remotely exploitable even durung the install. Anybody doing a netinstall in a potentially hostile environment will need to do create new installpoints with the patch installed.
Under I've included som links to information from Microsoft: http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/HFDeploy.htm http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/hfdeploy.asp http://support.microsoft.com/default.aspx?kbid=3D824994 http://support.microsoft.com/default.aspx?kbid=3D814847 The procedure for MS03-39 is as follows: 1. Delete ole32.dl_, rpcss.dl_, rpcrt4.dl_, svcpack.in_ from the i386 directory. 2. Unpack the correct hotfix (-x argument), and copy ole32.dll, rpcss.dll and rpcrt4.dll to the i386 directory. 3. Create an i386\svcpack directory, and populate it with the KB824146.CAT file from the hotfix. Rename the hotfix to KB824146.EXE, and copy it there also. 4. Modify dosnet.inf, to incude the following (note win2000 already has a [OptionalSrcDirs] line, while XP and 2003 has none): [OptionalSrcDirs] svcpack 5. Create a svcpack.inf file in the i386 directory with the following information: [Version] Signature="$Windows NT$" MajorVersion=xxxxx MinorVersion=yyyyy BuildNumber=zzzzz [SetupData] CatalogSubDir="\i386\svcpack" [ProductCatalogsToInstall] KB824146.CAT [SetupHotfixesToRun] KB824146.exe /u /n /z For Windows 2000: MajorVersion=5 MinorVersion=0 BuildNumber=2195 For Windows XP: MajorVersion=5 MinorVersion=1 BuildNumber=2600 For Windows 2003: MajorVersion=5 MinorVersion=2 BuildNumber=3790 You can use the same svcpack.inf file for all OS (no MajorVersion etc.), but then it the install will log some errors, and the hotfix won't run during the install. The install will not be vulnerable, so as long as you run the hotfix with the rest of the patches, everything should work fine. Modified files: ole32.dll replaces ole32.dl_ rpcrt4.dll replaces rpcrt4.dl_ DOSNET.INF added line to [OptionalSrcDirs] svcpack.inf replaces svcpack.in_ svcpack/KB824146.EXE renamed hotfix svcpack/KB824146.CAT security catalog file from hotfix -- Dag Nummedal ([EMAIL PROTECTED]) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ unattended-info mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/unattended-info
