From: mike 


http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1254774,
00.html

===
The days following a Microsoft security update are typically followed by
reports of deployment problems, and this month is proving to be no
exception. Since the software giant's May 8 patch rollout, various blogs
and discussion boards have been full of reports about everything from DNS
service failures to Windows Server Update Services (WSUS) malfunctions.

At least one IT professional reported that after applying this month's
patches to a bunch of domain controllers, the DNS service on one of them
was failing repeatedly.

"I have it set to recover, so it comes back on, but it fails again
after a few minutes," he said in a patch management email forum hosted
by Roseville, Minn.-based Shavlik Technologies.

Meanwhile, Susan Bradley, a Microsoft MVP and IT administrator at Tamiyasu,
Smith, Horn and Braun Accountancy Corp. in Fresno, Calif., wrote in her
MS07-027, a cumulative update for Internet Explorer.

She said there are two issues with the patch -- Some Windows 2000 machines
were being offered a 2004 patch, and some Vista machines were getting a
"navcancl" error message after patching. As a temporary solution,
she recommended IT administrators start Internet Explorer 7 using the
following commands: start->run iexplore.exe -nohome -extoff; then right
click on the toolbar area and click the menu bar if it's disabled; and then
select tools->options->advanced->security->disable phishing
filter.

Even though the Internet Explorer patch is rated critical, she said IT
administrators should not hurry it onto their systems at the expense of
thorough testing.

"Even after you patch it your browser will [still] have security
issues and if you have other mitigations in place, the rush should not be
on to be the first to install," she wrote in her blog. She said
administrators should remember they are "installing changed code on a
system that Microsoft CANNOT fully test for because they DO NOT have your
system, your software, your surfing habits, etc."

Administrators are also reporting problems with WSUS following Microsoft's
Tuesday patch release, which addressed 19 flaws that included a zero-day
DNS server flaw and flaws in Microsoft Exchange, Internet Explorer,
Microsoft Excel, Word and Office.

The WSUS team has been dealing for some time with a problem they call the
'svchost/msi issue.' One of the problems here is that during automatic
patch updates on a Windows XP machine, CPU usage goes into overdrive.
"Of course, the computer is virtually unusable" when that
happens, someone using the name Foxy-Perth wrote on the Windows Update
support forum.

The problem persists even though Microsoft has tried to address it will a hotfix.
===

 /m

--- BBBS/NT v4.01 Flag-5