in
Home Tips Reviews CES 2008 Forums

Enter NOW To Win an HP HDX Dragon!


HP, BuzzCorp, and 31 Blogs across the Internet (including Windowsconnected.com) are giving away one HP HDX Dragon, loaded with stuff, every day for 31 days.  If you have never heard of the HP HDX dragon it is an amazing machine sporting a 20.1" display, Intel Core 2 Extreme x9000, 4GB of Ram, Blu-Ray drive and more. 		Windows

Jeff's Connected Corner

Windows Server System news and real-world info

Take a Deep Breath - OGA *Was Not* Silently Installed

My RSS reader was on fire this weekend after word of the Office Genuine Advantage (OGA) mix-up made the rounds. To prevent this issue from getting (further) blown out of proportion I've listed a few key details below.

Point #1:

The OGA hotfix requires admins to accept an End User License Agreement (EULA) before deploying anything to WSUS clients. I captured a screen shot of the OGA EULA using my lab WSUS server.

OGA Mix Up-EULA pop-up

Point #2:

Even if your WSUS server(s) use automatic approvals, an EULA-enabled update still requires manual approval. This is an important point that every WSUS admin who uses automatic approvals should understand. I prefer to manually approve all but Definition Updates; however, your environment may allow less stringent controls.

Point #3:

Immediately after recognizing the mistake (yes, mistake... not conspiracy) Microsoft marked the update as Expired by issuing an update revision. This action essentially disabled OGA and prevented unsuspecting WSUS admins from approving it. Unfortunately most WSUS servers only sync once or twice per day, which means OGA was hanging around unexpired for 12-24 hours. However, this doesn't change the fact that OGA still required an EULA before being deployed (see first bullet). Here is a screen shot of both revisions, with the second one highlighted.

OGA Mix Up-Expired Revision

Bottom Line:

OGA shouldn't have been published in the first place. Microsoft needs to implement tighter controls on the publishing channel. However, in this instance OGA could not be deployed without admin intervention. I hope this post answers any questions you had after reading other accounts of the incident. Feel free to post a comment if you have any questions. Note: Due to comment SPAM your question will not appear right away (I need to moderate first). Depending on my schedule this could be anywhere from 2-24 hours. Thanks for your patience.

 

Blog Post Changelog:

4/21/08 (v.1) - Initial post

4/21/08 (v.2) - Added info to clarify EULA-enabled updates still require manual approval. Also misc. typesetting changes.

Published Apr 21 2008, 09:02 AM by Jeff
Filed under:

Comments

 

Harry Johnston said:

One correction - according to my server logs (and other reports I've seen) there were about four days between when the update was released and when it was marked as expired.  (I received the update 5am Wednesday 16th NZST, and it was marked expired 5am Sunday 20th.)

I suspect that the 24 hour period mentioned by the WSUS team was the period between when the update was published and when it was properly restricted to the target countries.  Servers that did synchronize during this period would have kept the update available until it was expired a few days later.

April 21, 2008 2:18 PM
 

Jeff said:

Harry - Thanks for your comment. The lag you experienced may be true for your server (and apparently others?). However, mine was pretty much in line with what Microsoft posted on the WSUS team blog. See my 2nd screen shot (under Point #3) as evidence. Do you have a screen shot of your revisions?  --Jeff

April 21, 2008 3:42 PM
 

Matt Freestone said:

Jeff, fantastic clarity here in explaining the situation.  I agree, this entire thing was blown way out of proportion, at seems to happen with any MS mistake.

Harry, is your WSUS server set to check for updates every day?  Perhaps it hadn't attempted a re-sync from MS for a few days?

April 22, 2008 1:22 PM
 

Harry Johnston said:

My revisions history shows the same thing yours does, but I believe this to be misleading.  The arrival date (as opposed to the release date) for the OGA update on my server is the 20th, which shows that something changed for this update during the synchronization on the 20th.

My synchronization log shows the following:

3 expired updates on the 16th, all of which I have accounted for (KB947821 for Windows Vista 32-bit, KB947821 for Windows Vista x64, and Windows Defender definition update 1.31.8469.0).  

One expired update on the 19th, also accounted for (Windows Defender definition update 1.31.8557.0)

Two expired updates on the 20th; no revised updates; one new update.  There are two expired updates with arrival dates on the 20th; KB947590 and the OGA update.  The new update is the replacement for KB947590.

Looking at several of the recently expired Windows Defender updates I note that the revision history always shows the date the update was expired as being the same date the update was originally released, so I suspect this is a bug in WSUS or in the publishing process.

April 23, 2008 3:46 PM

Leave a Comment

(required)  
(optional)
(required)  
Add

About Jeff

Jeff Centimano is a Windows Server MVP based in Fairway, KS (USA). In addition to blogging and freelance technical writing for Microsoft, Jeff leads the KC-MEC User Group (kcmec.org) and assists with various site duties here at WindowsConnected.com. Jeff has been in the IT industry since 1994 and is currently a Solutions Architect at EMC Global Services.
.
Windows is a registered trademark of Microsoft Corporation.
Listed on the Offical CS Listings Powered by Community Server, by Telligent Systems Themed By nb development