Microsoft confirmed late Friday that enterprise administrators using one of its patch distribution tools have not been able to install last week's security updates.
The company offered a workaround and said it is working on a fix.
"We're aware of an issue that is affecting the deployment of the June 2008 security updates," acknowledged Christopher Budd, spokesman for the Microsoft Security Response Center (MSRC), in a post to the group's blog Friday night.
Only corporate administrators using System Center Configuration Manager (ConfigMgr) 2007, which itself was just updated to Service Pack 1 (SP1), are affected, Budd said, and only those systems running System Management Server (SMS) 2003 client software refuse to update. "The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients," said Budd.
Last Tuesday, Microsoft published its usual monthly batch of security updates, which for June patched 10 vulnerabilities in Windows and Internet Explorer.
The successor to SMS 2003, System Center Configuration Manager assesses, deploys and updates server and client system.
The MSRC also posted a security advisory Friday, even though Microsoft doesn't strictly consider the problem security-related. "This issue is not a security vulnerability in System Center Configuration Manager 2007," the advisory stated. "[But] in this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."
According to an entry added to another company blog last Thursday, the glitch stems from "an issue with updated content published for the Office 2003 Service Pack 1 update, " said J.C. Hornbeck, an engineer with Microsoft's manageability group. "The June 10, 2008 release of the WSUS Offline Scan Catalog (wsusscn2.cb) fails to synchronize on a ConfigMgr 2007 or ConfigMgr 2007 SP1 site server using the Inventory Tool for Microsoft Updates (ITMU)."
No other information was provided about the source of the issue, or why the Office 2003 SP1 update caused the trouble now. Office 2003 SP1 was first released in mid-2004.
Office 2007 SP1, however, was updated last Tuesday, according to Microsoft's Office team, to fix a problem on Windows Server Update Services (WSUS) that caused some language-specific content to fail to download. It's not known if the two Office issues are related, and Microsoft was not available Sunday for comment or clarification.
Administrators can determine if the June 10 updates were deployed by examining the Wsyncmgr.log on the ConfigMgr 2007 site server, added Hornbeck.
Budd said that Microsoft is working on a patch. In the meantime, he recommended that administrators use the Software Distribution feature within ConfigMgr 2007 to roll out the June security updates.