Hi Marc,

This is an extract from Microsoft:
"This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008"
http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx

It should be applicable to All Windows Server OS. Strage that you say MS updates page and WSUS says it only applies to DC's.

Eugene

Hi Eugene,

thanks for the note,I saw it too. But if you look from the technical point then it 's clear why. The patch fix attacks against kerberos and this is only possible on the DC.

also Microsoft Point only to the edition and not to the function.

This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

 I thinks this should be the indication from Microsoft.

But it dosen't help me a lot. I try to get a security report and at the moment it looks like the systems are not patched.

Thanks Marc

HI Marc,

I understand the concern you have, MS and WSUS says its only applicable to DC's. If you look at the Buliten discription in Altiris, it also states that it might still be a risk until the DC is restarted. This patch also applies to all of my servers and are almost installed on half.
Maybe the next PMImport will rectify this. Maybe not.

Maybe they want you to patch all windows servers for incase you decide to use it as a DC. Who knows with MS?

E

We're noticing that MS10-014 is showing Windows XP computers being targeted when we right-click on MS10-014 in Manage Software Updates and choose "View Targeted Computers"  (I pasted an example below). Does anybody know why they would be listed? Should I be looking only at the aggregate collections to see where patches will be applied?  So far I don't see the XP machines showing there.

Thanks,

LM