DEPLOYING A SECURITY PATCH
Deploying a Security Patch One of the
pieces of nasty-ware recently making the
rounds was called the Sasser worm, which
some of our customers have had
unfortunate encounters with. As this
particular virus is still causing
problems, today?s tip gives step-by-step
instructions on using RemoteScope to
deploy a patch that removes Sasser from
any Windows XP systems on your network.
The same general procedure can be used
on other Windows versions and for other
security patches, using the guidelines
at the end. And for those of you who
don?t have RemoteScope, you can get a
free 30-day, 5-seat trial version, here:
The first step is to get a copy of the
file you want is called
Windows-KB841720-ENU-V4.exe. Save this
file to a convenient location on the
system where you have installed the
RemoteScope Console. Creating the
1. Open the RemoteScope Console
program and select Product Definition
Edit from the Distribution menu. This
will open the Product Edit window.
2. In the Product Edit window, choose
New Product Definition from the Product
menu. Enter a name for this product,
such as SasserRemoval, and click OK.
3. For Installation Type, choose
?Other?. Ignore the Kit Path box.
4. Click the button for Add Files,
and then navigate to the file you just
downloaded. Highlight it and click Add,
then click Close. Check that the file
was added to the Installation Files List
box. Creating the Mode
5. Pull down the Product menu again
and select New Distribution Mode. This
will change the Product Edit window to
its Mode format. Enter a name for the
Mode, such as SasserXp, and click OK.
6. Click the button to ?Transfer
files listed in Installation File
7. On the command line, type
This looks like a lot but it actually
just contains the name of the file to
execute, and three switches. The
switches say this will be a ?silent?
install that runs in the background; it
does not need user intervention, and
does not require restarting the system.
8. Select Save from the File menu and
then close the Product Edit window.
9. Back in the main Console window,
go to the Distribution menu again and
select Distribute to open the Software
10. On the left side of the window,
check the box next to each Client system
that should receive the patch.
11. On the right side, select the
correct Product and Mode from their
respective pull-down lists. If this is
your first distribution, they will be
the only ones on the list.
12. Click on Distribute to deploy the
patch immediately. If you would prefer
to deploy it later or unattended on a
schedule, click Save as a Task and give
the task a name. It will then be
available from the Task list in the main
General Guidelines Some patches, like
this one, are only for one operating
system and can only be deployed to
systems with that OS. If necessary, set
up separate distribution tasks for each
OS using the same procedure given above.
Other software can be deployed to all
Clients in one distribution. Some
patches and applications will download
as a zip file containing multiple
installation files, and must be
extracted before being added to the
Installation File List in Step 4. And if
one of the extracted files has an
extension of .MSI, then you will also
need to add the MSIEXEC.EXE file.
At least one copy of this can usually
be found on the C: drive. To find out
what switches are available for a
particular patch or application, go to
the Command prompt and run the
software?s .EXE file with the /? switch.
In our example above, it would look like
this: Windows-KB841720-ENU-V4.exe /?
Although we have broken the deployment
process into 12 steps, you will find
after you?ve tried it a time or two that
the whole setup only takes a couple of
It?s definitely faster than running
around to each system to install a patch
and that?s a really good thing, because
the Sasser worm is just the tip of the