Over the weekend there were a number of stories about some challenges with a critical patch. I posted a blog “SharePoint Vulnerability and Hotfix Recommendations” suggesting that you may want to wait until more detail was available. Now we have the feedback and detail.
The SharePoint Team has responded with a blog titled “Installing KB938444” tracking a small number of customers who have the issue after installing the patch via windows update. The small business server folks also have a post about Central Admin not being accessible after installing KB938444. They also have some suggestions for troubleshooting the patching as it relates to SharePoint patches in general which I recommend reading.
Given this information, my recommendation is to proceed with caution. The caution part is extra emphasis around testing, and around making sure you are aware of the time window this patch may be for your environment. There are now a lot of troubleshooting steps… make sure you read them all, no one should have to rebuild their SharePoint boxes.
I also pinged some PFEs, MCM/MOSS RAP, and key support folks on twitter who had some recommendations passed on from twitter:
@Nellymo: @joeloleson only 1 rec. nevr enable autoupdate on any server unless U have tested the patch. 1click install is autoupdated by default bwary
So, Neil Hodgkinson is suggesting that you don’t use automatic updates unless you’ve first tested the patches, which in my book is don’t do it automatic. I have been telling people all week that it's a best practice to NOT do automatic updates. He’s also saying basic installs are by default set to automatic updates, so beware.
@toddca: @joeloleson Ensure u run psconfig as a properly ACL'd User in SP & SQL, also 4 Internet facing SP u may want 2 remove SP version header ;-)
Todd Carter recommends you make sure you are running the psconfig with the proper rights. This is a good case for using your initial setup account that you used to setup the farm which has the necessary rights on both your SharePoint and SQL boxes. For security reasons you may want to remove your SharePoint header… Why? Cause they can tell if you’ve patched or not!