How do I install multiple hotfixes at the same time?

A. A. When you extract the files in a hotfix, generally the following will be extracted

  • hotfix.exe
  • hotfix.inf
  • a number of executables/drivers/sys files etc (usually one file)

The hotfix.exe is the same executable for all the hotfixes, and the hotfix.inf is basically the same, the only difference is the files that are to be copied, e.g. tcpip.sys, and a description of the hotfix. To install multiple hotfixes at the same time all that is needed is to decompress the hotfix files and update the hotfix.inf with the information on which files to copy.

  1. Create a directory on a disk called hotfix
    md hotfix
  2. From the command line decompress the hotfixes you wish to install, note each time you decompress a hotfix a new hotfix.inf will overwrite the existing one so you may wish to backup the .inf files
    - <hotfix name> /x, e.g. javafixi /x
    - you will be asked where to extract the hot fix files to, enter the hotfix directory and click OK, e.g. d:\hotfix
    - copy the hotfix.inf file to the name of the hotfix, e.g.
    copy hotfix.inf javafix.inf
  3. You will now have a number of files in the hotfix directory, with hotfix.exe, hotfix.inf and all the versions of the .inf files you copied. You now need to merge the contents of the .inf files into one main hotfix.inf file.
    If the hotfix you extracted had file tcpip.sys (ignore the .dbg files) you need to update the hotfix.inf file to include the copying of this file. Since TCPIP.SYS lives in the system32/drivers directory, you would add the line TCPIP.SYS to the \[Drivers.files\] section of the hotfix.inf file, e.g.
    \[Drivers.files\]
    TCPIP.SYS

    You also need to add TCPIP.SYS to the \[SourceDisksFiles\] section, e.g.
    \[SourceDisksFiles\]
    TCPIP.SYS=1
  4. Finally you need to add a comment at the end of the hotfix.inf file with a description of the hotfix in the \[strings\] section with the Q number and a comment, e.g.
    \[Strings\]
    ..
    HOTFIX_NUMBER="Q143478"
    COMMENT="This fix corrects the port 139 OOB attack"

    For multiple comments and numbers use HOTFIX_NUMBER2, COMMENT2 etc.

The reason we copied the .inf files is that you can just cut and paste the hotfix specific information to the common hotfix.inf. When you decompressed a hotfix you will see which files were created, you could then search the .inf file for the file name and it would be in two places, the directory it belongs in and the \[SourceDisksFiles\] section. You could then go to the bottom of the file and cut and paste the HOTFIX_NUMBER and COMMENT and add to the end of HOTFIX.INF.

This is very hard to explain and an example is probably the best way to demonstrate this. Suppose you want to install

  • The java hotfix - javafixi.exe
  • The OOB data hotfix - oobfix_i.exe
  • The GetAdmin hotfix - admnfixi.exe

The procedure would be as follows

  1. Decompress the hotfixes to the hotfix directory and after each extraction backup the hotfix.inf file in the order admnfixi.exe - javafixi.exe - oobfix_i.exe
  2. Admnfixi.exe consists of ntkrnlmp.exe and ntoskrnl.exe, search admnfixi.inf (the copy we made) for the files and they appear as follows
    \[Uniprocessor.Kernel.files\]
    NTOSKRNL.EXE

    \[Multiprocessor.Kernel.files\]
    NTOSKRNL.EXE, NTKRNLMP.EXE

    \[SourceDisksFiles\]
    NTKRNLMP.EXE=1
    NTOSKRNL.EXE=1

    \[Strings\]
    HOTFIX_NUMBER="Q146965"
    COMMENT="This fix corrects GETADMIN problem"
  3. javafixi.exe consists of win32k.sys so search javafixi.inf for win32k.sys
    \[MustReplace.System32.files\]
    WIN32K.SYS

    \[SourceDisksFiles\]
    WIN32K.SYS=1

    \[Strings\]
    HOTFIX_NUMBER="Q123456"
    COMMENT="This fix corrects the problem with True Color adapter cards and Java"
  4. The current version of hotfix.inf already contains the information for the oobfix as it was the last installed, so the information for the above 2 must be added resulting in the changes being

    \[MustReplace.System32.files\]
    WIN32K.SYS

    \[Drivers.files\]
    TCPIP.SYS

    \[Uniprocessor.Kernel.files\]
    NTOSKRNL.EXE

    \[Multiprocessor.Kernel.files\]
    NTOSKRNL.EXE, NTKRNLMP.EXE

    \[SourceDisksFiles\]
    NTKRNLMP.EXE=1
    NTOSKRNL.EXE=1
    TCPIP.SYS=1
    WIN32K.SYS=1


    \[Strings\]
    ;; this part needs modifying, only one HOTFIX_NUMBER can be passed so created your own internal reference,
    ;; e.g. Q99999 and also the comments need a unique number at the end, e.g. comment1, comment2 otherwise
    ;; only the first comment will be entered

    HOTFIX_NUMBER="Q999999"
    COMMENT1="This fix corrects the port 139 OOB attack"
    COMMENT2="This fix corrects GETADMIN problem"
    COMMENT3="This fix corrects the problem with True Color adapter cards and Java"

To install just type

hotfix

from the directory created (i.e. hotfix), you will see a dialog copying the files (the ones you have specified in the hotfix.inf file :-) ), and the system will reboot. To see what hotfixes are installed:

  1. Start the Registry Editor (Regedit.exe)
  2. Look at the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix values

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish