http://www.ComputerBob.com/guests/how_to_create_service_pack.php .
.
.
by R.D. Stafford
October 11, 2005
Last Updated October 29, 2005
While this may be more work that an individual may want to do just for themselves, if you service many systems, it can very handy to have your own "Service Pack" that includes the newer updates since the last time Microsoft released a Service Pack. This procedure will even work with earlier versions of Windows, helping a tech or other IT personal to keep their systems up-to-date.
The best place to start is by visiting the Windows Update Catalog at
http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
and downloading the updates for the version of Windows you are wanting to create a Service Pack for. Have it search for and then download the updates. Once you have your list of updates downloaded, then you need to sort them by date of release so that you don't install an update that requires an earlier update to already be installed. You may find that the Microsoft Security Bulletin Summaries and Webcasts website at
http://www.microsoft.com/technet/security/bulletin/summary.mspx
useful for this part of the project since it lists the updates released by date.
Next, you should rename any updates that don't correspond the the 8.3 naming convention so you can create a batch file to perform the update with. Most of the updates will include the Knowledgebase article ID in them -- I use this number for the names that I choose. For instance, an update named
WindowsXP-KB887797-x86-enu.exe
would then be renamed
887797.exe.
Use your own best judgment in the naming of these, but try to keep them descriptive or reference the KB article that they address.
Next, you need to find out the command-line arguments (switches) so you may install the updates without having to restart the computer after running each update. In earlier versions of Windows this may not be possible, but in Windows XP I've been able to avoid a reboot until after I've applied all available updates (at least up to this point). To find out what switches an update allows simply follow the filename with a "/?" (no quotes) while you are in a Command Prompt window and it should tell you what it accepts, an example would be to issue the command
887787 /?.
The following is a list of updates for Windows XP (Pro and Home) English edition that have been released since the Service Pack 2 update (SP2). If you don't have SP2 installed yet, install it prior to these. You will find that I listed the article name in bold, any notes in italic, followed by the URL for the KB article or a related page, as well as the commands each update would accept that installs the update quietly and without requesting a reboot. In this list, there are 3 updates that don't support the "quiet" switches even though they claim to -- these are the MS Java VM, its update, and the .NET update. When they ask for accepting the license, just do, and when they ask to reboot, select "NO" instead.
Description of the critical update for Office XP on Windows XP Service Pack 2
http://support.microsoft.com/?id=885884
885884.exe -q /Z -ER
You receive a "Stop: c0000135" and "winsrv was not found" error message after you install Windows XP Service Pack 2
http://support.microsoft.com/?id=885523
885523.exe /quiet /norestart
Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2
http://support.microsoft.com/?id=886185
886185.exe -q /Z -ER
MS04-044: Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
http://support.microsoft.com/?id=885835
885835.exe /quiet /norestart
MS04-043: Vulnerability in HyperTerminal could allow code execution
http://support.microsoft.com/?id=873339
873339.exe /quiet /norestart
Your computer stops responding when you restart to complete the installation of Windows XP Service Pack 2 or Windows XP Tablet PC Edition 2005
http://support.microsoft.com/?id=885626
885626.exe /quiet /norestart
MS04-041: A vulnerability in WordPad could allow code execution
http://support.microsoft.com/?id=885836
885836.exe /quiet /norestart
You receive the Stop error "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" in Windows XP Service Pack 2 or Windows Server 2003
http://support.microsoft.com/?id=887742
887742.exe /quiet /norestart
MS05-001: Vulnerability in HTML Help could allow code execution
http://support.microsoft.com/?id=890175
890175.exe -q /Z -ER
MS05-007: Vulnerability in Windows could allow information disclosure
http://support.microsoft.com/?id=888302
888302.exe -q /Z -ER
MS05-008: Vulnerability in Windows shell could allow remote code execution
http://support.microsoft.com/?id=890047
890047.exe -q /Z -ER
Microsoft has released a security update to Microsoft Windows Messenger
http://support.microsoft.com/?id=887472
887472.exe -q /Z -ER
MS05-011: Vulnerability in server message block could allow remote code execution
http://support.microsoft.com/?id=885250
885250.exe -q /Z -ER
MS05-012: Vulnerability in OLE and COM could allow remote code execution
http://support.microsoft.com/?id=873333
873333.exe -q /Z -ER
MS05-013: Vulnerability in the DHTML editing component ActiveX control could allow code execution
http://support.microsoft.com/?id=891781
891781.exe -q /Z -ER
MS05-014: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=867282
867282.exe -q /Z -ER
MS05-015: Vulnerability in hyperlink object library could allow remote code execution in Windows Server 2003
http://support.microsoft.com/?id=888113
888113.exe -q /Z -ER
MS05-016: Vulnerability in Windows Shell that could allow remote code execution
http://support.microsoft.com/?id=893086
893086.exe -q /Z -ER
MS05-018: Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service
http://support.microsoft.com/?id=890859
890859.exe -q /Z -ER
MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service
http://support.microsoft.com/?id=893066
893066.exe -q /Z -ER
MS05-020: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=890923
890923.exe -q /Z -ER
Windows Installer 3.1 (v2) is available
http://support.microsoft.com/?id=893803
893803.exe /quiet /norestart
You cannot transfer files and settings from a computer that is running a 32-bit edition of Windows XP to a computer that is running Windows XP Professional x64 Edition
NOTE: This update is not backwards compatible with earlier Files and Transfer Wizards. If you apply this to a system, the receiving system must be updated also. If a system is updated with this, it also won't accept the older backups created with the earlier version.
http://support.microsoft.com/?id=896344
896344.exe -q /Z -ER
Description of the cumulative update for Outlook Express (KB887797)
http://support.microsoft.com/?id=887797
887797.exe /quiet /norestart
MS05-025: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=883939
883939.exe -q /Z -ER
MS05-026: A vulnerability in HTML Help could allow remote code execution
http://support.microsoft.com/?id=896358
896358.exe -q /Z -ER
MS05-027: Vulnerability in Server Message Block could allow remote code execution
http://support.microsoft.com/?id=896422
896422.exe -q /Z -ER
MS05-031: Vulnerability in step-by-step interactive training could allow remote code execution
http://support.microsoft.com/?id=898458
898458.exe -q /z -er
MS05-032: Vulnerability in Microsoft agent could allow spoofing
http://support.microsoft.com/?id=890046
890046.EXE -q /z ER
MS05-033: Vulnerability in Telnet client could allow information disclosure
http://support.microsoft.com/?id=896428
896428.exe -q -z ER
MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution
http://support.microsoft.com/?id=901214
901214.exe -q /Z -ER
MS05-037: Vulnerability in JView Profiler could allow remote code execution
http://support.microsoft.com/?id=903235
903235.exe -q /Z -ER
An update that addresses Outlook Express 6.0 issues is available for Windows XP
http://support.microsoft.com/?id=900930
900930.exe /quiet /norestart
MS05-040: Vulnerability in Telephony service could allow remote code execution
http://support.microsoft.com/?id=893756
893756.exe /quiet /norestart
FIX: DBCS attachment file names are not displayed in Rich Text e-mail messages and you may receive a "Generic Host Process" error message after you install security update MS05-012
http://support.microsoft.com/?id=894391
894391.exe /quiet /norestart
MS05-043: Vulnerability in Print Spooler service could allow remote code execution
http://support.microsoft.com/?id=896423
896423.exe /quiet /norestart
MS05-038: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=896727
896727.exe /quiet /norestart
Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4
http://support.microsoft.com/?id=898461
898461.exe /quiet /norestart
MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing
http://support.microsoft.com/?id=899587
899587.exe /quiet /norestart
MS05-039: Vulnerability in Plug and Play could allow remote code execution and elevation of privilege
http://support.microsoft.com/?id=899588
899588.exe /quiet /norestart
MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service
http://support.microsoft.com/?id=899591
899591.exe /quiet /norestart
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
NOTE: This is updated Monthly.
http://support.microsoft.com/?id=890830
890830.exe /Q /Z -ER
Update for HighMAT support in the Windows XP CD Writing Wizard
http://support.microsoft.com/default.aspx?scid=kb;en-us;831240
HMTCD.exe /quiet /norestart
Microsoft Java Virtual Machine Support
NOTE: This is the MS Java VM no longer available for download.
http://www.microsoft.com/mscorp/java/
MSJAVX86.exe /q
How to install Microsoft Virtual Machine updates silently without restarting your computer (MS Java VM Update)
http://support.microsoft.com/default.aspx?scid=kb;en-us;304930
msjavwu.exe /q
http://msdn.microsoft.com/directx/sdk/default.aspx
NOTE: This is regularly updated so this link will let you check for the newest release.
http://msdn.microsoft.com/directx/sdk/default.aspx
MDXSetup.exe /quiet /norestart
Windows Media Player 10
http://www.microsoft.com/windows/windowsmedia/player/download/download.aspx
MP10Setup.exe /q
How to obtain Microsoft .NET Framework 1.1 Service Pack 1
http://support.microsoft.com/kb/885055/
dotnetfx.exe /q
Windows Media Connect
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fd1b34-48ba-424b-9227-7c10e2e9fff1&displaylang=en
wmcsetup.exe /q
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1)
http://support.microsoft.com/?id=867460
867460.exe /Q
ASP.NET path validation vulnerability in Microsoft .NET Framework 1.1 Service Pack 1
http://support.microsoft.com/?id=886903
886903.exe /Q
MS05-052: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=896688
896688.exe /quiet /norestart
MS05-051: Vulnerabilities in MS DTC and COM+ could allow remote code execution
http://support.microsoft.com/?id=902400
902400.exe /quiet /norestart
MS05-046: Vulnerability in the Client Service for NetWare could allow remote code execution
http://support.microsoft.com/?id=899589
899589.exe /quiet /norestart
MS05-049: Vulnerabilities in the Windows shell could allow for remote code execution
http://support.microsoft.com/?id=900725
900725.exe /quiet /norestart
Vulnerability in the Microsoft Collaboration Data Objects could allow code execution (Windows)
http://support.microsoft.com/?id=901017
901017.exe /quiet /norestart
MS05-047: Vulnerability in Plug and Play could allow remote code execution and local elevation of privilege
http://support.microsoft.com/?id=905749
905749.exe /quiet /norestart
MS05-045: Vulnerability in Network Connection Manager could allow denial of service
http://support.microsoft.com/?id=905414
905414.exe /quiet /norestart
MS05-050: Vulnerability in DirectShow could allow remote code execution
http://support.microsoft.com/?id=904706
904706.exe /quiet /norestart
Update for WMDRM-enabled Media Players (KB891122)
Update for Windows Media Digital Rights Management-enabled players
http://support.microsoft.com/?id=891122
891122.exe /quiet /norestart
Now you simply create a batch file to be place in the same directory as the updates. I simply named mine
UPDATE.BAT
Here is what my batch file contains:
885884.exe -q /Z -ER 885523.exe /quiet /norestart 886185.exe -q /Z -ER 885835.exe /quiet /norestart 873339.exe /quiet /norestart 885626.exe /quiet /norestart 885836.exe /quiet /norestart 887742.exe /quiet /norestart 890175.exe -q /Z -ER 888302.exe -q /Z -ER 890047.exe -q /Z -ER 887472.exe -q /Z -ER 885250.exe -q /Z -ER 873333.exe -q /Z -ER 891781.exe -q /Z -ER 867282.exe -q /Z -ER 888113.exe -q /Z -ER 893086.exe -q /Z -ER 890859.exe -q /Z -ER 893066.exe -q /Z -ER 890923.exe -q /Z -ER 893803.exe /quiet /norestart 896344.exe -q /Z -ER 887797.exe /quiet /norestart 883939.exe -q /Z -ER 896358.exe -q /Z -ER 896422.exe -q /Z -ER 898458.exe -q /z ER 890046.EXE -q /z ER 896428.exe -q -z ER 901214.exe -q /Z -ER 903235.exe -q /Z -ER 900930.exe /quiet /norestart 893756.exe /quiet /norestart 894391.exe /quiet /norestart 896423.exe /quiet /norestart 896727.exe /quiet /norestart 898461.exe /quiet /norestart 899587.exe /quiet /norestart 899588.exe /quiet /norestart 899591.exe /quiet /norestart 890830.exe /Q /Z -ER HMTCD.exe /quiet /norestart MSJAVX86.exe /q msjavwu.exe /q MDXSetup.exe /quiet /norestart MP10Setup.exe /q dotnetfx.exe /q wmcsetup.exe /q 867460.exe /Q 886903.exe /Q 896688.exe /quiet /norestart 902400.exe /quiet /norestart 899589.exe /quiet /norestart 900725.exe /quiet /norestart 901017.exe /quiet /norestart 905749.exe /quiet /norestart 905414.exe /quiet /norestart 904706.exe /quiet /norestart 891122.exe /quiet /norestart
Those are the High Priority and Optional updates as of Oct. 11, 2005.
Hope you find that useful.
PS: I've just been informed on the UBCD4WIN forum at
http://www.ubcd4win.com/forum/index.php?showtopic=3053
that soon Raptor (the author of AutoPatcher and AutoStreamer) will be releasing v2 of AutoStreamer that will allow similar capabilities. Its currently in beta testing and hasn't been released.
Since I'm not privy to all of the details of the soon to come AutoStreamer, I'm assuming that what it does is integrate the update files into an ISO image so you can burn a "New" copy of your Windows CD, at least this is what the current version does for the Service Pack 2 update for WinXP. If that is correct (and I am just guessing right now), then it will only be helpful when performing new installs or repair installs on a system, the method described above can work with any version of Windows and doesn't require it to be a new install or reinstall.
The disadvantage to the method I've described is the time it takes to initially gather the updates and determining the order they need installed in. Obviously it would only be helpful if you install or update many systems at a time. On the upside, once you've created the initial setup of updates, it's easy to keep up-to-date, as Microsoft releases updates just add them to the list and edit the batch file.
NOTE: This is a Guest Article on the ComputerBob.com Web site. Guest Articles contain reviews, opinions, tips, and other material written by guest authors. Articles may be submitted for possible publication to the email address listed on the Contact page (a Contact link appears at the bottom of every article). ComputerBob edits all submitted articles before publishing them. By submitting an article to ComputerBob, the submitter implicitly grants ComputerBob the right to edit it and to publish it as a Guest Article on the ComputerBob.com web site. Guest Articles reflect the views of their authors only. ComputerBob is not responsible for the accuracy or reliability of Guest Articles.