Getting patches that are only on Windows UPdate:

(this is a post I stole from the bugtraq mailing list, needed some place to save a copy)

Having the patch only be available on Windows Update is highly annoying
but can be easily dealt with.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248439

To summarize, that article notes that making the following setting:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\SteppingMode
REG_SZ=Y

will force Windows Update to run in a debug mode of sorts. So, when you
select a patch to download events will be fired which cause modal dialogs to
appear. You can slowly click past each one to see what is happening.

In doing so, you will note two very useful facts:

2) The location of the temporary directory where the patch is downloaded
to and executed.

Point 2) is useful since it allows one to grab the patch binary even when
Microsoft fails to place the patch in a place other than Windows Update.
(Explain to me again why they just can't place them in an anonymous ftp
directory? Argh.)

You can make the registry entry above and then fire up Windows Update. Upon
selecting a patch and clicking through the resulting debug dialogs you'll
first see the usual download progress dialog. The first debug dialog you'll
see will be:

Title=Stepping Mode Message

Text=Install Engine - Starting install phase

The dialog of interest will be something like:

Title=Stepping Mode Message

Text=CheckTrust: %SystemRoot%\msdownld.tmp\foobar.tmp\foo.exe

where "foobar" is some random name that varies per download. When this
dialog appears you go into that temporary directory and "harvest" the
desired foo.exe that is the patch.

Incidentally, it appears that some patches set the value back to "n" so
check and make sure the value is "y" before you launch Windows Update.

Gurdon E. Merchant, Jr.
Merrill Lynch ITG
http://www.mlitg.com/
email address withheld due to spammers who search websites