I got a question from a customer this week who could not get an ASP.NET hotfix installed by launching it from Windows Update (due to an error like some folks have seen with other .NET Framework service packs that I described here). As a result, he was trying to download the package directly, extract it and install manually, but he was having trouble trying to locate the underlying package and download it. So I decided to try to do this myself to see how the process really works for an IT admin in the field, and I'm surprised by how complicated this process is. Here are the specific steps I had to follow to locate and download this ASP.NET hotfix:
- I retrieved the KB article number from the Windows Update site
- I went to the Microsoft support site and found a link here that announces the security bulletin
- From there I followed the link for IT professionals since those links typically contain direct links to download packages to stage for installation in corporate networks or other scenarios where Windows Update is not an ideal option
- From there I followed the link to the Microsoft download center and used the suggestion to search for the keyword security_patch and filtered based on the .NET product family. This gave me this results page
- From there I could choose what version(s) of the .NET Framework I wanted to patch and download the appropriate hotfix. For example, this link leads to the hotfix that applies to .NET Framework 1.1 with SP1
- Now that I have downloaded the hotfix package, I can go back to the link for IT professionals and drill down to the details of the version of the hotfix I downloaded to figure out what command line switches to use to extract the contents of the package
It really seems like there should be an easier way to locate, download and extract a hotfix package from Microsoft. If there is a simpler way that I have missed, please post a comment and let me know.
As a side note, this and any other .NET Framework or ASP.NET hotfixes are packaged using the same self-extracting wrapper as the .NET Framework 1.0 SP3 and 1.1 SP1, and therefore are all susceptible to the same set of issues as those service packs. There is one big issue (that I consider to be a flaw) in the design for the packaging of the .NET Framework service packs and hotfixes. The self-extracting wrapper EXE is written in managed code, so that means that if the .NET Framework is broken in any way and needs to be repaired, then the patch package will not even extract and launch correctly, and it cannot even give a useful error message.