Fixing Corrupt Patches

Use the Corrupt Fixlet Wizard to fix multiple corrupt Fixlets and to create Fixlet copies or baselines without rebooting.

Corrupt patches are one of two major classifications of Fixlet messages for Microsoft. To learn more about the main classes of Fixlets for Windows patches, see Overview.

You get a Fixlet message when any of the files have an earlier file version than the version installed by the patch. The Fixlet message notifies you that the patch has been installed, but that not all the files are up-to-date, so you might not be secured against the vulnerability. You can then re-apply the patch using the Fixlet.

This two-step approach works gives you more information about why a patch is needed. This is better than an approach where you are simply informed that you have not installed the patch. For example, when you apply a patch to a group of computers, then later notice that BigFix displays that some computers have "corrupted patches", you will know that something has overwritten some of the files. This usually occurs if you install another application or an earlier service pack that overwrites the newer files.

Note: The BigFix Client continuously checks both the registry and file versions using extremely few computer resources, giving you get the benefit of continuous monitoring without having a large CPU, memory, hard disk, or bandwidth cost.

Corrupt patches can be difficult to correct in a baseline because of their requirement to reboot after application. If testing in your environment has established sequences of corrupt patches that can be safely applied without reboot, you can use the Corrupt Patch Deployment Wizard in the Patching Support site. Use this wizard to create Fixlet copies or baselines without rebooting.

If a machine has multiple corrupt Fixlets that are applicable, you can apply them all at the same time by using the Corrupt Fixlet Deployment Wizard.