New Versions of Microsoft's Free Hotfix Management Utility On Tap

Microsoft Corp. is expected to make available for download Thursday an enhanced version 3.3 release of its popular HFNetChk hotfix management tool.

At the same time, the software giant disclosed plans to introduce a substantially revamped version 4.0 release of HFNetChk, which will include new support for Internet Acceleration Server (ISA), Exchange and Office, among other platforms, sometime later this year.

According to Eric Schultze, a senior technologist with Microsoft’s trustworthy computing initiative, the software giant has sought to enhance both the reach and the capabilities of HFNetChk since it was first introduced in August.

"We started with the key things that were most valuable, which were the operating system and the Web server," he says. "But we’d like to move into the things that were the next most requested. We’ve had a lot of requests for Exchange, a handful for ISA server, and a lot of requests for Office."

Although HFNetChk 3.3 boasts a number of new features, support for Exchange, ISA and Office aren’t among them. Rather, Schultze explains, HFNetChk 3.3 chiefly consolidates a number of bug fixes, introduces several usability enhancements, and provides support for the unreleased Windows .NET Server and for IIS 6.0.

New in HFNetChk 3.0 is a command line switch that lets an administrator specify a username and password for the purposes of authentication. "Currently, you have to already be authenticated to the remote machine, so if you’re scanning something in a different domain, it does the complete challenge/response so the passwords aren’t going in clear-text," Schultze says.

HFNetChk 3.3 also provides a new facility for saving the results of a scan directly to an output file. In addition, the newest version of HFNetChk lets administrators disable the "Server" service on their Windows NT 4.0 and Windows 2000 systems, a recommended practice in Microsoft’s IIS hardening guide. HFNetChk previously required that the "Server" service be enabled in order to run correctly, but – as Schultze points out – HFNetChk 3.3 will now function properly when executed locally on an IIS machine on which this service has been disabled.

Another new feature in HFNetChk 3.3 is the ability to specify the name of a master file that contains a list of all the machines slated to be scanned. Previous versions of HFNetChk required that an administrator manually specify the names of the machines to be scanned. "Instead of individually spelling out all of the machines you want to scan, you can specify up to 255," Schultze concludes.

For Windows NT 4.0 users, HFNetChk 3.3 now supports IP address scans. Previous versions of HFNetChk supported NetBIOS computer name-only scans on NT 4.0.

According to Schultze, HFNetChk 4.0 will be a "radically different" version of the tool, boasting –- in addition to broader application support –- multilingual support, beefed up security and an enhanced reporting facility.

One security enhancement will be to end the practice of checking only the digital signature of a file.

"For [HFNetChk] 4, we want to actually check details of all of the files for every language. That radically changes what we do, because the XML file becomes much larger. I also want to check the MD5 hash of the file and the SHA-1 hash of the file, because those are more cryptographically secure checks, so [HFNetChk] 4 ... will do more cryptographically secure file checks, and it will do them for every language," Schultze says.

HFNetChk 4.0’s reporting facility will also support Microsoft’s security bulletin rating system, as well, Schultze anticipates.

Also, Microsoft expects to unveil a public newsgroup to offer support for HFNetChk sometime within the next few weeks.

Microsoft's Knowledge Base page for the HFNetChk tool is located here, but still contained a link to version 3.2 of the tool on Thursday morning.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.