Share via


QFE vs GDR/LDR hotfixes

 

I sometimes get the following question from customers:

I’ve located KB ABC which is an exact match for our problem, but the build number of the files in it are from an older version than hotfix XYZ which we already have installed on our systems. Why isn’t my problem resolved by hotfix XYZ if it contains a more recent version of the system files than ABC?

Hotfixes are released in two different flavors (usually referred to as branches within Microsoft development):

GDR (General Distribution)
- a binary marked as GDR contains only security related changes that have been made to the binary, including changes that are relevant to this build of the file and from any earlier security hotfix that updates the same binary.

QFE (Quick Fix Engineering) – LDR (Limited Distribution Release)
- a binary marked as QFE/LDR contains both security related changes that have been made to the binary as well as any functionality changes that have been made to it, including changes that are relevant to this build of the file and from any earlier security fix or bug fix that updates the same binary.

In general, when you update a server from Windows Update the operating system will prefer to download only security related (GDR) hotfixes.

If you have however manually installed a non-security hotfix that updates a file on your system, that file will from now on be updated from the QFE/LDR tree.

Questions:

Q: What changes does a specific file on my system have, for example lsasrv.dll?
A:
If you have the GDR version of a file it only contains security hotfixes that have been made since the last RTM or service pack was released. IF you have the QFE/LDR version it contains both security and functionality fixes.

Q: How do I see if I have the GDR or QFE/LDR version of a file?
A:
For W2k3/XP you can run msinfo32 and scroll down to Software Environment/Loaded Modules and look at the file. The version column should have a reference to whether it is RTM/QFE/GDR.

For Vista/W2k8 you’ll need to look at the build version of the file.
- GDR’s on Vista will have build numbers beginning with 6.0.6000.16 (RTM) or 6.0.6001.18 (SP1) or 6.0.6002.18 (SP2)
- LDR’s on Vista will have build numbers beginning with 6.0.6000 .20 (RTM) or 6.0.6001.22 (SP1) or 6.0.6002.22 (SP2)

Q: Can I get back on the GDR branch for a file?
A: Only if you uninstall any and all QFE packages that have updated the file or install the latest service pack for the system.

Q: Should I prefer to be on the GDR or QFE/LDR branch?
A: GDR are must-have security fixes that are issued to address specific security concerns. QFE/LDR’s are functionality fixes that address specific problems. If you don’t have a specific problem you’re troubleshooting, remaining on the GDR branch should be sufficient.

 

Links:

Branching out
http://blogs.technet.com/mrsnrub/archive/2009/05/18/branching-out.aspx

 

What is the difference between general distribution and limited distribution releases?
http://blogs.msdn.com/windowsvistanow/archive/2008/03/11/what-is-the-difference-between-general-distribution-and-limited-distribution-releases.aspx

 

Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages
http://support.microsoft.com/kb/824994

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    February 01, 2010
    Very useful, but how to change the branch on Windows 7  update tools?

  • Anonymous
    February 13, 2010
    The comment has been removed

  • Anonymous
    April 01, 2011
    The comment has been removed

  • Anonymous
    April 07, 2014
    Une nouvelle mise à jour depuis Mars 2013 est maintenant disponible pour adresser des problèmes

  • Anonymous
    April 07, 2014
    Une nouvelle mise à jour depuis Mars 2013 est maintenant disponible pour adresser des problèmes