One of the biggest issues is that information about patches keeps changing. There are some "knowns" at this point, so administrators can get their patching started, according to Eric Schultze, chief security architect at Shavlik Technologies, a software security company in Roseville, Minn.
For users on XP, XP SP2 and higher and Windows Server 2003 and Exchange Server 2003, there is a patch ready that can be installed with no reboot.
There is also a patch for Exchange Server 2003 Service Pack 1 and 2 that you can install, but it requires a reboot, Schultze said. The Exchange patch is on its second version.
The new version now manages public folders. It will look at events in the delta period and will move them, but first IT administrators must change the permissions on the Exchange store, run the tool and then change the permissions back, said Susan Bradley, a Microsoft MVP and IT expert at Tamiyasu, Smith, Horn and Braun Accountancy Corp. in Fresno, Calif.
For IT shops on older versions of Windows -- such as Windows 2000 Server Service Pack 4 -- there is a collection of patches available, but the cost is $4,000. For that same price, users also get a patch for Exchange 2000 Server. Microsoft had originally priced this patch collection at $40,000 but dropped the price in January.
Some companies, like Shavlik Technologies and BigFix Inc. in Emeryville, Calif., have built DST patches for their customers who are running some of the older operating systems, such as Windows 2000 Server and NT 4.0. Customers of those companies can obtain the patches for free.
Exchange 2000 Server is another story. For that, customers have to use the Microsoft patch.
Microsoft also has the TZ Update tool that can run on Exchange Server to fix any appointments that were made prior to the installation of the patch – in that time period leading up to daylight-saving time.
More patches to come
There is no patch available yet for Microsoft's Dynamics Customer Relationship Management 3.0 software. That patch is expected to be out before the end of February.
"It will only get worse between now and March 11, then it will quiet down until the end of October when DST switches back," Schultze said. "Plus, any new machine you set up this summer will have to be patched for the October time frame."
Adam Travis, the network and information security manager at Emerson College in Boston, investigated and identified the areas at the university that will touch the most people. Those are Microsoft's Outlook, Exchange and its calendars, he said.
"At least at a place like Emerson, we didn't want to run the tools that affect everyone's appointments," Travis said. "People will be upgrading PCs at different times. Because of the nature of this problem, people have possibly upgraded their PCs and corrected appointments. If we ran tools, we could change them again."
An even larger concern for Travis is getting the word out about the DST change to the community. The university has been sending out email, it set up an intranet page, and there has been a lot of education for the help desk staff. "We can push out patches, and we are," he said. "But we have to get each person to look at their calendars and verify [everything]."
The law to change daylight-saving time in 2007 was passed a few years ago, but IT shops really started to talk about the changes in early 2006, Shavlik's Schultze said. Microsoft could have put the patch into service packs or updates more than a year ago and all of the fixes occurring today might not have been necessary.
The worldwide DST decision
But another issue has been that other countries have been fighting about whether or not to adopt the time-zone changes. Decisions were still being made up until several weeks ago, and Microsoft has had to develop patches that account for other countries.
Microsoft said it had to wait until DST had passed into Eastern Standard Time last fall to start rolling out patches. The additional time change would have caused more confusion than there already is, the company said.
Schultze likens the DST patching experience to Y2K mania, when IT shops around the world had to patch systems that did not have four digits at the turn of the new century. In this case, he said, every vendor has to patch, regardless.
David Driggers, IT asset manager and deployment desktop systems team leader at the Alabama Gas Corp., Birmingham, Ala., said he doesn't think of the DST bug as being like Y2K, but it is challenging because it is a moving target.
"You just have to keep reading, keep checking the links," Driggers said. "Everyone has been good about sharing information. We've had enough webcasts, but not all the tools are out."