Content Released in Patches for Windows (English) - October 2013 Security Bulletins - 2 of 2 Publishings

system · October 9, 2013, 4:38pm

(imported topic written by sylviabeing)

Content in the Patches for Windows (English) Fixlet Site has been released.

New Fixlet Messages:

Fixlet messages for Microsoft Security Bulletins:

  MS13-080 *


  MS13-081


  MS13-082 *


  MS13-083 *


  MS13-084


  MS13-085


  MS13-086


  MS13-087

This is publication 1 of 2. The noted bulletins have been included in the first publishing.

Modified Fixlet Messages:

Fully Superseded Fixlet Messages due to October 2013 Security Bulletins:

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows XP SP3 (Superseded) (ID: 1306901)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows XP SP3 - CORRUPT PATCH (Superseded) (ID: 1306902)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows XP SP2 (x64) (Superseded) (ID: 1306903)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows XP SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306904)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows Server 2003 SP2 (Superseded) (ID: 1306905)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows Server 2003 SP2 - CORRUPT PATCH (Superseded) (ID: 1306906)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows Server 2003 SP2 (x64) (Superseded) (ID: 1306907)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 6 - Windows Server 2003 SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306908)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows XP SP3 (Superseded) (ID: 1306909)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows XP SP3 - CORRUPT PATCH (Superseded) (ID: 1306910)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows XP SP2 (x64) (Superseded) (ID: 1306911)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows XP SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306912)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2003 SP2 (Superseded) (ID: 1306913)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2003 SP2 - CORRUPT PATCH (Superseded) (ID: 1306914)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2003 SP2 (x64) (Superseded) (ID: 1306915)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2003 SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306916)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Vista SP2 (Superseded) (ID: 1306917)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Vista SP2 (x64) (Superseded) (ID: 1306919)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2008 SP2 (Superseded) (ID: 1306921)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 7 - Windows Server 2008 SP2 (x64) (Superseded) (ID: 1306923)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows XP SP3 (Superseded) (ID: 1306925)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows XP SP3 - CORRUPT PATCH (Superseded) (ID: 1306926)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows XP SP2 (x64) (Superseded) (ID: 1306927)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows XP SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306928)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2003 SP2 (Superseded) (ID: 1306929)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2003 SP2 - CORRUPT PATCH (Superseded) (ID: 1306930)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2003 SP2 (x64) (Superseded) (ID: 1306931)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2003 SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1306932)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Vista SP2 (Superseded) (ID: 1306933)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Vista SP2 (x64) (Superseded) (ID: 1306935)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2008 SP2 (Superseded) (ID: 1306937)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2008 SP2 (x64) (Superseded) (ID: 1306939)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows 7 SP1 (Superseded) (ID: 1306941)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows 7 SP1 (x64) (Superseded) (ID: 1306943)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 8 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 1306945)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows Vista SP2 (Superseded) (ID: 1306947)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows Vista SP2 (x64) (Superseded) (ID: 1306949)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows Server 2008 SP2 (Superseded) (ID: 1306951)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows Server 2008 SP2 (x64) (Superseded) (ID: 1306953)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows 7 SP1 (Superseded) (ID: 1306955)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows 7 SP1 (x64) (Superseded) (ID: 1306957)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 9 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 1306959)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows 7 SP1 (Superseded) (ID: 1306961)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows 7 SP1 (x64) (Superseded) (ID: 1306963)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 1306965)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows 8 Gold (Superseded) (ID: 1306967)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows 8 Gold (x64) (Superseded) (ID: 1306969)

[Major] MS13-069: Cumulative Security Update for Internet Explorer - IE 10 - Windows Server 2012 Gold (x64) (Superseded) (ID: 1306971)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 2.0 SP2 - Windows XP SP2 / Windows Server 2003 SP2 (x64) (Superseded) (ID: 1304001)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4 - Windows XP SP2 / 2003 SP2 / Vista SP2 / 2008 SP2 / 7 SP1 / Server 2008 R2 (x64) (Superseded) (ID: 1304003)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 2.0 SP2 - Windows Vista SP2 / Windows Server 2008 SP2 (x64) (Superseded) (ID: 1304005)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4.5 - Windows Vista SP2 / Server 2008 SP2 / 7 SP1 / Server 2008 R2 SP1 (x64) (Superseded) (ID: 1304007)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 3.5.1 - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (Superseded) (ID: 1304009)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 3.5 - Windows 8 Gold / Windows Server 2012 Gold (x64) (Superseded) (ID: 1304011)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4.5 - Windows 8 Gold / Windows Server 2012 Gold (x64) (Superseded) (ID: 1304013)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 2.0 SP2 - Windows XP SP3 / Windows Server 2003 SP2 (Superseded) (ID: 1304015)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4 - Windows XP SP3 / 2003 SP2 / Vista SP2 / 2008 SP2 / 7 SP1 (Superseded) (ID: 1304017)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 2.0 SP2 - Windows Vista SP2 / Windows Server 2008 SP2 (Superseded) (ID: 1304019)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4.5 - Windows Vista SP2 / Windows Server 2008 SP2 / Windows 7 SP1 (Superseded) (ID: 1304021)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 3.5.1 - Windows 7 SP1 (Superseded) (ID: 1304023)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 3.5 - Windows 8 Gold (Superseded) (ID: 1304025)

[Major] MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing - .NET Framework 4.5 - Windows 8 Gold (Superseded) (ID: 1304027)

[Major] MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 3.5 SP1 - Windows XP / 2003 / Vista / 2008 (Superseded) (ID: 1110005)

[Major] MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 3.5 SP1 - Windows XP SP2 / 2003 SP2 / Vista SP2 / 2008 SP2 (x64) (Superseded) (ID: 1110011)

[Major] MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution - .NET Framework 4 - Windows XP SP3 / 2003 SP2 / Vista SP2 / 2008 SP2 (KB2832407) (Superseded) (ID: 1305213)

[Major] MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution - .NET Framework 4 - Windows XP SP2 / 2003 SP2 / Vista SP2 / 2008 SP2 (x64) (KB2832407) (Superseded) (ID: 1305225)

[Major] MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution - .NET Framework 4.5 - Windows Vista SP2 / 2008 SP2 (KB2835622) (Superseded) (ID: 1305241)

[Major] MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution - .NET Framework 4.5 - Windows Vista SP2 / 2008 SP2 (x64) (Superseded) (ID: 1305253)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows XP SP2 (x64) (Superseded) (ID: 1008103)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows XP SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1008104)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows Server 2003 SP2 (Superseded) (ID: 1008105)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows Server 2003 SP2 - CORRUPT PATCH (Superseded) (ID: 1008106)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows Server 2003 SP2 (x64) (Superseded) (ID: 1008107)

[Major] MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution - Windows Server 2003 SP2 (x64) - CORRUPT PATCH (Superseded) (ID: 1008108)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - SharePoint Foundation 2010 SP1/SP2 (wss) (x64) (Superseded) (ID: 1306707)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - SharePoint Server 2013 (wacserver) (x64) (Superseded) (ID: 1306717)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Excel Services - SharePoint Server 2007 SP3 (Superseded) (ID: 1306719)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Excel Services - SharePoint Server 2007 SP3 (x64) (Superseded) (ID: 1306721)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Excel Services - SharePoint Server 2010 SP1/SP2 (x64) (Superseded) (ID: 1306723)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Word Automation Services - SharePoint Server 2010 SP1/SP2 (x64) (Superseded) (ID: 1306727)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Excel Web App - Office Web Apps 2010 SP1/SP2 (x64) (Superseded) (ID: 1306729)

[Major] MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Word Web App - Office Web Apps 2010 SP1/SP2 (x64) (Superseded) (ID: 1306731)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2007 SP2 (KB2553089) (Superseded) (ID: 1107211)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2007 SP2 (KB2553090) (Superseded) (ID: 1107216)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2007 SP3 - Excel 2007 SP3 (Superseded) (ID: 1307303)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2013 - Excel 2013 (Superseded) (ID: 1307309)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2013 - Excel 2013 (x64) (Superseded) (ID: 1307311)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Excel Viewer 2007 SP3 (Superseded) (ID: 1307315)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office Compatibility Pack SP3 (Superseded) (ID: 1307317)

[Major] MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Word 2003 SP3 (KB2817682) (Superseded) (ID: 1307203)

[Major] MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Word 2007 SP3 (KB2767773) (Superseded) (ID: 1307209)

[Major] MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office Compatibility Pack SP3 (KB2760823) (Superseded) (ID: 1307219)

[Major] MS13-052: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 (Superseded) (ID: 13052103)

[Major] MS13-052: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 for Developers (Superseded) (ID: 13052105)

[Major] MS13-052: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 for Developers (x64) (Superseded) (ID: 13052107)

[Major] MS13-052: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 (x64) (Superseded) (ID: 13052109)

Partially superseded Fixlet Messages due to October 2013 Security Bulletins:

[Major] MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 4 - Windows 7 Gold (ID: 1110007)

[Major] MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 4.0 - Windows 7 Gold / 2008 R2 Gold (x64) (ID: 1110013)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 Gold (KB2553091) (ID: 1107226)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 Gold (KB2553096) (ID: 1107231)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 Gold (KB2553091) (x64) (ID: 1107241)

[Major] MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 Gold (KB2553096) (x64) (ID: 1107246)

[Major] MS12-078: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - Windows 7 Gold (KB2753842) (V2.0) (ID: 1207833)

[Major] MS12-078: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - Windows 7 Gold (KB2753842) (x64) (V2.0) (ID: 1207837)

[Major] MS12-078: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - Windows Server 2008 R2 Gold (KB2753842) (x64) (V2.0) (ID: 1207841)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 SP2 - Excel 2010 SP2 (ID: 1307305)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 SP2 - Excel 2010 SP2 (x64) (ID: 1307307)

Reason for Update:

Microsoft has released 8 Security Bulletins for October 2013.

Actions to Take:

None

Published site version:

Patches for Windows (English), version 1849

Additional links:

Microsoft Security Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms13-oct

Application Engineering Team

IBM Endpoint Manager

system · October 9, 2013, 10:48pm

(imported comment written by cstoneba)

Anyone having issues with fixlet ID 13081157 (MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - KB2862330 - Windows Server 2008 R2 SP1 (x64)) ? It is still showing relevant after being installed and the target rebooted.

system · October 9, 2013, 11:26pm

(imported comment written by TerryWeiChao)

Hi,

It is still showing relevant after installing the patch, I think maybe some files are still not to the version that relevance expects. Can you try to find out which file cause the file check relevance still show true?

Thanks!

dexdexdex · October 9, 2013, 11:35pm

(imported comment written by liuhoting)

You can use this relevance to get at file information on systems that you’re having trouble with. In addition, I’d try running the patch manually and seeing if it sticks or checking out to see if an error message pops up.

Q: version of file “atmfd.dll” of system x64 folder

Q: version of file “atmfd.dll” of system wow64 folder

Q: version of file “atmlib.dll” of system x64 folder

Q: version of file “atmlib.dll” of system wow64 folder

Q: version of file “dciman32.dll” of system x64 folder

Q: version of file “dciman32.dll” of system wow64 folder

Q: version of file “fontsub.dll” of system x64 folder

Q: version of file “fontsub.dll” of system wow64 folder

Q: version of file “lpk.dll” of system x64 folder

Q: version of file “lpk.dll” of system wow64 folder

system · October 10, 2013, 6:03pm

(imported comment written by cstoneba)

PMR 56651,7TD,000 created for this problem.

Here are the QnA Results:

q: version of file “atmfd.dll” of system x64 folder

A: 5.1.2.237

T: 0.217 ms

Q: version of file “atmfd.dll” of system wow64 folder

A: 5.1.2.237

T: 0.235 ms

Q: version of file “atmlib.dll” of system x64 folder

A: 5.1.2.237

T: 0.226 ms

Q: version of file “atmlib.dll” of system wow64 folder

A: 5.1.2.237

T: 0.222 ms

Q: version of file “dciman32.dll” of system x64 folder

A: 6.1.7600.16385

T: 0.233 ms

Q: version of file “dciman32.dll” of system wow64 folder

A: 6.1.7600.16385

T: 0.256 ms

Q: version of file “fontsub.dll” of system x64 folder

A: 6.1.7601.17105

T: 0.233 ms

Q: version of file “fontsub.dll” of system wow64 folder

A: 6.1.7601.17105

T: 0.237 ms

Q: version of file “lpk.dll” of system x64 folder

A: 6.1.7600.16385

T: 0.235 ms

Q: version of file “lpk.dll” of system wow64 folder

A: 6.1.7600.16385

T: 0.243 ms

q: (exists file “usbehci.sys” whose (((exists value “FileVersion” whose (it as lowercase contains “qfe” OR it as lowercase contains “ldr”) of version blocks of it) AND ((version of it >= “6.1.7601.21000” AND version of it < “6.1.7601.22441”))) OR ((exists value “FileVersion” whose (not (it as lowercase contains “qfe” OR it as lowercase contains “ldr”)) of version blocks of it) AND ((version of it >= “6.1.7601.17000” AND version of it < “6.1.7601.18251”)))) of it) of (folder “drivers” of system x64 folder)

A: True

T: 1.395 ms

q: (exists file “usbport.sys” whose (((exists value “FileVersion” whose (it as lowercase contains “qfe” OR it as lowercase contains “ldr”) of version blocks of it) AND ((version of it >= “6.1.7601.21000” AND version of it < “6.1.7601.22441”))) OR ((exists value “FileVersion” whose (not (it as lowercase contains “qfe” OR it as lowercase contains “ldr”)) of version blocks of it) AND ((version of it >= “6.1.7601.17000” AND version of it < “6.1.7601.18251”)))) of it) of (folder “drivers” of system x64 folder)

A: True

T: 2.752 ms

dexdexdex · October 11, 2013, 1:29am

(imported comment written by liuhoting)

It looks like the patch just isn’t getting installed…

and it looks like you’re not the only one having problems:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c

It’s happening on both Windows 7 and Server 2008 R2 machines. In addition to not being installed properly, or having the update stall out, this update looks like it’s randomly causing blue screens as well.

dexdexdex · October 11, 2013, 1:40am

(imported comment written by liuhoting)

Also my mistake I posted the relevance checks for a different fixlet entirely. The relevance that should be run is:

Q: version of file “usbccgp.sys” of folder “drivers” of system x64 folder

Q: version of file “usbd.sys” of folder “drivers” of system x64 folder

Q: version of file “usbehci.sys” of folder “drivers” of system x64 folder

Q: version of file “usbhub.sys” of folder “drivers” of system x64 folder

Q: version of file “usbohci.sys” of folder “drivers” of system x64 folder

Q: version of file “usbport.sys” of folder “drivers” of system x64 folder

Q: version of file “usbuhci.sys” of folder “drivers” of system x64 folder

system · October 11, 2013, 9:53pm

(imported comment written by Andrew_TEM)

Please check the relevance for Fixlet (13081171) MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - KB2883150 - Windows Server 2008 R2 SP1 (x64).

I believe the Relevance 6 block to be incorrect. It is checking for service branches incorrectly. We ran into this issue last month and the relevance was updated without the service branches and only focused on the file versions. Below is my QnA:

q: (exists file “win32k.sys” whose (((exists value “FileVersion” whose (it as lowercase contains “qfe” OR it as lowercase contains “ldr”) of version blocks of it) AND ((version of it >= “6.1.7601.21000” AND version of it < “6.1.7601.22435”))) OR ((exists value “FileVersion” whose (not (it as lowercase contains “qfe” OR it as lowercase contains “ldr”)) of version blocks of it) AND ((version of it >= “6.1.7601.17000” AND version of it < “6.1.7601.18246”)))) of it) of (system x64 folder)

A: False

T: 5.041 ms

q: value “FileVersion” of version blocks of file “win32k.sys” of system x64 folder

A: 6.1.7600.16385 (win7_rtm.090713-1255)

T: 3.362 ms

q: version of file “win32k.sys” of system x64 folder

A: 6.1.7601.22416

T: 0.848 ms

system · October 14, 2013, 1:55pm

(imported comment written by sylviabeing)

Can you try the custom copy attached in my last post? Do update me with the result!

Thanks!

system · October 14, 2013, 4:49pm

(imported comment written by Andrew_TEM)

The applicable computer count I have for the custom 2K8R2 fixlet is what I would expect to see in our environment. Your check for the win32k.sys file should be permanently changed.

I have only tested the 2K8R2 fixlet, I cannot speak for the Win7 fixlet…even though I know they are practically the same.

system · October 11, 2013, 10:35pm

(imported comment written by cstoneba)

thanks liuhoting. Yes, sounds like there are some issues with it. I guess i’m glad we pulled the MS13-081 fixlets from our baselines for October then.

Hopefully MS provides a v2 update.

system · October 11, 2013, 11:15pm

(imported comment written by CSL2012)

Fixlet (13081171) MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution - KB2883150 - Windows Server 2008 R2 SP1(x64). After reviewing
http://technet.microsoft.com/en-us/security/bulletin/ms13-081
&
http://support.microsoft.com/kb/2883150
, I compared TEM Applicability results with WSUS. WSUS shows KB2883150 is applicable to all of our Win 2008 R2 servers but TEM shows less than 10 Win 2008 R2 applicable.

system · October 14, 2013, 1:54pm

(imported comment written by sylviabeing)

Hi,

Thanks for the comparison. I think there is something unusual for file “win32k.sys”.

Please try the custom copy for both Windows 2008 R2 SP1 (x64) and Windows 7 SP1 (x64) and let me know the results.

Regards,

Sylvia

system · October 15, 2013, 5:31pm

(imported comment written by Andrew_TEM)

Sylvia,

Are there any plans to update Fixlet 13081171 with the above custom copies to the external site? We are waiting on this to move forward with our October patching. Or should we move forward with relying on the custom copy?

dexdexdex · October 16, 2013, 3:11am

(imported comment written by liuhoting)

Hey Andrew, did those custom fixlets work for you? If yes, we’re planning on republishing that version into the external site.

system · October 16, 2013, 1:13pm

(imported comment written by sylviabeing)

Hey Andrew,

The content (Fixlet 13081171 and 13081153) has been updated and published to the external site.

Published site version:

Patches for Windows (English), version 1856.

Please check out the new copy.

Regards,

Sylvia

system · October 17, 2013, 4:48pm

(imported comment written by Andrew_TEM)

They worked. Thanks for the turn around on those patches Sylvia and
liuhoting
.

system · October 17, 2013, 8:07pm

(imported comment written by cwmenard)

It appears that the following fixlets should have been fully superseded by MS13-085:

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 SP2 - Excel 2010 SP2 (ID: 1307305)

[Major] MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Office 2010 SP2 - Excel 2010 SP2 (x64) (ID: 1307307)

They are still showing relevant for systems that have been updated with MS13-085.

Q:

version

of

regapp

“excel.exe”

A:
14.0.7109.5000

T:
1.211 ms

MS13-073 installs version 14.0.7104.5000 of excel.exe. Since the MS13-073 fixlets don’t contain file level relevance they are still showing as relevant since MS13-085 was installed before MS13-073 was applied.

Thanks,

Curtis

system · October 17, 2013, 9:09pm

(imported comment written by SLB)

Hi Curtis,

I’m seeing the same (I posted a question about this earlier in this forum). The MS13-085 update doesn’t create the same registry keys as the MS13-073 update does. In defence of IBM though, MS don’t state that MS13-085 replaces MS13-073 for Office 2010 SP2, only for SP1.

Regs

Rob

system · October 18, 2013, 1:06am

(imported comment written by cwmenard)

Having some file level relevance in MS13-073 would have avoided this.