Is anyone seeing possible false positives for Ms13-090? I’m seeing a few and the patch fails to install and reports its already installed. The KB does not appear in View Installed updates to permit removal. MBSA scans do not show the patch as required. I have checked the relevance and I believe the detection is flawed when compared to the info from Microsoft’s KB https://support.microsoft.com/en-gb/kb/2900986. The fixlets are look for decimal hex value 00000400 (decimal 1024) in all registry keys where as Microsoft KB indicate that 00000400 in one hive and 04000400 (decimal 67109888) in all other keys. The machines with the false positives all have the values as per the Microsoft KB.
I suspect the registry keys are set by a later update so the KB strings that the fixlet checks for in the serving sections of the registry do not exist .