I have several Windows 2008 R2 servers running Certificate Services, all showing relevant for Fixlet 1105109 “MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment … Windows Server 2008 R2 Gold/SP1 (x64)”. The Fixlet fails, the wusa.exe command returns -2145124329.
When I try to install manually, wusa says “The update is not applicable to your computer”.
I’m wondering whether the Convenience Rollup Package (which is installed on my hosts) contained this update. The article at https://support.microsoft.com/en-us/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1 links a CSV of all updated files and their versions, and does include a lot of “likely” candidates - certenroll.dll, certutil.exe, certarc.asp, certcert.inc, certser.asp, and literally hundreds of other cert* files are included in the Convenience Rollup Package.
But the Fixlet Relevance for MS11-051 does not include a file versions check, and I can’t retrieve the file versions from the MS11-051 article, so … does anyone know if MS11-051 is included in KB3125574 Convenience Rollup? And, if so, can the MS11-051 Fixlets be updated to include a relevance check on the rollup?
certckpn.asp Fri, 25 Mar 2016
certrqbi.asp Thu, 05 May 2011
certrqma.asp Thu, 05 May 2011
certrqxt.asp Thu, 05 May 2011
certrsis.asp Thu, 05 May 2011
certrspn.asp Sun, 21 Nov 2010
So, the certrspn.asp gives me pause, as it has an older date. The others look like they line up with the right time for MS11-051 (released June 2011), and certckpn.asp was updated much more recently. I’m having some difficulty finding from the MSU file just what binaries are provided in the MS11-051 update
Jason, did you ever get this squared away? I found your post via Google… We don’t use BigFix (bummer) but a Retina scan showed we need this patch on a server and the server says it is not applicable…
