Has anyone else noticed that after applying KB4467701 on Windows Sever 2012, fixlet 1309937 (MS13-099) becomes relevant again? It appears that KB4467701 contains a number of RTM versions of the files updated by MS13-099 and is possibly removing the CBS references that were added by MS13-099 making the fixlet appear relevant again.
Breaking the fixlet detection I isolated the files tripping the detection is for the x86 version of scrobj.dll
Q: (exists file "scrobj.dll" whose (((exists value "FileVersion" whose (it as lowercase contains "qfe" OR it as lowercase contains "ldr") of version blocks of it) AND ((version of it < "5.8.9200.16384" and version of it >= "5.8")) AND ((exists key "Microsoft-Windows-ServerCore-SKU-Foundation-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it OR exists key "Microsoft-Windows-Server-Gui-Shell-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it OR exists key "Microsoft-Windows-SKU-Foundation-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it) of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\" of native registry)) OR ((exists value "FileVersion" whose (not (it as lowercase contains "qfe" OR it as lowercase contains "ldr")) of version blocks of it) AND ((version of it < "5.8.9200.16734" and version of it >= "5.8")) AND ((exists key "Microsoft-Windows-ServerCore-SKU-Foundation-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it OR exists key "Microsoft-Windows-Server-Gui-Shell-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it OR exists key "Microsoft-Windows-SKU-Foundation-Package-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it) of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\" of native registry)) OR ((exists value "FileVersion" whose (it as lowercase contains "qfe" OR it as lowercase contains "ldr") of version blocks of it) AND ((version of it < "5.8.9200.16384" and version of it >= "5.8")) AND ((exists key "Microsoft-Windows-Embedded-Scripting-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it) of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\" of native registry)) OR ((exists value "FileVersion" whose (not (it as lowercase contains "qfe" OR it as lowercase contains "ldr")) of version blocks of it) AND ((version of it < "5.8.9200.16734" and version of it >= "5.8")) AND ((exists key "Microsoft-Windows-Embedded-Scripting-inetcore~31bf3856ad364e35~amd64~~6.2.9200.16384" of it) of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\" of native registry))) of it) of (system wow64 folder)
A: True
The file version information as follows
Q: (pathname of it, version of it, value "FileVersion" of version blocks of it) of file "scrobj.dll" of system wow64 folder
A: C:\Windows\SysWOW64\scrobj.dll, 5.8.9200.16384, 5.8.9200.16384
If you try to install MS13-099 it reports that the update is already installed and removing then reinstalling MS13-099 makes no effect.
Have Microsoft re-introduced a vulnerability I wonder, or are newer files negating the need for a patched version of scrobj.dll?