During our testing of Microsoft’s August 2016 release of Security Bulletins we have found that Fixlet 1609517 “MS16-095: Cumulative Security Update for Internet Explorer - Windows Server 2008 R2 SP1 - IE 11 - KB3175443 (x64)” has an incorrect SHA1 value for the payload. According to Microsoft’s website (https://support.microsoft.com/en-us/kb/3175443) that SHA1 should be “5B4A1E1493307E95A22EB05FC52A2228EBCA1B7E” and not “70ff5c0ada5e89e4149e4a0488bb758ef73bcd2c”.
Please update ASAP as this is holding up vulnerability patching.
It appears this is also the issue for the 2012 R2 version of the fixlet as well. Fixlet 1609515 “MS16-095: Cumulative Security Update for Internet Explorer - Windows Server 2012 R2 - IE 11 - KB3175443 (x64)” is checking for “ee173fc8170c5ae9a8dbb3a8a9f3d7e0621b5516” when it should be checking for “0BC2B1CB433645BC50800A5DC7A6DDF7CA41C035” according to https://support.microsoft.com/en-us/kb/3175443
Is it true that the actual patch did not change, but just the published sha1 value? How can they make changes to the executable without releasing a bulletin. Did they think no one was going to notice?
If Microsoft makes a change to the binary, they should announce what the change was even if it was only to add a comment. I have been pushing our Microsoft Technical Account Manager to find out what the change was. Would IBM be able to get information about the change? I am sensitive about the IE 11 cumulative update because it has been problematic since May. The May, June, July and August IE 11 cumulative update has caused a problem in our environment.