Fixlet for Security Advisory (2728973)

(imported topic written by CSL2012)

Can a fixlet be provided for Microsoft Security Advisory (2728973)? This patch was released (July 10, 2012).

Unauthorized Digital Certificates Could Allow Spoofing

Summary:

Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management. We are unaware of any misuse of the certificate authorities, but are taking pre-emptive action to protect customers. This issue affects all supported releases of Microsoft Windows.

More Information: http://support.microsoft.com/kb/2728973 & http://technet.microsoft.com/security/advisory/2728973

Thanks,

Chi

(imported comment written by TerryWeiChao)

We are working on this. Content will be published when ready.

Thanks!

(imported comment written by TerryWeiChao)

Content is published in Patches for Windows (English), version 1630.

Thanks!

(imported comment written by dbhambri)

IBM, Can you please create fixlet for another security advisory also released on 10th July 2012 “Vulnerabilities in Gadgets Could Allow Remote Code Execution Security Advisory 2719662” ?

(imported comment written by zoogs)

Does anyone else have any issues with this fixlet in Tivoli? Specifically Windows 2003 machines reporting back as “running” indefinitely.

(imported comment written by Pinck)

Hey Zoogs, I’m getting the same thing here, but with WinXP machines (haven’t applied to our servers yet). Troubleshooting right now to see what I can figure out. Let me know if you come up with anything first!

(imported comment written by SystemAdmin)

It appears that the syntax for the command line was incorrect and it has been fixed sometime recently.

We had someone execute it on 7/13 at 11:37 ET and the command line was:

waithidden __Download\rvkroots.exe /Q /norestart

today it is:

waithidden __Download\rvkroots.exe /Q

and it is working.

I have not seen anything for notification on this though and I am being asked for an explanation.

Martin Carnegie

Gulf Breeze Software Partners

http://www.gulfsoft.com

(imported comment written by TerryWeiChao)

Hi Martin,

Can you let us know usually where you check the latest changes? We will keep that source stable and make you notified.

Thanks!

(imported comment written by EarlHoward)

Hey Terry Wei Chao,

Based on Martins blog on the command differences between 7/13 fixlet and more current fixlet, does this mean that the issue is resolved?

I’m not the bigfix admin in my organization, and the fixlet 2728973 has been hidden so that it does not cause issues with other servers needing other tasks or patches applied to them.

Do I need to inform my bigfix admins to unhide the fixlet and run with it now?

Thanks

(imported comment written by TerryWeiChao)

Yes, the issue has been fixed already, the /norestart has been removed from action script.

Thanks!