KB2928120 (MS14-025) Relevance Issue

(imported topic written by CSL2012)

Fixlet ID: 1402505 for “MS14-025: Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege - Windows Server 2008 R2 SP1 - KB2928120 (x64)” is not showing relevant for our Windows Server 2008 R2. We now have audit findings indicating all of our applicable 2008 R2 servers are deficient and I have verified WSUS indicating KB2928120 (MS14-025) patch is Applicable to our servers. I verified on one of our servers that have the “Gppref.dll” and is in fact vulnerable and not at the current version 6.1.7601.22605, per (
http://support.microsoft.com/kb/2928120
). This is the same server I ran and attached the qna file. Can someone review fixlet id: 1402505 please. Thanks.

Chi

(imported comment written by BaiYunfei)

Hi Chi,

Thanks for reporting the issue, kindly try out the custom copy attached. Thanks!

(imported comment written by CSL2012)

Thanks BaiYunfei. Testing in Progress.

(imported comment written by CSL2012)

BaiYunfei,

The CustomCopy - 1402505.bes you provided did not work. It’s showing 0 Applicable servers.

(imported comment written by BaiYunfei)

Hi Chi,

I am sorry for the trouble, please try this version 2 of the custom Fixlet.

(imported comment written by CSL2012)

BaiYunfei,

The CustomCopy - 1402505.ver2.bes you provided, did work. My DC’s are now showing Applicable. Sorry for the confusion.

Chi

(imported comment written by CSL2012)

BaiYunfei,

Will Fixlet ID: 1402505 be updated for “MS14-025: Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege - Windows Server 2008 R2 SP1 - KB2928120 (x64)”. CustomCopy - 1402505.ver2.bes. Thanks.

Chi

(imported comment written by BaiYunfei)

Hi Chi,

Thanks for your feedback, the content has been published, site: Patches for Windows (English), version 2003.