(imported topic written by cstoneba)
When I run MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP3 - CORRUPT PATCH", it fails for a large number of my clients. Is anyone else having this problem?
(imported comment written by SystemAdmin)
Ahh…I have been working on this for a day or so. I have noticed that from a low of 30 or so clients with a corrupt 9-047 has grown to 620 clients. I have tried to apply the corrupt patch and it fails on all my clients. I am researching now to see what is the problem…hopefully its a fixlet issue. My clients are Windows XP SP2.
Thanks for posting this issue!
Scott
(imported comment written by liuhoting91)
Hmmmm, interesting…
What version of Windows Media Format do you have installed on your XP systems? Or better, what version of wmvcore.dll is on your systems?
(imported comment written by cstoneba)
I just created a property (version of file “wmvcore.dll” of system folder) and for the clients that have reported so far, all that failed have a version of 10.0.0.3705. However, some that completed successfully also have that version. Others that completed have 9.0.0.327 & 11.0.5721.5265
(imported comment written by liuhoting91)
What does running this relevance on machines that are showing failure at 10.0.0.3705 and have the MS09-047 patch applied say?
Q: (exists file “wmvcore.dll” whose ((version of it < ") and not exists value “FileVersion” whose (it contains “_qfe” OR it contains “_ldr” OR it contains “_rtm”) of version blocks of it) of it) of system folder
If that’s true, then lower bounds on the file version checks need to go in (I think >= 10.0.0.3800 should do the trick).
(imported comment written by cstoneba)
This one is for XP SP2 if that matters, but it failed as well. It has wmvcore.dll version of 10.0.0.3705
Q: (exists file “wmvcore.dll” whose ((version of it < ") and not exists value “FileVersion” whose (it contains “_qfe” OR it contains “_ldr” OR it contains “_rtm”) of version blocks of it) of it) of system folder
A: True
(imported comment written by SystemAdmin)
All my Windows XP SP2 machines that show corrupt (and fail) have version wmvcore.dll 10.0.0.3705.
Thanks,
Scott
(imported comment written by liuhoting91)
We’ve just published a fix for this fixlet:
_
BigFix has modified content in the Patches for Windows (English) / Enterprise Security site. The relevance in the following Fixlet messages has been modified to remove false positives where a file was incorrectly identified being in the QFE branch:
ID: 904703 MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP2
ID: 904704 MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP2 - CORRUPT PATCH
ID: 904705 MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP3
ID: 904706 MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP3 - CORRUPT PATCH
_
That should fix the corrupt patch issues. Thanks for reporting this in!
(imported comment written by SystemAdmin)
Fixed!! Thanks all!