MS11-003: Cumulative Security Update for Internet Explorer - IE 8 - Windows 7 Gold (x64) is ‘Relevant’, yet the update fails to install through BigFix or manually.
Installing manually returns error - ‘This update is already installed’ (but its still relevant ) ?
Eventlog - Windows update could not be installed because of error 2359302 “” (Command line: ““C:\Windows\system32\wusa.exe” “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\Enterprise Security__Download\Windows6.1-KB2482017-x64.msu” /quiet /norestart”)
Seeing issues here too. Looks like the patch doesn’t always update the ieui.dll and jsproxy.dll in the System32 and SysWOW64 folders so its causing a false positive on the relevance. Can’t say Bigfix are at fault here after all the MS KB does detail the file versions the relevance is checking. I’m just about to raise a case with the tech support.
FYI, we’ve started to add an action check for Windows Update… from this fixlet:
// Is Windows Update service running?
continue if {exists running service “wuauserv” OR NOT exists service “wuauserv” whose (start type of it = “disabled”)}
Command succeeded (evaluated true) continue if {exists running service “wuauserv” OR NOT exists service “wuauserv” whose (start type of it = “disabled”)} (fixlet 2554)
At 07:26:10 +0000 - actionsite (http://SERVERNAME:PORT/cgi-bin/bfgather.exe/actionsite)
Command succeeded (evaluated true) continue if {(size of it = 23712048 AND sha1 of it = “95006a2b965e8566d8a57600a0c0c53cb7212874”) of file “Windows6.1-KB2482017-x64.msu” of folder “__Download”} (fixlet 2554)
At 07:26:15 +0000 - actionsite (http://SERVERNAME:PORT/cgi-bin/bfgather.exe/actionsite)
Good Morning! I am having the exact same issue at my site. Today I noticed it failed on a Win 7 machine, I logged in and tried to run it manually and the version direct from Microsoft said the update wasn’t relevant to the machine.
The version I am using in Big Fix is called “MS11-003: Cumulative Security Update for Internet Explorer - IE 8 - Windows 7 Gold/SP1”
When I ran it manually on the workstation without using Big Fix, I got a message that said the update was not relevant to the machine. After that, I went to Big Fix console and the machine was still showing as relevant.
I just looked at the relevance, looks like it might need a reboot. Alternatively, it might be something complex in the file tests.
To check, you can use the Fixlet Debugger on the client (http://support.bigfix.com/fixlet/); just copy and paste the Fixlet relevance in and see which clause is coming back True. Note when pasting that you need to put a "Q: " in front of each clause and remove any new lines; the syntax highlighting will let you know if it’s wrong.
We are seeing similar problems with Windows 7 patching. The Console reports Windows 7 patches being Relevant. On deploying the patches the Client reports back saying patch is Not Relevant while on some the patches report back as Failed. Windows Update service is not running on the systems.
Manual install on these systems works fine. Also, on a few systems we activated the Windows Update service temporarily and ran the same update. This worked fine too.
These issues are specially being reported on Windows 7 systems -
Not Relevant - MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution - Windows 7 (fixlet:109819)
Not Relevant - MS10-092: Vulnerability in Task Scheduler Could Allow Elevation of Privilege - Windows 7 (fixlet:109820)
Not Relevant - MS10-095: Vulnerability in Microsoft Windows Could Allow Remote Code Execution - Windows 7 (fixlet:109822)
Not Relevant - MS10-098: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege - Windows 7 (fixlet:109826)
Not Relevant - MS10-100: Vulnerability in Consent User Interface Could Allow Elevation of Privilege - Windows 7 (fixlet:109828)
We are running 8.0.627 for the Servers / Consoles / Relays / Clients.