MS12-034 - ID 1203465 - KB 2676562 - False Negative

(imported topic written by ItsAvi)

Hi,

For the details above, I got a “not relevant” for a machine that windows update client says is relevant and when I install it manually it’s applicable.

also I checked the logs of besclient and never has this fixlet been relevant on this 4 day old machine.

(imported comment written by sylviabeing)

Hi,

Please try the attached custom copy for fixlet 1203465.

File relevance check for “win32k.sys” has been modified. Please let me know if this custom copy works for you. If not, please provide the following query results:

Q: file “Ntkrnlpa.exe” of system folder

Q: value “FileVersion” of version blocks of file “Ntkrnlpa.exe” of system folder

Q: file “Ntoskrnl.exe” of system folder

Q: value “FileVersion” of version blocks of file “Ntoskrnl.exe” of system folder

Q: file “Win32k.sys” of system folder

Q: value “FileVersion” of version blocks of file “Win32k.sys” of system folder

Regards,

Sylvia

(imported comment written by ItsAvi)

Hi Sylvia,

thanks for the reply, I added the custom relevance fixlet, I get several relevant computers however the machine i’m testing on that has the patch applicable from windows update client (the one i’m using for patch testing and is most clean straight after operating system deployment)

the machine does not appear to be relevant, here is the QnA from it:

Q:

file

“Ntkrnlpa.exe”

of
system folder

A:
“Ntkrnlpa.exe” “6.1.7601.18147” “NT Kernel & System” “6.1.7601.18147 (win7sp1_gdr.130505-1534)” “Microsoft Corporation”

T:
0.632 ms

I:
singular file

Q:

value

“FileVersion”

of

version blocks

of

file

“Ntkrnlpa.exe”

of
system folder

A:
6.1.7601.18147 (win7sp1_gdr.130505-1534)

T:
0.934 ms

I:
singular string

Q:

file

“Ntoskrnl.exe”

of
system folder

A:
“Ntoskrnl.exe” “6.1.7601.18147” “NT Kernel & System” “6.1.7601.18147 (win7sp1_gdr.130505-1534)” “Microsoft Corporation”

T:
0.905 ms

I:
singular file

Q:

value

“FileVersion”

of

version blocks

of

file

“Ntoskrnl.exe”

of
system folder

A:
6.1.7601.18147 (win7sp1_gdr.130505-1534)

T:
1.139 ms

I:
singular string

Q:

file

“Win32k.sys”

of
system folder

A:
“Win32k.sys” “6.1.7601.18176” “Multi-User Win32 Driver” “6.1.7600.16385 (win7_rtm.090713-1255)” “Microsoft Corporation”

T:
0.825 ms

I:
singular file

Q:

value

“FileVersion”

of

version blocks

of

file

“Win32k.sys”

of
system folder

A:
6.1.7600.16385 (win7_rtm.090713-1255)

T:
1.692 ms

I:
singular string

(imported comment written by sylviabeing)

Hi

Sorry for the late reply.

I have created a new custom copy and please give it a try.

Regards,

Sylvia