MS12-046 fixlet failure with exit -2147023729

system · July 25, 2012, 1:26am

(imported topic written by SystemAdmin)

We are having a few systems fail with the following info (from the action on one of the systems)

MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Visual Basic for Applications

DENIT2APPIAS02

Summary

The action failed.

This action has been applied 1 time and will not be applied again.

Status Failed

Start Time 7/19/2012 10:00:15 PM

End Time 7/19/2012 10:00:22 PM

Exit Code -2147023728

Action Script Execution Detail

Completed download http://download.microsoft.com/download/D/8/7/D8718413-C2F8-46B4-B181-76F37E04377F/VBA65-KB2688865-x86-ENU.exe

Completed continue if {(size of it = 1377144 AND sha1 of it = “99481495a2d67e0c7434b20249c850b57be19829”) of file “VBA65-KB2688865-x86-ENU.exe” of folder “__Download”}

Completed waithidden __Download\VBA65-KB2688865-x86-ENU.exe /q:a /r:n

Completed action may require restart “99481495a2d67e0c7434b20249c850b57be19829”

I am trying to gather a bit more info on this (logs, event viewer), but this is all I have right now.

Has anyone else seen this issue?

Martin Carnegie

Gulf Breeze Software Partners

http://www.gulfsoft.com

system · July 25, 2012, 2:42am

(imported comment written by MBARTOSH)

I am having the same problem. When I apply the patch manually, it does not fail. However, it takes a lot of processor.

system · July 25, 2012, 7:09am

(imported comment written by TerryWeiChao)

Hi,

We are working on this issue. We will try to reproduce it first. Will keep you updated.

Thanks!

system · July 25, 2012, 8:25pm

(imported comment written by barr.tj)

Hello,

I am experiencing the same issues with this fixlet. Please let me know if I can be of any help to try and resolve this.

system · July 26, 2012, 12:06pm

(imported comment written by TerryWeiChao)

Hi,

Additional notes are added into fixlet description, default action is removed.

The content is available in Patches for Windows (English), version 1638.

Thanks!

system · July 26, 2012, 6:21pm

(imported comment written by MBARTOSH)

It seeems that both KB2598361 and KB2688865 in bulletin MS12-046 are a problem. Has it been fixed? Do I need to remove them from my baseline and add them back into the baseline?

system · July 27, 2012, 12:05am

(imported comment written by CSL2012)

We also had issues on some boxes not installing but decided to try to run one manually. It popped up with a certificate error and verfied in the security event logs. We traced back to a third party application.

csl

system · July 27, 2012, 12:17am

(imported comment written by MBARTOSH)

I have a case opened for this problem. Hopefully, there will be a fix soon. I am working around it by running this fixlet:

540 Enable BigFix Client Interacting with Desktop and then rerunning the failed patch. Then I got back and run fixlet 541 Disable BigFix Client Interacting with Desktop.

system · July 27, 2012, 8:00am

(imported comment written by TerryWeiChao)

Hi,

Regarding 1204613: MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Visual Basic for Applications, Additional notes are added into fixlet description, default action is removed.

The content is available in Patches for Windows (English), version 1638

Is this OK for you?

And more, do you mean “1204601: MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)” has the same issue like fixlet 1204613?

system · July 28, 2012, 4:01am

(imported comment written by MBARTOSH)

I don’t know what you mean? It seems like the /q:a is the problem. Shouldn’t the parameter be /q or /q:n. I’m not really sure. I haven’t take the time to debug the problem, nor should I have to. Bug 51247 has been opened for application engineering.

system · August 3, 2012, 1:04am

(imported comment written by sneufeld)

Hi CSL,

We’re having torubel with this one too. Were you able to find a way past this w/o enabling the Interactive option in TEM?

Thanks,

//Stephen

system · August 3, 2012, 1:20am

(imported comment written by MBARTOSH)

I was told it is fixed, but I haven’t verified it. I have to remove it from my baseline and re-add it.

system · August 3, 2012, 2:37pm

(imported comment written by CSL2012)

Based on my data analysis, I don’t believe it’s the Interactive Option. I created a baseline to enable the Interactive Option and then take action on the fixlet in question. It failed. I then disabled and rebooted. Next test run i enabled the Interactive Option only, manually ran the patch in question while reviewing the Task Manager. The patch returned an error message with regards to some digital cert. I looked in the Windows Event Logs, Security Logs and reviewed logs during the time of attempted execution (TEM & Manual). The data revealed numerous failures with digital certificates. At this point, the scope of the issue extended beyond my operational capacity thus it was recommended that the Application Owner of this server review their host application and possibly contact their Vendor.

Chi