MS12-059 fails with error code 17025

system · March 29, 2013, 5:34pm

(imported topic written by SystemAdmin)

I noticed this morning that one of my baselines is failing on some machines. The patch is fixlet ID 1205901 “MS12-059: Vulnerability in Microsoft Visio Could Allow Remote Code Execution - Microsoft Visio 2010 SP1 (KB2687508) (V2.0)”

On each computer, it fails with exit code 17025. According to Microsoft’s site, this means “Patch already installed”. So I guess the relevance is false positive.

http://technet.microsoft.com/en-us/library/cc179058(v=office.14).aspx

I’m not sure why I only noticed this now; but better late than never I guess.

dexdexdex · March 29, 2013, 11:03pm

(imported comment written by liuhoting)

MS12-059 hasn’t had problems up until now it seems, but maybe you’ve noticed some weird corner case. Can you open up a PMR so that we can follow up on this and track down what’s going on with those endpoints?

system · April 1, 2013, 5:09pm

(imported comment written by SystemAdmin)

PMR 01293,379,000 opened this morning.

system · April 22, 2013, 6:50pm

(imported comment written by shep11)

We are also running into the same problem, when pushing out the ms12-059 and receiving the 17025 exit code. Have you had any luck with this issue?

dexdexdex · April 23, 2013, 4:30pm

(imported comment written by liuhoting)

I think isolated the cause and have a fix for this, but we haven’t gotten confirmation that it works yet. I’ll post the fix here and you guys can tell me whether this seems to work or not…

If it works we’ll go ahead and roll this out into production. Thanks!

system · April 24, 2013, 12:16am

(imported comment written by shep11)

Excuse me for asking this, I am new to Tivoli, The file above I am unfamiliar with the type. Do I treat it like a fixlet or task?

dexdexdex · April 24, 2013, 7:25am

(imported comment written by liuhoting)

You want to treat it like a fixlet, where you evaluate the success or failure of an action based off of the overall relevance going from true to false (rather than just successfully executing all the commands in a given action).

Also, I think we finally got an update that the fixlet seems to do the right thing on the original bug so once we double check a few things this is going to be published.

system · April 24, 2013, 9:43pm

(imported comment written by CheapskateSpoon)

The PMR is now closed. The updated fixlet was published.

Thanks,

Matt

system · April 25, 2013, 9:45pm

(imported comment written by martinc)

I am not sure if this is resolved. What I am seeing is that the following two fixlets are having issues with relevance.

1205906 MS12-059: Vulnerability in Microsoft Visio Could Allow Remote Code Execution - Microsoft Visio 2010 SP1 (KB2687508) (x64) (V2.0) Important Patches for Windows (English) 0 / 16,225 0 Security Hotfix 17.12 MB Microsoft KB2687508 12/11/2012

1205901 MS12-059: Vulnerability in Microsoft Visio Could Allow Remote Code Execution - Microsoft Visio 2010 SP1 (KB2687508) (V2.0) Important Patches for Windows (English) 24 / 16,225 0 Security Hotfix 13.82 MB Microsoft KB2687508 12/11/2012

I am wondering if this is because these should have actually been marked as superceded like the other two fixlets for this MS#. When I look at the link:
http://technet.microsoft.com/en-us/security/bulletin/MS13-023
is seems to indicate that MS13-023 also superceded the KB2687508 patch.

dexdexdex · April 29, 2013, 9:36pm

(imported comment written by liuhoting)

I think these guys are now superseded in Patches for Windows version 1768. The non english will follow shortly.

system · April 30, 2013, 1:13am

(imported comment written by martinc)

It is there. Now just working through MS13-023 as there may be some false/positives there, but need to confirm.

Thanks