MS18-JUL: Security update for remote code execution vulnerability - Visual Studio 2010 SP1 - KB4336919

I don`t think, Its a correct action language which released in July under patch management,

prefetch VS10SP1-KB4336919-x86.exe sha1:73ba45ea657ccd6766921984df6503d42866bc36 size:7484104 https://download.visualstudio.microsoft.com/download/pr/12715017/faaef3d5a7c96735de75d3843e964a5c/VS10SP1-KB4336919-x86.exe sha256:866373b39d1ce7bc5b5ffabb47b62c50766d5cf12ced059d163b9ee5d8ce14cd

waithidden __Download\VS11-KB4336946.exe /q /norestart

action may require restart “73d016e1ca2690ca034d2b49690e09858ec3e523”

1 Like

I didn’t see what you meant at first.

The download file is not the same file the script is trying to execute.

@bma can you ensure the right people see this?

1 Like

yes, I am saying the same thing"The download file is not the same file the script is trying to execute". I think BigFix Team need to correct this fixlet.

Explains why it failed on servers in our test environment. I was expecting it to be something more complicated than a filename.

The fixlet has been updated and applied successfully.

I know this is an old post, but figured I’d comment. This update was failing to download, more than likely a proxy server issue on our end even though the proxy admin said the download address was allowed. Anyway, I changed to the action script to point to http://download.windowsupdate instead of https://download.visualstudio, which I know is allowed through and I finally got it to work. Thought I’d post in case it helps someone else…you never know. :slight_smile:

prefetch VS10SP1-KB4336919-x86.exe sha1:73ba45ea657ccd6766921984df6503d42866bc36 size:7484104 http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/09/vs10sp1-kb4336919-x86_73ba45ea657ccd6766921984df6503d42866bc36.exe sha256:866373b39d1ce7bc5b5ffabb47b62c50766d5cf12ced059d163b9ee5d8ce14cd

waithidden __Download\VS10SP1-KB4336919-x86.exe /q /norestart

action may require restart “73d016e1ca2690ca034d2b49690e09858ec3e523”

Chris

1 Like

I have this issue in my environment as well.

If this is the case with Visual Studio content, @bma, can we get any Visual Studio patches with incorrect links updated?

@baynes74

Which ones in particular ones are you referencing? The link from the fixlet mentioned by SmokyMTN appears to be correct to me. It’s valid and the checksum appears correct after I’ve downloaded it.

Could it be a proxy issue on your end?

It could be, this is in a domain that was an M&A and I am working with the team there to determine the proxy settings.