Maybe others on this forums are seeing this but we are seeing on Windows Server 2012 that the installation of MS19-NOV (KB4525246) is reverting a number of files back to the RTM versions (as detailed in https://download.microsoft.com/download/3/6/c/36c6ef09-8de3-45fa-a47d-40d1e5df138b/4525246.csv) and this causes fixlet 1208303 for MS12-083 to become relevant again. Its not possible to reinstall MS12-083 as the update detects it as already being installed. Could this be Microsoft making an error and mistakenly backdating files or have they applied updates that means the RTM file no longer cause the vulnerability that MS12-083 was securing?
2 Likes
We see this issue after installing November’2019 rollup KB4525246 causes fixlet KB2765809 for MS12-083 to become relevant again in our server environment.
1 Like
Passing on to the team to investigate.
1 Like
We had the issue raised with Microsoft and they told us that they are aware of it but they do not consider it to be an “issue”/“bug” on their side because although the DLL versions are older version (specifically adhapi.dll) it changes the branch from “gdr” to “ldr”, so theoretically the MS12-083 fixlet relevance can (probably should) be amended to check DLL version < … AND Branch = “gdr”
1 Like
Interesting, thanks for sharing. If I look at one of our affected systems (all Server 2012) there are a number of files that have been reverted to the RTM version.
Q: (pathname of it, version of it) of (files ("adhapi.dll";"adhsvc.dll";"httpprxm.dll";"httpprxp.dll";"iphlpsvc.dll";"keepaliveprovider.dll") of system x64 folder) ; (pathname of it, version of it) of files "IphlpsvcMigPlugin.dll" of folder "MIGRATION\" of (system x64 folder) ; (pathname of it, version of it) of files ("netdacim.dll";"netnccim.dll";"netttcim.dll") of (folder "WBEM\" of (system x64 folder))
A: C:\Windows\system32\adhapi.dll, 6.2.9200.16384
A: C:\Windows\system32\adhsvc.dll, 6.2.9200.22898
A: C:\Windows\system32\httpprxm.dll, 6.2.9200.22898
A: C:\Windows\system32\httpprxp.dll, 6.2.9200.22898
A: C:\Windows\system32\iphlpsvc.dll, 6.2.9200.22898
A: C:\Windows\system32\keepaliveprovider.dll, 6.2.9200.16384
A: C:\Windows\system32\MIGRATION\IphlpsvcMigPlugin.dll, 6.2.9200.16384
A: C:\Windows\system32\WBEM\netdacim.dll, 6.2.9200.16384
A: C:\Windows\system32\WBEM\netnccim.dll, 6.2.9200.16384
A: C:\Windows\system32\WBEM\netttcim.dll, 6.2.9200.16384
Thats an interesting stance from MS though as I thought the LDR branch versioning format was following the 6.2.9200.2xxxx format, not 6.2.9200.16xxx.