(imported topic written by SLB)
Hi,
We are seeing a high number of potential false positives on Windows 8 and Windows Server 2012 for fixlet 1400979, MS14-009, KB2901119. It appears that if the any files updated by KB2901119 are at version 4.0.30319.18447 then KB2901119 will not update them to 4.0.30319.18449. The files that are at v4.0.30319.18447 have been updated by MS14-009 KB2901127 so I suspect MS consider files versions 4.0.30319.18447 and later to be not vulnerable.
File versions from the systems that have KB2901119 installed but are reporting relevant for fixlet 1400979 have the following file versions
System.Web.ApplicationServices.dll, 4.0.30319.18447, 4.0.30319.18447
System.Web.Mobile.dll, 4.0.30319.18449, 4.0.30319.18449 built by: FX451RTMGDR
System.Web.Extensions.dll, 4.0.30319.18447, 4.0.30319.18447
System.Web.dll, 4.0.30319.18447, 4.0.30319.18447 built by: FX451RTMGDR
webengine4.dll, 4.0.30319.18447, 4.0.30319.18447 built by: FX451RTMGDR
webengine.dll, 4.0.30319.18447, 4.0.30319.18447 built by: FX451RTMGDR
aspnet_wp.exe, 4.0.30319.18447, 4.0.30319.18447 built by: FX451RTMGDR
By removing both KB2901119 and KB2901127 then reinstalling KB2901119 first then KB2901127 corrects the issue, though that is only a workaround. The updates were initially installed via Windows Update.
Can this be looked into please? I will be glad to open a PMR if needed
Thanks & Regards
Rob