I am currently comparing outstanding patches reporting in BigFix to what is installed on a system and I am finding some odd results with this patch.
The first thing is that the patch was installed with SCCM and if I manually try installing it, the installer reports that it is installed already. Since it was in a pending restart state, I restarted the computer and the patch reported as no longer relevant. I am guessing that the patch needs the reboot to create the registry key that is needed for BigFix to evaluate against. Not a big deal, but can lead to a bit of confusion.
Now that the patch is installed and the system is rebooted, I see that the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2952664~31bf3856ad364e35~amd646.1.24.2" is created. I also noticed that the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2952664~31bf3856ad364e35~amd646.1.24.5” was created.
One difference is the values of the ApplicabilityState and CurrentState.
For 6.1.24.2, the values are:
ApplicabilityState: 80
CurrentState: 0
For 6.1.24.5, the values are:
ApplicabilityState: 112
CurrentState: 112
I then looked at another system where SCCM says that the patch was installed and the system had recently been rebooted. When I look in the registry, the 6.1.24.2 is not there, but 6.1.24.5 is. Since the fixlet is looking for 6.1.24.2, it is still reporting as relevant.
Just googling around seems to show a lot of versions for this patch and from what I can tell, there was a new one released 2018-04-08 according to http://windows-update-checker.com/hotfix/x64/x64%20change%20log.txt
I checked and my site is up to date, so maybe this fixlet needs to updated.
Thanks