Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

(imported topic written by searchlight)

Hi Folks –

The relevance for fixlet 1403011, “MS14-030: Vulnerability in Remote Desktop Could Allow Tampering - Windows 7 SP1 - KB2965788 (x64)” needs to be adjusted. After applying the fixlet, the relevance never evaluates to false, which causes the fixlet to fail even though the patch does apply successfully.

On Win7 x64 SP1, after the patch has been applied either by hand or by fixlet, the registry shows the following:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r…s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817]

@=“7.1”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r…s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817\6.1]

“6.1.7601.17514”=hex:01

@=“6.1.7601.18186”

“6.1.7601.17779”=hex:01

“6.1.7601.17830”=hex:01

“6.1.7601.18186”=hex:01

“6.1.7601.18465”=hex:01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r…s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817\7.1]

“7.1.7601.16398”=hex:01

@=“7.1.7601.18465”

“7.1.7601.18465”=hex:01

The existing relevance is looking for the default value in the 6.1 subkey to be “6.1.7601.18465”, but the patch is leaving the default value unchanged at “6.1.7601.18186”. However, the “6.1.7601.18465” does appear as an individual value within the subkey. I guess we need to check the individual value rather than the default value.

Strangely, the patch did modify the 7.1 subkey properly so that the “7.1.7601.18465” value is properly assigned as the default, but the 6.1 subkey is not properly modified.

(imported comment written by BaiYunfei)

Hi Searchlight,

Thanks for reporting this issue, your analysis and the registry key export provided is very helpful. We are looking into the issue and will get back to you in this thread.

(imported comment written by BaiYunfei)

Hi Searchlight,

Kindly try out the custom copy attached. Thanks!

(imported comment written by nberger91)

Hi, Tested successfully. Please propagate 32bit and 64bit Fixlets to production.

(imported comment written by BaiYunfei)

Hi Nick,

Thanks for the prompt response and feedback. The fix has been published to site Patches for Windows (English), version 2020.