Topic
  • 4 replies
  • Latest Post - ‏2014-06-24T05:32:03Z by BaiYunfei
searchlight
searchlight
9 Posts

Pinned topic Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

‏2014-06-17T13:46:30Z |

Hi Folks --

The relevance for fixlet 1403011, "MS14-030: Vulnerability in Remote Desktop Could Allow Tampering - Windows 7 SP1 - KB2965788 (x64)" needs to be adjusted.  After applying the fixlet, the relevance never evaluates to false, which causes the fixlet to fail even though the patch does apply successfully.

On Win7 x64 SP1, after the patch has been applied either by hand or by fixlet, the registry shows the following:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817]
@="7.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817\6.1]
"6.1.7601.17514"=hex:01
@="6.1.7601.18186"
"6.1.7601.17779"=hex:01
"6.1.7601.17830"=hex:01
"6.1.7601.18186"=hex:01
"6.1.7601.18465"=hex:01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_none_180b5d515c919817\7.1]
"7.1.7601.16398"=hex:01
@="7.1.7601.18465"
"7.1.7601.18465"=hex:01

The existing relevance is looking for the default value in the 6.1 subkey to be "6.1.7601.18465", but the patch is leaving the default value unchanged at "6.1.7601.18186".  However, the "6.1.7601.18465" does appear as an individual value within the subkey.  I guess we need to check the individual value rather than the default value.

Strangely, the patch did modify the 7.1 subkey properly so that the "7.1.7601.18465" value is properly assigned as the default, but the 6.1 subkey is not properly modified.

  • BaiYunfei
    BaiYunfei
    77 Posts

    Re: Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

    ‏2014-06-18T01:59:30Z  

    Hi Searchlight,

    Thanks for reporting this issue, your analysis and the registry key export provided is very helpful. We are looking into the issue and will get back to you in this thread.

  • BaiYunfei
    BaiYunfei
    77 Posts

    Re: Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

    ‏2014-06-21T03:52:32Z  

    Hi Searchlight,

    Kindly try out the custom copy attached. Thanks!

  • nberger91
    nberger91
    30 Posts

    Re: Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

    ‏2014-06-23T09:15:05Z  
    • BaiYunfei
    • ‏2014-06-21T03:52:32Z

    Hi Searchlight,

    Kindly try out the custom copy attached. Thanks!

    Hi, Tested successfully. Please propagate 32bit and 64bit Fixlets to production.

  • BaiYunfei
    BaiYunfei
    77 Posts

    Re: Relevance for MS14-030: KB2965788 (x64) needs to be adjusted

    ‏2014-06-24T05:32:03Z  
    • nberger91
    • ‏2014-06-23T09:15:05Z

    Hi, Tested successfully. Please propagate 32bit and 64bit Fixlets to production.

    Hi Nick,

    Thanks for the prompt response and feedback. The fix has been published to site Patches for Windows (English), version 2020.