4 Replies Latest reply on Oct 10, 2013 8:09 AM by Zeremon

    False positive with MS13-054

    Zeremon Rookie

      Hi,

       

      scanning a Server 2008 R2 machine, Shavlik Protect shows KB2835361 (MS13-054) as missing. As a reason for the scan result I've got: "File version ist less than expected. [C:\windows\system32\DWRITE.DLL 6.1.7601.18245 < 6.2.9200.20675]". According to this Shavlic Protect is expecting a file version for Server 2012/Windows 8 on a Server 2008 R2.

       

      Thanks for revising the flawed scan logic.

      Klaus

        • 1. Re: False positive with MS13-054
          SupportEmployee

          Hi,

           

          In the Microsoft KB article (http://support.microsoft.com/?kbid=2835361) it does actually show the following file requirements for Windows 7 & 2008 R2:

           

          For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2

          File nameFile versionFile sizeDateTimePlatform
          Dwrite.dll6.1.7601.181261,545,72810-Apr-201305:45x64
          Dwrite.dll6.1.7601.222961,545,72810-Apr-201305:21x64
          Dwrite.dll6.2.9200.165711,643,52002-Apr-201322:51x64
          Dwrite.dll6.2.9200.206751,643,52010-Apr-201305:21x64
          Dwrite.dll6.1.7601.181261,077,76010-Apr-201305:02x86
          Dwrite.dll6.1.7601.222961,077,76010-Apr-201305:14x86
          Dwrite.dll6.2.9200.165711,247,74409-Apr-201323:34x86
          Dwrite.dll6.2.9200.206751,247,74410-Apr-201305:15x86

           

          Are you experiencing any installation failure or trouble when deploying this patch?

          • 2. Re: False positive with MS13-054
            Zeremon Rookie

            Hi,

             

            thanks for your answer. Yes, re-installation fails ("Security Update is already installed on this computer") . I've seen these file information too, but it must be erroneous.  I cannot help, but the first two digits represent major version.minor version. Hence 6.1 is attributed to Windows 7/Server 2008, and 6.2 to Windows 8/Server 2012. Microsoft will confirm this fact as does its MBSA which does in my case not show KB2835361 as missing.

             

            I hope you can get confirmation as well as an explanation for the "6.2." version files under Windows 7 & Server 2012 directly from Microsoft Support.

             

            Regards

            Klaus

            • 3. Re: False positive with MS13-054
              SupportEmployee

              Hi Klaus,

               

              If it is indeed detecting as missing and failing installation it would be best if we could have you open a case directly with support. It appears to me that you could be running into a detection issue concerning the file branch.

               

              http://www.shavlik.com/support/contact/

               

              If you could please run through the steps for Protect console logging as described in the below linked document it would greatly help us in getting this fixed.

              http://community.shavlik.com/docs/DOC-22921

               

              Thanks!

              • 4. Re: False positive with MS13-054
                Zeremon Rookie

                Hi Adam,

                 

                sorry, but I can't assist you in solving the problem. Youc can find a detailed log posted by angkgupta, filed under "Problem with MS13-054" in July 31 2013 here: http://community.shavlik.com/message/2245401#2245401.

                 

                Please unterstand, that I have not the resources to reverse engineer the problem.

                 

                Best regards

                Klaus