5 Replies Latest reply on Oct 16, 2015 10:03 AM by cwinning

    MS12-035 not showing up unless i scan for that MS

    Joseph.Giovinco Rookie

      Our info sec department keeps coming back to me saying the MS bulletin 12-035 is missing on tons of our servers.  I looked  into my setting and I and my patch templates are including every criticality for All Security Patches.  Im not doing security tools and non-security patches.  is the MS12-035 Bulletin in a different category? 

        • 1. Re: MS12-035 not showing up unless i scan for that MS
          cwinning CommunityTeam

          Hello,

           

          MS12-035 is a Security Patch.  Scan one of these machines using the Security Patch Scan instead of your custom template once.  Does it show missing?

          Do you know what criteria your security department is using to detect it as missing?

          Some versions of this patch are superseded by newer patches. Do you know the KBNumber of the patch?

           

          Let me know what you see.

           

          Thanks,

          Charles

          • 2. Re: MS12-035 not showing up unless i scan for that MS
            Joseph.Giovinco Rookie

            They are using Rapid 7 Scanning engine.  Anything that's Sev 8,9,10 shows up on a report.

            • 3. Re: MS12-035 not showing up unless i scan for that MS
              cwinning CommunityTeam

              That really doesn't mean a lot to me.  I was hoping to get feedback on the registry entry or file version they were using.

               

              The other information is key to answering your question too.

               

              "Scan one of these machines using the Security Patch Scan instead of your custom template once.  Does it show missing?"

              "Do you know the KBNumber of the patch?"

               

              Thanks,

              Charles

              • 4. Re: MS12-035 not showing up unless i scan for that MS
                Rookie

                Hi, I'm a BMC Bladelogic v8.3 Customer, and we also have the same weird behavior,  were strangely, MS12-035, is re-starting to re-showup again as missing, while it was already installed, and re-validate locally by the windows SysAdmin.

                 

                Shavlik Output of BL scan goes like this

                 

                 

                Windows6.1-2008-R2-SP1-KB2604115-x64.msu-MS12-035-en-WINDOWS SERVER 2008 R2 ENTERPRISE (X64)-SP1 Q2604115 Critical MS12-035 WINDOWS SERVER 2008 R2 ENTERPRISE (X64) Missing  Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client... File version is less than expected. [C:\Program Files (x86)\REFERENCE ASSEMBLIES\MICROSOFT\FRAMEWORK\V3.0\PRESENTATIONCORE.DLL 3.0.6920.5011 < 3.0.6920.5738]

                 

                inside HKLM_Patches.txt file of  the Registry Export script, from Shavlik, I can see :

                     ---> where KB2604115 is Ms12-035

                 

                     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2604115~31bf3856ad364e35~amd64~~6.1.1.3]

                    "InstallClient"="WindowsUpdateAgent"

                    "InstallName"="Package_1_for_KB2604115~31bf3856ad364e35~amd64~~6.1.1.3.mum"

                    "InstallLocation"="\\\\?\\C:\\Windows\\SoftwareDistribution\\Download\\e05455c596438e6b843c0b4e41c989a9\\inst\\"

                    "CurrentState"=dword:00000070

                    "SelfUpdate"=dword:00000000

                    "Visibility"=dword:00000002

                    "InstallTimeHigh"=dword:01d0fe84

                    "InstallTimeLow"=dword:87dd38af

                    "InstallUser"="S-1-5-21-696427053-3213702382-3822597110-500"

                    "Trusted"=dword:00000001

                 

                Anyone from shavlik can help ?

                 

                Thanks

                • 5. Re: MS12-035 not showing up unless i scan for that MS
                  cwinning CommunityTeam

                  Hello,

                   

                  You need to work through Bladelogic to get the issue escalated, sorry.

                   

                  Thanks,

                  Charles