MS12-035 is a Security Patch. Scan one of these machines using the Security Patch Scan instead of your custom template once. Does it show missing?
Do you know what criteria your security department is using to detect it as missing?
Some versions of this patch are superseded by newer patches. Do you know the KBNumber of the patch?
Let me know what you see.
They are using Rapid 7 Scanning engine. Anything that's Sev 8,9,10 shows up on a report.
That really doesn't mean a lot to me. I was hoping to get feedback on the registry entry or file version they were using.
The other information is key to answering your question too.
"Scan one of these machines using the Security Patch Scan instead of your custom template once. Does it show missing?"
"Do you know the KBNumber of the patch?"
Hi, I'm a BMC Bladelogic v8.3 Customer, and we also have the same weird behavior, were strangely, MS12-035, is re-starting to re-showup again as missing, while it was already installed, and re-validate locally by the windows SysAdmin.
Shavlik Output of BL scan goes like this
Windows6.1-2008-R2-SP1-KB2604115-x64.msu-MS12-035-en-WINDOWS SERVER 2008 R2 ENTERPRISE (X64)-SP1 Q2604115 Critical MS12-035 WINDOWS SERVER 2008 R2 ENTERPRISE (X64) Missing Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client... File version is less than expected. [C:\Program Files (x86)\REFERENCE ASSEMBLIES\MICROSOFT\FRAMEWORK\V3.0\PRESENTATIONCORE.DLL 3.0.6920.5011 < 3.0.6920.5738]
inside HKLM_Patches.txt file of the Registry Export script, from Shavlik, I can see :
---> where KB2604115 is Ms12-035
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2604115~31bf3856ad364e35~amd64~~220.127.116.11]
Anyone from shavlik can help ?
You need to work through Bladelogic to get the issue escalated, sorry.