Forum Thread: Resolved: KB972270 and KB982132 repeatedly install

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
ps.securia Resolved: KB972270 and KB982132 repeatedly install
Member 10th Nov, 2011 21:20
Ranking: 0
Posts: 3
User Since: 10th Nov, 2011
System Score: N/A
Location: US
Last edited on 10th Nov, 2011 21:21

Issue:
My 2003 server kept indicating that the referenced KBs needed to be installed. The server was set for automatic download, manual installation. Looking at the installed software updates, both of the KBs were shown as installed. The Windows folder had a "$NtUninstallKB#####$ folder for each.

Analysis:

Looking at the NtUninstall folders I could see that the file \windows\system32\t2embed.dll was supposed to be modified by each of these updates, and the KB972270 folder had the oldest version for restoration, 116KB, dated 2/17/2007. The KB972770 package had a build date of 10/16/2009.
The KB982132 page had a build date of 8/27/2010. The file version in the system32 folder was 117KB with a 10/15/2009 date.

Uninstalling the service patches in reverse order of their internal dates did not restore the original 2/17/2007 t2embed.dll file version. Lookibng at the effective permissions of my user account which has adminstrative rights, I saw that I had read-only effective permissions.

The file permisrssions of t2embed.dll were apparently corrupted during the initial installation of KB92770.

Resolution:
1. Start Windows in Safe Mode with administrator credentials.
2. Navigate to the system32 folder, locate the t2embed.dll folder.
3. Remove all security permissions, direct and inherited, then check tehh "inherit permissions from parent folder" and save.
4. Navigate to the $NtUninstallKB972270$ and copy the file t2embed.dll to the desktop or another temporary location.
5. From the $NtUninstallKB982132$\spuninst folder run spuninst.exe.
6. From the $NtUninstallKB972270$\spuninst folder run spuninst.exe.
7. Restart computer in Normal Mode
8. Install KB972270. Restart if prompted.
9. Install KB982132. Restart if prompted.

The patched version should be 118KB, dataed 8/27/2010

ddmarshall RE: Resolved: KB972270 and KB982132 repeatedly install
Dedicated Contributor 10th Nov, 2011 22:30
Score: 1238
Posts: 981
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Have you used the workaround for the Duqu exploit? Microsoft added the following to the impacts yesterday:

Impact of Workaround. Applications that rely on embedded font technology will fail to display properly. Also, after applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.

http://technet.microsoft.com/en-us/security/adviso...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
ps.securia RE: Resolved: KB972270 and KB982132 repeatedly install
Member 10th Nov, 2011 22:55
Score: 0
Posts: 3
User Since: 10th Nov 2011
System Score: N/A
Location: US
The issue started last week. I didn't knowingly apply the workaround, and probably wouldn't, as I see no reason for a SERVER to use embedded fonts.
Was this reply relevant?
+0
-0
ddmarshall RE: Resolved: KB972270 and KB982132 repeatedly install
Dedicated Contributor 10th Nov, 2011 23:04
Score: 1238
Posts: 981
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I'd ask whether anybody else who has access to the server has run it as it changes the permissions on t2embed.dll exactly as you saw. Those two updates are over a year old. There was no reason they should suddenly start causing problems last week.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
xaniacomputing RE: Resolved: KB972270 and KB982132 repeatedly install
Member 13th Nov, 2011 14:58
Score: 6
Posts: 1
User Since: 13th Nov 2011
System Score: N/A
Location: UK
Last edited on 13th Nov, 2011 14:59
There is an easier way. The program you used to install the temporary patch also had a remove feature. You can find this at http://support.microsoft.com/kb/2639658#FixItForMe... Run the disable option and the KB's will install immedaitely.
Was this reply relevant?
+6
-0

This thread has been marked as locked.