Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Resolved: KB972270 and KB982132 repeatedly install

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
ps.securia Resolved: KB972270 and KB982132 repeatedly install
Member 10th Nov, 2011 21:20
Ranking: 0
Posts: 3
User Since: 10th Nov, 2011
System Score: N/A
Location: US
Last edited on 10th Nov, 2011 21:21

Issue:
My 2003 server kept indicating that the referenced KBs needed to be installed. The server was set for automatic download, manual installation. Looking at the installed software updates, both of the KBs were shown as installed. The Windows folder had a "$NtUninstallKB#####$ folder for each.

Analysis:

Looking at the NtUninstall folders I could see that the file \windows\system32\t2embed.dll was supposed to be modified by each of these updates, and the KB972270 folder had the oldest version for restoration, 116KB, dated 2/17/2007. The KB972770 package had a build date of 10/16/2009.
The KB982132 page had a build date of 8/27/2010. The file version in the system32 folder was 117KB with a 10/15/2009 date.

Uninstalling the service patches in reverse order of their internal dates did not restore the original 2/17/2007 t2embed.dll file version. Lookibng at the effective permissions of my user account which has adminstrative rights, I saw that I had read-only effective permissions.

The file permisrssions of t2embed.dll were apparently corrupted during the initial installation of KB92770.

Resolution:
1. Start Windows in Safe Mode with administrator credentials.
2. Navigate to the system32 folder, locate the t2embed.dll folder.
3. Remove all security permissions, direct and inherited, then check tehh "inherit permissions from parent folder" and save.
4. Navigate to the $NtUninstallKB972270$ and copy the file t2embed.dll to the desktop or another temporary location.
5. From the $NtUninstallKB982132$\spuninst folder run spuninst.exe.
6. From the $NtUninstallKB972270$\spuninst folder run spuninst.exe.
7. Restart computer in Normal Mode
8. Install KB972270. Restart if prompted.
9. Install KB982132. Restart if prompted.

The patched version should be 118KB, dataed 8/27/2010

ddmarshall RE: Resolved: KB972270 and KB982132 repeatedly install
Dedicated Contributor 10th Nov, 2011 22:30
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Have you used the workaround for the Duqu exploit? Microsoft added the following to the impacts yesterday:

Impact of Workaround. Applications that rely on embedded font technology will fail to display properly. Also, after applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.

http://technet.microsoft.com/en-us/security/adviso...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
ps.securia RE: Resolved: KB972270 and KB982132 repeatedly install
Member 10th Nov, 2011 22:55
Score: 0
Posts: 3
User Since: 10th Nov 2011
System Score: N/A
Location: US
The issue started last week. I didn't knowingly apply the workaround, and probably wouldn't, as I see no reason for a SERVER to use embedded fonts.
Was this reply relevant?
+0
-0
ddmarshall RE: Resolved: KB972270 and KB982132 repeatedly install
Dedicated Contributor 10th Nov, 2011 23:04
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I'd ask whether anybody else who has access to the server has run it as it changes the permissions on t2embed.dll exactly as you saw. Those two updates are over a year old. There was no reason they should suddenly start causing problems last week.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
xaniacomputing RE: Resolved: KB972270 and KB982132 repeatedly install
Member 13th Nov, 2011 14:58
Score: 6
Posts: 1
User Since: 13th Nov 2011
System Score: N/A
Location: UK
Last edited on 13th Nov, 2011 14:59
There is an easier way. The program you used to install the temporary patch also had a remove feature. You can find this at http://support.microsoft.com/kb/2639658#FixItForMe... Run the disable option and the KB's will install immedaitely.
Was this reply relevant?
+6
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability