Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Windows Update missing three .NET security updates

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft .NET Framework 4.x

This thread has been marked as locked.
joe schmoe Windows Update missing three .NET security updates
Member 22nd May, 2012 04:13
Ranking: 38
Posts: 139
User Since: 26th Nov, 2008
System Score: 100%
Location: US
Last edited on 22nd May, 2012 04:17

The three updates posted are:

KB 2518864
KB 2572073
KB 2633880

Windows update set to automatically download and install at 3:00 AM daily.

Windows Update icon in taskbar tray, clicking that initiates installation.

Icon does not disappear, instead it cycles back as if installation never happened. Shutting down computer brings up "Turn off" box, goes through process; installing update 1 of 3, etc., and shuts down cleanly, but windows update icon reappears when computer is turned back on.

WU in IE8 shows numerous successful installations of the three above updates, some 21 of them at the moment. No errors are produced.

What I've got is an endless loop.

PSI 2.0.0.3003 is showing 97% as these three are missing. I have manually downloaded and installed these three updates; no change.

Running Microsoft fix-it for windows update fails after the Powershell program is installed. Failure occurs when registering the MATSEng.dll COM module.

Am running Online Armor Firewall Free at the moment.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit

DougL RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 06:44
Score: 0
Posts: 4
User Since: 6th Feb 2008
System Score: N/A
Location: N/A
I have the same problem, except Secunia reports .NET Framework 1, 2, 3, and 4 as insecure. When I install the same three updates previously described, the updates show as successful, yet a re-scan in Windows Update reports those three updates again, and Secunia shows the same insecure programs. I'm running WIN XP Pro SP3. I'm in the same tail chase!
Was this reply relevant?
+0
-0
joe schmoe RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 09:22
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Last edited on 22nd May, 2012 09:23
Update: http://forums.cnet.com/7723-6132_102-563702/need-f...

Not the only ones here.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 09:59
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
same here! Auto updated the three KBs three times! But PSI scan returns 96% score, with .Net framework 1, 2, 3, and 4 all insecure.

MS Update confirms these three updates have been installed three times yet the MS yellow shield ("updates ready" etc) is still showing.

Must be a Microsoft problem so I'm off to check there.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 10:07
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I've asked Microsoft.

see http://answers.microsoft.com/en-us/feedback/forum/...


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
npmills RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 10:31
Score: 5
Posts: 5
User Since: 6th Feb 2008
System Score: N/A
Location: N/A
I reported same problem at virtually same time, so will monitor this thread.

Windows Update showed 3 critical updates for Net Framework:
KB2572073, 2518864 & 2633880
PSI also showed 4 Net Framework updates required.
Downloaded, Installed and Win Update reported succesful. Re-ran update, same updates still appeared in critical list. After 4 attempts and update history showing 4 successful instals of each update

Why is Win Update still reporting these updates as required?

OS = Win XP SP3
PSI 2 - now 96%
Was this reply relevant?
+0
-0
Maurice Joyce RE: Windows Update missing three .NET security updates
Handling Contributor 22nd May, 2012 11:11
Score: 11785
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have U all completed a CUSTOM option Windows Update - In Windows XP Microsoft place numerous updates in there.

If U find any outstanding .NET updates install those first before the ones causing the problem.

If nothing is lurking in the optional updates what does MBSA tell U?

http://technet.microsoft.com/en-us/security/cc1849...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 11:43
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hi Maurice.

There appears to be no way to customise updates if you select the Automatic Update.Am I missing something obvious, please?

What confuses me is that the Update history on the Microsoft Update screen shows that the updates have been installed (three times).

Could it be that it's one of those "re-boot one before installing another"?

I'll run MBSA later today as I'm off out now!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 11:43
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 22nd May, 2012 11:44
removed double-posting

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 11:48
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
looks like this has been happening for a while:

http://answers.microsoft.com/en-us/windows/forum/w...


I've not checked out the other KBs.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
npmills RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 12:38
Score: 5
Posts: 5
User Since: 6th Feb 2008
System Score: N/A
Location: N/A
Have run MBSA and it shows only the three updates missing (the subject of this thread).

Custom Update also shows only the three missing (as one would expect)

Only other thought is that my XP SP3 instal was from a slipstreamed disk (original was SP1). Is it possible that an essential previous Net Framework update may not be installed? Would this make a difference?
Was this reply relevant?
+0
-0
DougL RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 15:43
Score: 0
Posts: 4
User Since: 6th Feb 2008
System Score: N/A
Location: N/A
I have run a manual custom update several times with the same troubling results. My operating system, WIN XP Pro SP3 is completely standard and not slipstreamed, so we can rule out that possibility. I have yet to see any response from MS on this problem.
Was this reply relevant?
+0
-0
Anthony Wells RE: Windows Update missing three .NET security updates
Expert Contributor 22nd May, 2012 16:56
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Maurice et al ,

Nothing o/s in custom at M$updates ; confirmed by Belarc .

MBSA picks out the 3 KB's as missing , being critical and says a reboot is necessary (under Admin Vulnerabilities) . Rebooting has/does not change the situation .

The KB's seem to download the first time correctly but do not install nor display anywhere I can see . The installation screen does not ask for a (immediate) reboot on completion as one would expect . The shield reappears in the tray .

The FixIt for WU said everything was fine .

The May 9th KB for Net 2 was out of numerical sequence as are the three currently on offer - they are noted for XP and Server 2003 only .

Busy , gotta go .

Anthony




--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 18:36
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I don't know if this is relevant but . . . . .

There are times on my XP desktop when after installing an update, there as a reminder to reboot so that they can take effect. Pretty normal stuff.

However, on my Win7 laptop, whenever there are these updates, the system installs them as part of the shutting-down process. The warning message says something like "Do not turn off the power - critical updates are being installed". Again, pretty normal stuff.

But what was strange about these .NET updates on my XP desktop was that the system installed them as part of the shutting-down process.

Could this be relevant i.e. is there a problem with the Microsoft Update system as far as these as concerned?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 18:53
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 22nd May, 2012 18:55
lots of activity on Microsoft Answers - link below. But I'm too fed up to plough through all of them now. It'll have to wait until the morning but perhaps there's something there that will help one of you.

http://answers.microsoft.com/en-us/windows/forum/w...

edit: PS Look at the unanswered section!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-0
Websafe RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 19:16
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello all,

My PC also has those .NET Framework security updates which keep returning in my sys-tray: “Ready to install” after being installed.

PSI flags Microsoft .NET Framework 1.x, 2.x and 3.x as insecure.

Did a search in Update history (using IE 8) and found:
KB 2518864 installed 14 June 2011,
KB 2572073 installed 11 October 2011,
KB 2633880 installed 14 February 2012.

These updates seems pretty old. I can't find anything about the above KB's being renewed.

Meanwhile I wait for a reaction from Microsoft.

Windows XP home – SP3,
PSI 2.0.0.3003.

Websafe.
Was this reply relevant?
+0
-0
npmills RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 19:27
Score: 5
Posts: 5
User Since: 6th Feb 2008
System Score: N/A
Location: N/A
Went to the link Taffy suggested.

Method 1: Update Windows Installer version

a. Download and install Windows Installer 4.5 Redistributable on your system from the given link below:
Windows Installer 4.5 Redistributable:
http://www.microsoft.com/en-us/download/details.as...

Note: Choose WindowsXP-KB942288-v3-x86.exe

This worked for me (thankfully). If it hadn't, the other suggested solution is:

Method 2: Remove .Net Framework components and Reinstall

a. Download .Net Cleanup Utility from Microsoft Downloads. The file name is dotnetfx_cleanup_tool.zip

b. Double click on the file and click Extract Now.
c. In the files that you extracted, double-click cleanup_tool.exe.
d. In the Do you want to run the .NET Framework Setup Cleanup Utility? message, click Yes.
e. Click Yes to accept the license agreement.
f. In the Product to cleanup window, select .NET Framework - All versions and then click Cleanup Now.
g. After the .NET Framework is removed, restart the computer and proceed with reinstalling the .Net Framework components
h. Download and install the following components:

Microsoft .NET Framework Version 1.1 Redistributable Package (http://www.microsoft.com/downloads/details.aspx?Fa...)

Microsoft .NET Framework 1.1 Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?fa...)

.NET Framework 3.5 SP1 (this will also install the .NET Framework 2.0 SP2 and the .NET Framework 3.0 SP2)
Microsoft .NET Framework 3.5 Service Pack 1 (http://www.microsoft.com/downloads/details.aspx?fa...)

i. Once all the .Net Framework components have been reinstalled, restart the computer then try to perform Windows Update again.

Once the above is performed there will be 13 updates to be installed on your computer. I have done the above to my computer and all is now fine. The fix apparently worked.

Was this reply relevant?
+5
-0
joe schmoe RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 19:42
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Last edited on 22nd May, 2012 20:23
on 22nd May, 2012 16:56, Anthony Wells wrote:
Maurice et al ,

Nothing o/s in custom at M$updates ; confirmed by Belarc .

MBSA picks out the 3 KB's as missing , being critical and says a reboot is necessary (under Admin Vulnerabilities) . Rebooting has/does not change the situation .

The KB's seem to download the first time correctly but do not install nor display anywhere I can see . The installation screen does not ask for a (immediate) reboot on completion as one would expect . The shield reappears in the tray .

The FixIt for WU said everything was fine .

The May 9th KB for Net 2 was out of numerical sequence as are the three currently on offer - they are noted for XP and Server 2003 only .

Busy , gotta go .

Anthony

Hi Anthony,

Never expected this to become a firestorm. Alas, it is.

As the requested KB's are old/obsolete, why are these being detected and asked for?

KB 2518864
KB 2572073
KB 2633880

Manually downloading and installing the following replacement KB's does not fix these issues. All are the most recent .NET updates, 2.0, 2.0 SP2, 3.5 SP1, Microsoft states these KB's replace the ones now flagged. They do not overlay the previous KB's, if I am not mistaken.

They should not even be there.

These are from the last monthly cycle, according to Belarc: (May 8th, 2012)

KB 2601092
KB 2604110
KB 2656407
KB 2604111

Belarc shows them as there, no security vulnerabilities flagged, but they are not present in PSI or WU.

As these issues are rated critical by Microsoft as a security vulnerability, are we now vulnerable?

joe

EDIT: ISSUES FIXED!
Hi npmills,

Using the Windows redistributable 4.5 and running it for XP fixed the issue(s). As one can see, PSI is now reporting 100% score.

Use Windows XP-KB942288-v3-x86.exe, size 3.2 MB and restart on completion of install.


Thanks.

Rescan PSI to ensure 100% score after this is done.

I think problem came from Microsoft?


--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-0
Websafe RE: Windows Update missing three .NET security updates
Member 22nd May, 2012 20:47
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Updating .NET Framework; problems solved here

Hello npmills and all,

The solution from npmills in his above post:

>>> Method 1: Update Windows Installer version
>>>
>>> a. Download and install Windows Installer 4.5 Redistributable on your system from the given link below:
>>> Windows Installer 4.5 Redistributable:
>>> http://www.microsoft.com/en-us/download/details.as...
>>>
>>> Note: Choose WindowsXP-KB942288-v3-x86.exe


This solution also worked perfect on my computer; both windows update and PSI flags Windows as updated again.

Please read the complete post from npmills if you are still stuck with Windows update problems.

Websafe.
Was this reply relevant?
+1
-0
ddmarshall RE: Windows Update missing three .NET security updates
Dedicated Contributor 22nd May, 2012 21:08
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Microsoft reissued two .NET Framework updates today. This may solve the problem for some.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 22nd May, 2012 23:29
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
just received an email from Microsoft Answers where a Microsoft MVP has referred me to the below for the solution.

Will look at it, and the above suggestions tomorrow but I can't help feeling that it is a problem due entirely to Microsoft. Almost as bad as (was it SP2?0 when their fix assumed that everyone has Pentium and so caused major headaches for Athlon AMD PCs! :0)

http://answers.microsoft.com/en-us/windows/forum/w...

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Windows Update missing three .NET security updates
Handling Contributor 22nd May, 2012 23:58
Score: 11785
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
The fix is here which was updated today:
http://technet.microsoft.com/en-us/security/bullet...

I think your assumption on SP2 is well wide of the mark. A little research will quickly enlighten U on who was to "blame" for that fiasco which was not MS.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Anthony Wells RE: Windows Update missing three .NET security updates
Expert Contributor 23rd May, 2012 01:18
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Seeing reports that Redmond have fixed things , I reran MBSA and no missing KB's , but it still picks out a reboot (for something or other) .

M$updates custom run shows nothing to install .

Shield still there , presume that will also disappear when I restart tomorrow .

Time for bed .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 23rd May, 2012 09:59
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
@ Maurice.

I was simply making the point that the entire blame for this .Net update fiasco seems to have been Microsoft's, and not users as had been suggested.

Regarding the AMD/Pentium fiasco, I did say that I wasn't sure if it happened during the SP2 download. But it certainly happened during a major change - SP3 perhaps? - and my recollection is that it certainly was the fault of Microsoft's failure, that the download was for Pentium and so completely messed up PCs using AMD. The problem was discovered by a Microsoft MVP at the time.

Regarding this incident, there's more info here:

http://www.askwoody.com/

The author appears to have been right to suggest we do nothing and let Microsoft sort out their mess . . . . . but doesn't that overlook the fact that we are then left with insecure PCs, as PSI shows?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 23rd May, 2012 10:09
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I've just been to the MS Update screen and checked Express, the recommended route for high priority updates. Nothing there, so I then went to Custom - nothing there.

PSI-scanned again and - bingo! - 100%, without me having to do anything else.

What a relief!


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 24th May, 2012 23:38
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
on 23rd May, 2012 09:59, taffy078 wrote:
@ Maurice.

I was simply making the point that the entire blame for this .Net update fiasco seems to have been Microsoft's, and not users as had been suggested.

Regarding the AMD/Pentium fiasco, I did say that I wasn't sure if it happened during the SP2 download. But it certainly happened during a major change - SP3 perhaps? - and my recollection is that it certainly was the fault of Microsoft's failure, that the download was for Pentium and so completely messed up PCs using AMD. The problem was discovered by a Microsoft MVP at the time.

Regarding this incident, there's more info here:

http://www.askwoody.com/

The author appears to have been right to suggest we do nothing and let Microsoft sort out their mess . . . . . but doesn't that overlook the fact that we are then left with insecure PCs, as PSI shows?


Just found my files. It was XP SP3 and Microsoft received the lion's share of the blame.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-0
ddmarshall RE: Windows Update missing three .NET security updates
Dedicated Contributor 25th May, 2012 00:27
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The SP3 update problem was caused by OEM's using Intel CPUs to prepare Windows images to run on AMD processors. That wasn't supported by Microsoft and resulted in incorrect entries being left in the Registry. This in turn led to the systems not booting after the SP3 update.
http://support.microsoft.com/kb/953356

I doubt that people were vulnerable whilst these updates were being repeatably offered. The problem seems to have been that updates which were already installed or superseded were being incorrectly detected as required. When the revised updates were released this stopped without any changes being necessary on the system.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 25th May, 2012 11:55
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I've found one of the articles that helped me at the time of the SP3 problem. Here it is:

http://msinfluentials.com/blogs/jesper/archive/200...

It's interesting to see that one of MS's KB articles was originally written when similar problems happened with SP2, putting the blame on the OEMs.

It's also interesting to see that HP put forward their defence to this.

Who's right? I haven't a clue - it's too technical for me - but I don't think that these MVPs were well wide of the mark.

Regarding security, the "askwoody" article contains a suggestion that we turned off the Microsoft Auto Update and do nothing until MS sorted it out, which they did. What I was querying was if we made no attempt at all to download the updates, we'd still have the old .NET versions in place, ones that PSI were reporting as insecure.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Anthony Wells RE: Windows Update missing three .NET security updates
Expert Contributor 25th May, 2012 17:11
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th May, 2012 17:24
Hello taffy ,

In my non-tech words , then KB2604092 was offered to you earlier this month (on patch Tuesday 8/9th May) and you probably installed it correctly like most other people . It patched .NET Framework 2.0 SP2 - you can see it if you run Belarc , you will also see it is an "old" number in the sequence - in doing so it modified the existing/previously installed three even older KB's which are in question in this thread . This was a security fix making you safe , which is the answer to your major query/question .

Why did M$ do this :ie: reoffer the old KB's?? No idea .

Why didn't the KB's install after downloading ?? As I understand , there is a File Protection system in Windows which prevent old files being reistalled when doing so would modify the existing/current state of those files , that state was modified when the May KB2604092 landed ; this procedure was keeping you secure rather than letting in the old risky files to re-enter/be re-set . Or something like that , which is either luck , good fortune or something people like Woody knew or as in this blog (from one of the links you posted above) :-

http://msmvps.com/blogs/bradley/archive/2012/05/21...

Whatever , after they woke up the next day in Redmond they mended the system about 10.00 am Pacific time about 6.00 pm your time . This meant that you did not need to do anything at all and the KB's disappeared from WU , like what I found later that evening .

Why did reinstalling the Windows installer work for some ?? No idea .

Why did M$ make new patches and not offer them ?? No idea . put it down to Magick like I do .

Equally , I do not know why M$ offered these updates in the first place .

You were and are safe(ish) , well don't look over your shoulder , we are talking Windows and the net/web and all your surfing toys .

EDIT : PS : the PSI was not detecting a problem with the actual KB's as such , it was passing on the message it got from WU , just in case you missed it .

Hope that is clear enuff .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
taffy078 RE: Windows Update missing three .NET security updates
Contributor 26th May, 2012 07:46
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thank you Anthony. Simple, non-technical and easy to understand! ;0)

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
JL Krol RE: Windows Update missing three .NET security updates
Member 30th May, 2012 02:27
Score: 4
Posts: 57
User Since: 10th Dec 2008
System Score: N/A
Location: US
I had a similar issue needing 3 .NET Framework files (1x, 2x, 3x). Had my contracted online tech support install them the other day, but Secunia's scan showed they still needed to be updated. My tech support really got adamant with me about Secunia PSI being a 3rd party software, and that Microsoft had made no error. Well, MS issued an update for .NET Framework v.2 SP2 (KB2656369), and after it was installed, I rescanned with PSI beta 3.0, and got a 100% score.

Secunia PSI v.3.0 is working well. Now, if I could have the "bells and whistles" of v.2.0 (like showing files as LIST instead of ICONS, etc.), I'd be in heaven.

JL Krol
Toshiba Satellite A105-S4074
XP Media Center Edition / SP3
USA
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer