Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-02-16 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Mayhem: February Patch Failure Summary

Published: 2015-02-16
Last Updated: 2015-02-16 15:03:48 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

February was another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems, here a quick overview of what has failed so far:

Bulletin/KB # Patch Symptom Solution
MS15-009
KB 3023607
SSL fix to address the "POODLE" vulnerability. Cisco AnyConnect will refuse to connect run AnyConnect client in Windows 7 or Windows 8 Compatibilty Mode
KB2920732 PowerPoint (functionality fix, not a security patch) Powerpoint 2013 fails to start on Windows RT "refresh" your device (see https://support.microsoft.com/kb/2751424 ) or remove patch. Microsoft did withdraw the patch.
MS15-010
KB3013455
Windows Kernel Mode Drivers Font quality degrades in Windows Vista SP2 and Windows Server 2003 SP2 (also affected: Windows XP if you paid for extended support). remove patch
KB3001652 Update for Microsoft Visual Studio 2010 Tools for Office Runtime Patch will not finish installing and "hang" making the system unresponsive

This patch has to be installed as Administrator. Otherwise, the user will not see a dialog box that needs to be acknowledged to complete the install. Microsoft withdrew the patch and later reissued it. No problems with the re-issued version.

There are 3 "versions" of this patch:

October 2014: initial release
February 10th: released as part of patch Tuesday, removed after problems were reported.
February 11th: released to fix the problems reported in Feb. 10th version

In addition, an important reminder that the "Group Policy" patch alone does not fix the actual vulnerability. In addition to applying the patch, you have to enable the new group policy options:

See https://support.microsoft.com/kb/3000483 for details.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
3 comment(s)
Diary Archives