marrone Posted August 22, 2007 Share Posted August 22, 2007 Patch KB935966 is not showing up in autopatcher, and I cannot install it from the august Win2k3 core release. Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) The patch is definitely in the release...it's stored under "Critical", but it's not showing up for me to select it. DNS is running on the server...it's a domain controller. I'm afraid to run it manually, in case there really is a reason Autopatcher isn't seeing it as important. Can anyone help? Thanks -Mike Link to comment Share on other sites More sharing options...
+M2Ys4U Subscriber¹ Posted August 22, 2007 Subscriber¹ Share Posted August 22, 2007 Try installing it manually, the worst that can happen is that it'll fail. Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted August 22, 2007 MVC Share Posted August 22, 2007 KB935966 only applies and is listed if you have the DNS component installed (C:\WINDOWS\system32\dns.exe exists) Link to comment Share on other sites More sharing options...
marrone Posted August 22, 2007 Author Share Posted August 22, 2007 KB935966 only applies and is listed if you have the DNS component installed (C:\WINDOWS\system32\dns.exe exists) Oh it's definitely there, and running, too. Just verified both. Any other ideas? This is happening on my other server as well. Thanks -Mike Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted August 22, 2007 MVC Share Posted August 22, 2007 run the installer manually to get your system patched, thats the most important thing right now, don't be afraid, if it didn't apply to your system it would refuse to install. likewise you don't need to be afraid about installing an old update, it'll only replace existing files that are older than the ones it has. the only thing you need to worry about is uninstalling patches, which is something i don't recommend! see here for why! it won't be showing up because your system isn't matching the requirements for some reason... the only requirements for this module are that: 1) system is English, 2) it's 2K3_SP1_X86 or 2K3_SP2_X86 and 3) system32:\dns.exe exists 'system32:' should be pointing to %system32%. lets try to test that... 1) grab the attached file (right click and save), rename the .txt extension to .apm 2) stick it in C:\Program Files\AutoPatcher\modules\ 3) temporarily move all *.rti files in C:\Program Files\AutoPatcher\ elsewhere to speed up autopatcher's load time (will skip integrity checks) 4) run autopatcher, allow it to "install" the test module 5) open C:\autopatcher_testdir.txt and see what it contains, it should report that system32: points to C:\WINDOWS\System32. if it doesn't then we may have a bug in autopatcher.exe, if it is, you need to check that dns.exe exists where it's supposed to test.txt Link to comment Share on other sites More sharing options...
marrone Posted August 22, 2007 Author Share Posted August 22, 2007 (edited) run the installer manually to get your system patched, thats the most important thing right now, don't be afraid, if it didn't apply to your system it would refuse to install. likewise you don't need to be afraid about installing an old update, it'll only replace existing files that are older than the ones it has.the only thing you need to worry about is uninstalling patches, which is something i don't recommend! see here for why! it won't be showing up because your system isn't matching the requirements for some reason... the only requirements for this module are that: 1) system is English, 2) it's 2K3_SP1_X86 or 2K3_SP2_X86 and 3) system32:\dns.exe exists 'system32:' should be pointing to %system32%. lets try to test that... 1) grab the attached file (right click and save), rename the .txt extension to .apm 2) stick it in C:\Program Files\AutoPatcher\modules\ 3) temporarily move all *.rti files in C:\Program Files\AutoPatcher\ elsewhere to speed up autopatcher's load time (will skip integrity checks) 4) run autopatcher, allow it to "install" the test module 5) open C:\autopatcher_testdir.txt and see what it contains, it should report that system32: points to C:\WINDOWS\System32. if it doesn't then we may have a bug in autopatcher.exe, if it is, you need to check that dns.exe exists where it's supposed to Ok, did all that. (And thanks for the testing here) The output reads: sys32 dir: C:\WINDOWS\system32\ And, looking in C:\WINDOWS\system32 shows dns.exe at 433KB, dated 2/17/2007 2:50AM, file version 5.2.3790.3959 I'll try manually putting it in now...but I figured if there is indeed a bug, it would be something you would want to know about. Though no-one else seems to be posting about the problem :(. <edit> it seems to install manually correctly...so the patch itself felt it was necessary. So...who knows? -Mike Edited August 22, 2007 by marrone Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted August 22, 2007 MVC Share Posted August 22, 2007 are you absolutely sure KB935966 does not appear in the critical section f the selection window :s if so, try this test module, i just want to see if it appears in the selection window. if it doesn't, delete the following two lines, save, and try again ComponentFile=system32:\dns.exe ComponentVersion=ANY don't forget to rename .txt to .apm! KB935966_test.txt Link to comment Share on other sites More sharing options...
marrone Posted August 22, 2007 Author Share Posted August 22, 2007 are you absolutely sure KB935966 does not appear in the critical section f the selection window :sif so, try this test module, i just want to see if it appears in the selection window. if it doesn't, delete the following two lines, save, and try again ComponentFile=system32:\dns.exe ComponentVersion=ANY don't forget to rename .txt to .apm! Ok, let me first state that after running the patch manually on one of my servers (which seemed successful), and rebooting, it STILL did not appear in the Autopatcher listing. All patches there are blue (with one exception...for outlook express...which either doesn't want ot install, or isn't detecting it...but I'm not concerned with that right now). But 935966 does not appear...even though it's been installed manually. So I ran your test. The first time through, nothing showed up. So I deleted the two lines (I'll assume that checks for dns.exe). Once I deleted your two lines and reran, the "test patch" showed up. I guess it's not finding dns.exe. Trust me. It's there. c:\windows\system32\dns.exe And DNS seems to be working just fine. Very perplexing! -Mike Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted August 22, 2007 MVC Share Posted August 22, 2007 (edited) what about if you just simply add the first of those two lines back in, does it work then? i'm probably going to have to report it as a bug to raptor update: email sent to raptor about it. please can you confirm the version number of autopatcher.exe Edited August 22, 2007 by theblazingangel Link to comment Share on other sites More sharing options...
marrone Posted August 22, 2007 Author Share Posted August 22, 2007 (edited) what about if you just simply add the first of those two lines back in, does it work then?i'm probably going to have to report it as a bug to raptor update: email sent to raptor about it. please can you confirm the version number of autopatcher.exe Autopatcher file version: 5.6.0.81 Added only first line in. Test module shows up. closed autopatcher. Added 2nd line back in. reran autopatcher. Test module not there. Verified c:\windows\system32\dns.exe exists. -Mike Edited August 22, 2007 by marrone Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted August 22, 2007 MVC Share Posted August 22, 2007 raptors been a bit busy lately and only surfaces on the internet once every one or two weeks. theres nothing more i can do myself, we're going t have to wait for raptor to surface and respond. Link to comment Share on other sites More sharing options...
marrone Posted August 23, 2007 Author Share Posted August 23, 2007 I figured that was pretty much all you could troubleshoot. Hopefully that's enough to go on. Thanks for the help. Autopatcher is a great product and has helped me immensely! -Mike Link to comment Share on other sites More sharing options...
Recommended Posts