Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

MS09-010 960477 KB923561 FAILED on all Servers.

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 04-16-2009
JustJeff
 

Posts: n/a
MS09-010 960477 KB923561 FAILED on all Servers.
Trying to install on Windows 2003 Servers SP2 up to date patches. All new
patches install except above. Work around appears to be

This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
This file is set to read/execute only for the "everyone" group. Because of
this, it causes the patch to fail installation. I have tested and confirmed
that changing the permissions for the file to read/write will allow the patch
to apply. I then changed it back to read/execute.

Since this will require a lot of administrative effort, I wrote a quick
script to change the permissions on this file to RW, and then another to
change it back to read/execute.

However - Why should I need to do this? Should it not just install?
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 04-16-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
[Forwarded to Windows Server General & Security newsgroups via crosspost for
greater exposure]

See the "How to obtain help..." section of
http://support.microsoft.com/kb/960477 or
http://support.microsoft.com/kb/923561
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

JustJeff wrote:
> Trying to install on Windows 2003 Servers SP2 up to date patches. All new
> patches install except above. Work around appears to be
>
> This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
> This file is set to read/execute only for the "everyone" group. Because of
> this, it causes the patch to fail installation. I have tested and
> confirmed
> that changing the permissions for the file to read/write will allow the
> patch to apply. I then changed it back to read/execute.
>
> Since this will require a lot of administrative effort, I wrote a quick
> script to change the permissions on this file to RW, and then another to
> change it back to read/execute.
>
> However - Why should I need to do this? Should it not just install?


Reply With Quote
  #3 (permalink)  
Old 04-16-2009
JustJeff
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
Yes - but how does one get around the issue? This is happeneing on a
significant number of servers. MS email support is a joke.

"PA Bear [MS MVP]" wrote:

> [Forwarded to Windows Server General & Security newsgroups via crosspost for
> greater exposure]
>
> See the "How to obtain help..." section of
> http://support.microsoft.com/kb/960477 or
> http://support.microsoft.com/kb/923561
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
> JustJeff wrote:
> > Trying to install on Windows 2003 Servers SP2 up to date patches. All new
> > patches install except above. Work around appears to be
> >
> > This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
> > This file is set to read/execute only for the "everyone" group. Because of
> > this, it causes the patch to fail installation. I have tested and
> > confirmed
> > that changing the permissions for the file to read/write will allow the
> > patch to apply. I then changed it back to read/execute.
> >
> > Since this will require a lot of administrative effort, I wrote a quick
> > script to change the permissions on this file to RW, and then another to
> > change it back to read/execute.
> >
> > However - Why should I need to do this? Should it not just install?

>
>

Reply With Quote
  #4 (permalink)  
Old 04-16-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
[Jeff, if I knew why you were experiencing these failures and how you could
"get around" them, I'd tell you. Let's let some others reply to your
thread.]

JustJeff wrote:
> Yes - but how does one get around the issue? This is happeneing on a
> significant number of servers. MS email support is a joke.
>
> "PA Bear [MS MVP]" wrote:
>
>> [Forwarded to Windows Server General & Security newsgroups via crosspost
>> for greater exposure]
>>
>> See the "How to obtain help..." section of
>> http://support.microsoft.com/kb/960477 or
>> http://support.microsoft.com/kb/923561
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>
>> JustJeff wrote:
>>> Trying to install on Windows 2003 Servers SP2 up to date patches. All
>>> new
>>> patches install except above. Work around appears to be
>>>
>>> This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
>>> This file is set to read/execute only for the "everyone" group. Because
>>> of
>>> this, it causes the patch to fail installation. I have tested and
>>> confirmed
>>> that changing the permissions for the file to read/write will allow the
>>> patch to apply. I then changed it back to read/execute.
>>>
>>> Since this will require a lot of administrative effort, I wrote a quick
>>> script to change the permissions on this file to RW, and then another to
>>> change it back to read/execute.
>>>
>>> However - Why should I need to do this? Should it not just install?


Reply With Quote
  #5 (permalink)  
Old 04-17-2009
Susan Bradley
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
JustJeff wrote:
> Trying to install on Windows 2003 Servers SP2 up to date patches. All new
> patches install except above. Work around appears to be
>
> This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
> This file is set to read/execute only for the "everyone" group. Because of
> this, it causes the patch to fail installation. I have tested and confirmed
> that changing the permissions for the file to read/write will allow the patch
> to apply. I then changed it back to read/execute.
>
> Since this will require a lot of administrative effort, I wrote a quick
> script to change the permissions on this file to RW, and then another to
> change it back to read/execute.
>
> However - Why should I need to do this? Should it not just install?


do you have some sort of hardening template installed? I don't have
"read/execute for the Everyone group" on mine?
Reply With Quote
  #6 (permalink)  
Old 04-17-2009
Susan Bradley
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
JustJeff wrote:
> Trying to install on Windows 2003 Servers SP2 up to date patches. All new
> patches install except above. Work around appears to be
>
> This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
> This file is set to read/execute only for the "everyone" group. Because of
> this, it causes the patch to fail installation. I have tested and confirmed
> that changing the permissions for the file to read/write will allow the patch
> to apply. I then changed it back to read/execute.
>
> Since this will require a lot of administrative effort, I wrote a quick
> script to change the permissions on this file to RW, and then another to
> change it back to read/execute.
>
> However - Why should I need to do this? Should it not just install?

Warning Undo this workaround before installing this security update.

In order to apply the access list, run the following commands from the
command prompt. Note that some of these may result in an error message,
this is expected.

echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc" /E /P
everyone:N
echo y| cacls "%ProgramFiles%\Common Files\Microsoft
Shared\TextConv\mswrd632.wpc" /E /P everyone:N

echo y| cacls "%ProgramFiles%\Common Files\Microsoft
Shared\TextConv\mswrd632.cnv" /E /P everyone:N
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft
Shared\TextConv\mswrd632.wpc" /E /P everyone:N
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft
Shared\TextConv\mswrd632.cnv" /E /P everyone:N
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd664.wpc" /E /P
everyone:N
echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd6.wpc" /E
/P everyone:N

Impact of workaround. Upon implementing the workaround, the user will no
longer be able to convert Word 6 documents to WordPad RTF or Word 2003
documents. Microsoft Office Word will return an error saying, "The file
appears to be corrupted."

How to undo the workaround.

echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc" /E /R
everyone
echo y| cacls "%ProgramFiles%\Common Files\Microsoft
Shared\TextConv\mswrd632.wpc" /E /R everyone
echo y| cacls "%ProgramFiles%\Common Files\Microsoft
Shared\TextConv\mswrd632.cnv" /E /R everyone

echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft
Shared\TextConv\mswrd632.wpc" /E /R everyone
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft
Shared\TextConv\mswrd632.cnv" /E /R everyone

echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd664.wpc" /E /R
everyone
echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd6.wpc" /E
/R everyone



You did the mitigtion, you have to undo it first.
Reply With Quote
  #7 (permalink)  
Old 04-17-2009
Susan Bradley
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
JustJeff wrote:
> Trying to install on Windows 2003 Servers SP2 up to date patches. All new
> patches install except above. Work around appears to be
>
> This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc.
> This file is set to read/execute only for the "everyone" group. Because of
> this, it causes the patch to fail installation. I have tested and confirmed
> that changing the permissions for the file to read/write will allow the patch
> to apply. I then changed it back to read/execute.
>
> Since this will require a lot of administrative effort, I wrote a quick
> script to change the permissions on this file to RW, and then another to
> change it back to read/execute.
>
> However - Why should I need to do this? Should it not just install?

Disable the Word 6 converter by restricting access

An administrator can apply an access control list to affected converters
to ensure that the converter is no longer loaded by WordPad and Office.
This effectively prevents exploitation of the issue using this attack
vector.

Warning Undo this workaround before installing this security update.

Reply With Quote
  #8 (permalink)  
Old 04-17-2009
Ace Fekay [Microsoft Certified Trainer]
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
"JustJeff" <JustJeff@discussions.microsoft.com> wrote in message
news:EDFEF978-7A4B-4DFB-8FD5-560FC323476A@microsoft.com...
> Yes - but how does one get around the issue? This is happeneing on a
> significant number of servers. MS email support is a joke.


Hello Jeff,

I have not been following the whole thread, and only see the past 3 posts.
But I must say, I've actually have not seen any problems with this update,
or others. I don't see why you have to alter any permissions for any updates
to be installed onany server unless basic out of the box configuration has
been altered or a security template has been applied.

Have you made any configuration changes to your DCs and servers, such as C:
drive permission changes, disabled services (such as the required DHCP
Client service), or anything like that based on company SOP? Are you only
using your internal DNS servers for all machines' IP properties?


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.


Reply With Quote
  #9 (permalink)  
Old 04-17-2009
Ace Fekay [Microsoft Certified Trainer]
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:e7G7yAuvJHA.1492@TK2MSFTNGP03.phx.gbl...
> [Jeff, if I knew why you were experiencing these failures and how you
> could "get around" them, I'd tell you. Let's let some others reply to
> your thread.]



To add, after looking into it deeper, and I don't know if this was discussed
in this thread, but it appears the following article indicates the
installation may fail if 960906 was installed prior to this installation.
MS09-010: Description of the update for Windows WordPad Converter: April 14,
2009
http://support.microsoft.com/?id=923561

And this is 960906, that indicates it changes permissions on that file:
Microsoft Security Advisory: Vulnerability in Wordpad Convertor could allow
remote code execution
http://support.microsoft.com/?id=960906

I assumed if you have numerous servers, that you read the bulletins and
articles prior to installation?

Ace

Reply With Quote
  #10 (permalink)  
Old 04-18-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: MS09-010 960477 KB923561 FAILED on all Servers.
Ace Fekay [Microsoft Certified Trainer] wrote:
> "JustJeff" <JustJeff@discussions.microsoft.com> wrote in message
> news:EDFEF978-7A4B-4DFB-8FD5-560FC323476A@microsoft.com...
>> Yes - but how does one get around the issue? This is happeneing on a
>> significant number of servers. MS email support is a joke.

>
> Hello Jeff,
>
> I have not been following the whole thread, and only see the past 3 posts.
> But I must say, I've actually have not seen any problems with this update,
> or others. I don't see why you have to alter any permissions for any
> updates
> to be installed onany server unless basic out of the box configuration has
> been altered or a security template has been applied.
>
> Have you made any configuration changes to your DCs and servers, such as
> C:
> drive permission changes, disabled services (such as the required DHCP
> Client service), or anything like that based on company SOP? Are you only
> using your internal DNS servers for all machines' IP properties?


> I have not been following the whole thread, and only see the past 3 posts.


That's because the newsservers are still horked and have been for the past
month or so.

Here's the entire thread as archived in Google Groups:
http://groups.google.com/group/micro...3fab655525f3da

Right now, it's showing eight (8) posts, including your two (2). Expand the
quote in the first post (mine) to see Jeff's first post.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
KB923561,KB956572,KB961373,KB952004,KB960803,KB959426 corrupt JVM lukaszlagosz@gmail.com microsoft.public.windowsupdate 11 06-04-2009 19:28
MS09-010 - Critical: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) Steve Microsoft Security Bulletins 0 04-14-2009 18:50
MS09-002 Problems Greg Lara microsoft.public.internetexplorer.general 2 02-14-2009 14:35
Re: MS09-002 Problems PA Bear [MS MVP] microsoft.public.windowsupdate 1 02-14-2009 14:35
MS09-002/MS09-004, Consistent Exploit Code Likely Paul Security News 0 02-11-2009 13:30




All times are GMT +1. The time now is 16:34.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120