Newsletter Archives

• MS12-034 / KB 2676562 / KB 2686509 mystery solved

  Posted on December 21, 2013 at 22:09 CST by woody • Comment in the Forums

  Eighteen months ago, you might recall a pesky Black Tuesday patch that never installed, and wouldn’t go away.

  Yuhong Bao, whom many of you might recognize as a frequent commenter both here and on my InfoWorld blog posts, has cracked the problem.

  He found a bug in the way the installer interprets a specific Registry key. If you have an unexpected value in that key, the KB 2686509 installer fails, and your system remains vulnerable to the hole known as  CVE-2012-0181.

  The next time Windows Update comes up for air, it sees that the MS12-034 installation failed, and re-offers the same patch.

  Microsoft has a manual workaround, described in my May 9, 2012 AskWoody article. A FixIt that allows the installer to work was issued after much sturm und drang. But Microsoft never did fix the patch. After all, it’s only for XP/Server 2003.

  Yuhong concludes that MS didn’t fix the patch because a failed install doesn’t really screw up anything. Mostly, it’s just annoying.

  Windows Patches/Security KB 2676562, KB 2686509, MS12-034

• A solution to the MS12-034 0x8007F0F4 problem?

  Posted on May 10, 2012 at 12:48 CDT by woody • Comment in the Forums

  A Windows expert I know (thanks again, SB!) claims she found out why she couldn’t get the MS12-034 .NET patch installed on her computer. It kept dying with an Error 0x8007F0F4 error, as described in my earlier post.

  A long, long time ago she re-mapped the Scroll key on her PC, following the advice in “I’ve Hit F12 For the Last Time – Jesper’s Blog“. Since the patch is playing around with keyboard layout files, apparently that was enough to make the MS12-034 installer go kablooey.

  Her advice:

  From a command prompt copy the following:

  reg delete “hklm\system\CurrentControlSet\Control\Keyboard Layout” /v “Scancode Map” /f

  and hit Enter. Reboot your PC, re-install the patch, and it works.

  Anybody else encountering the problem? Does this fix it?

  Windows Patches/Security Error 0x8007F0F4, fix, KB 2676562, May 2012 Black Tuesday, MS12-034

• Problem with MS12-034 / KB 2676562 patch

  Posted on May 9, 2012 at 11:06 CDT by woody • Comment in the Forums

  Another interesting Black Tuesday.

  I’m getting word (thanks again, SB!) that a lot of Windows XP users are having problems installing the MS12-034 / KB 2676562 patch. That’s the “Critical” combined patch for (got your scorecard out?) Office, Windows, .NET and Silverlight.

  There are zillions (well, two dozen) additional KB articles that address specific parts of the patch described in KB 2681578.

  Ready to start drowning in MS security alphabet soup? In fact, this is a double update, involving not only the KB 2676562 patch but also the KB 2686509 patch. More than a hundred files are involved. It ends up that both patches have to be applied in order to shore up a problem with loading keyboard layout files in Windows XP and Server 2003. That problem’s identified as CVE-2012-0181.

  When you try to run the patch through Microsoft Update, you may hit an Error 0x8007F0F4 – Installation Failure on the KB 2686509 patch. The error message tells you to try to install the update again. When you do, it fails again.

  You may also see the message, “Setup cannot continue because one or more prerequisites required to install KB2686509 failed (0x8007F0F4)”

  Here’s Microsoft’s official response to the problem:

  The detection logic for the security update package identified as KB2686509 performs an eligibility check of the system in order to verify whether the system meets the requirements to activate the fix applied by KB2676562, which addresses CVE-2012-0181. If the system meets the requirements, both KB2686509 and KB2676562 will be successfully installed on the system and the vulnerability described in CVE-2012-0181 will be addressed. Otherwise, KB2686509 will be re-offered until the system does meet the requirements. Successful installation of both the KB2686509 and KB2676562 update packages are necessary to be protected against CVE-2012-0181 on Windows XP and Windows Server 2003 systems. If your system does not meet the requirements to install the update, please follow the guidance documented in Microsoft Knowledge Base Article 2686509
  

  If you look at KB 2686509, here’s Microsoft’s workaround:

  This update enumerates all the keyboard layout files that are registered on your computer, and then it verifies that they are all in the %Windir%\System32 folder.
  

  Why is this update re-offered multiple times?
  

  Windows updates are reoffered until the update is installed on your computer. If this update is reoffered, maybe an installation failure has occurred. Check the KB installation log files for error codes. For example, the KB installation log file for this security update would probably be “C:\Windows\ KB2686509.log”
  

  What should I do if the installation of this security update fails with the “0x8007F0F4” error?
  

  If you receive the “0x8007F0F4” error when you try to install this security update, follow these steps:
  

  1. Open the Faultykeyboard.log file that is in the %windir% folder. This log file contains information about registered keyboard layout files that are not in the %Windir%\System32 folder. The log file will resemble the following:
     

  3. Keyboard1.dll
     

  4. .\Layoutfiles\keyboard2.dll
     

  5. C:\Windows\System\Kbda1.dll
     

     Note In this example, the first entry is just a file name. The second entry includes a relative path with the file name. The third entry includes a full path of the file.
     

  6. Copy the files that are listed in the Faultykeyboard.log log file into the System32 folder.
     

  Note Contact Microsoft support if you cannot find the Faultykeyboard.log file.
  

  So there you have it. Aren’t you glad you followed the MS-DEFCON system, and didn’t let Windows Automatically Update your system?

  Windows Patches/Security 0x8007F0F4, KB 2676562, KB 2686509, MS12-034