Re: MS09-010 960477 KB923561 FAILED on all Servers.
- From: "Harry Johnston [MVP]" <harry@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Apr 2009 15:28:19 +1200
I'd guess the mitigation had already been undone on these servers, since Everyone had RX permission. Probably someone made a mistake either when applying the mitigation or removing it and accidentally zapped the Administrator permissions which should have remained unchanged.
JustJeff: the correct permissions for the mswrd8.wpc file (and the other files in the same directory) are:
BUILTIN\Users:R
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
Harry.
Susan Bradley wrote:
JustJeff wrote:.Trying to install on Windows 2003 Servers SP2 up to date patches. All new patches install except above. Work around appears to beWarning Undo this workaround before installing this security update.
This tries to modify C:\Program Files\Windows NT\Accessories\mswrd8.wpc. This file is set to read/execute only for the "everyone" group. Because of this, it causes the patch to fail installation. I have tested and confirmed that changing the permissions for the file to read/write will allow the patch to apply. I then changed it back to read/execute.
Since this will require a lot of administrative effort, I wrote a quick script to change the permissions on this file to RW, and then another to change it back to read/execute.
However - Why should I need to do this? Should it not just install?
In order to apply the access list, run the following commands from the command prompt. Note that some of these may result in an error message, this is expected.
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc" /E /P everyone:N
echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /P everyone:N
echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /P everyone:N
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /P everyone:N
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /P everyone:N
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd664.wpc" /E /P everyone:N
echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd6.wpc" /E /P everyone:N
Impact of workaround. Upon implementing the workaround, the user will no longer be able to convert Word 6 documents to WordPad RTF or Word 2003 documents. Microsoft Office Word will return an error saying, "The file appears to be corrupted."
How to undo the workaround.
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc" /E /R everyone
echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /R everyone
echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /R everyone
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /R everyone
echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /R everyone
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd664.wpc" /E /R everyone
echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd6.wpc" /E /R everyone
You did the mitigtion, you have to undo it first.
- References:
- MS09-010 960477 KB923561 FAILED on all Servers.
- From: JustJeff
- Re: MS09-010 960477 KB923561 FAILED on all Servers.
- From: Susan Bradley
- MS09-010 960477 KB923561 FAILED on all Servers.
- Prev by Date: Re: windows update corrupts my kernel
- Next by Date: Re: Security Update KB956572 install fails continually
- Previous by thread: Re: MS09-010 960477 KB923561 FAILED on all Servers.
- Next by thread: Re: MS09-010 960477 KB923561 FAILED on all Servers.
- Index(es):
Relevant Pages
|
