After Microsoft Security Advisory KB2607712 update impact RRS feed

  • Question

  • Hi,

    After installing Microsoft Security Advisory (2607712) in our network PC's & Servers using WSUS server, most of users was having several issues and stopped their routine duties :-
    1- Unable to Print on shared printers.
    2- Unable to access sheared folder.
    3- Unable to Connect to File servers.
    4- Some users having a message saying the Domain server is not available & Cannot change password.

    5- New PC's cannot join our Domain.

    Devices having those issues are (Win Xp pro (SP3), Vista Business, Win 7 Pro and Win Server 2003).

    I tried to download manually and reinstall/remove it again, also do a System restore but same issues remaining. 

    Please Help.

    Thank you.

    • Moved by Carey FrischMVP, Moderator Monday, September 12, 2011 12:06 AM Moved to more appropriate forum category (From:Windows Vista Announcements)
    Sunday, September 11, 2011 8:44 AM

All replies

  • Hi,

    The update may not be installed properly. Please try manually downloading it from microsoft download center:



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, September 14, 2011 7:40 AM
  • Hi Magone,

    Actually I did what you recommend and I already downloaded the update manually but no luck ! Still the issue is showing in most of our domain PC's and Servers. Also most of Services has been DISABLED automatically after a while even if I start them again!

    Another issue started is those PC'S/Servers are not updating from GPO and when I force them from CMD command I get an error:-

    "User policy could not be updated successfully. The following errors were encount

    The processing of Group Policy failed. Windows attempted to read the file \\***.com.sa\sysvol\***.com.sa\Policies\{B527C275-03D1-4677-8143-DB91889
    CD2ED}\gpt.ini from a domain controller and was not successful."


    "The processing of Group Policy failed. Windows attempted to read the file \\***.com.sa\sysvol\***.com.sa\Policies\{85F40611-606D-46EC-BD2E-01A1549
    3B44C}\gpt.ini from a domain controller and was not successful."


    This problem started since last Saturday after the KB2607712 update.

    Hope to find a solution your help is really appreciated.


    Wednesday, September 14, 2011 8:27 AM
  • Please take a look at the Known issues for this update, I hope the affected machines were restarted after installing the update.

    Are you up to date with all other windows update?

    Ideally if the issue is caused by this update it should disappear once the update is uninstalled.


    Known issues

    • An issue with the package was found in which the PKIoverheid certificates were missing from the Windows Vista update and from the Windows Server 2008 update on Microsoft Download Center. Customers who downloaded the package before September 9, 2011, should download and install the update again. Customers who installed the update through Automatic Updates or through Windows Update are not affected.
    • A restart is required for all editions of Windows XP and of Windows Server 2003.
    • A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.



    Sumesh P - Microsoft Online Community Support
    Friday, September 16, 2011 1:12 PM
  • The only case with some similarity to your issue was found resolved after installing the below updates, do you have them already?

    Note that these are not directly related to the Diginor update in question.


    Extended Protection for Authentication

    MS09-059: Vulnerability in the Local Security Authority Subsystem Service could allow denial of service

    MS11-013: Description of the security update for Kerberos in Windows XP and in Windows Server 2003: February 8, 2011

    Update to the AutoPlay functionality in Windows

    MS11-043: Vulnerability in SMB Client could allow remote code execution: June 14, 2011

    MS11-063: Vulnerability in Windows Client/Server Run-time subsystem could allow elevation of privilege: August 9, 2011

    MS11-062: Vulnerability in Remote Access Service NDISTAPI driver could allow elevation of privilege: August 9, 2011

    MS11-065: Vulnerability in Remote Desktop Protocol could allow denial of service: August 9, 2011

    Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits

    August 2011 cumulative time zone update for Windows operating systems

    Sumesh P - Microsoft Online Community Support
    Friday, September 16, 2011 1:21 PM
  • Dear Sumesh, Thank you for your reply, the updates you mentioned are already installed! and still the issue exists and not solved! Now we have to restart manually on most Services on each PC's and Server which has this issue. Also the problem is those device's are not getting the GPO from our domain. We check with our Network Admins and nothing was chained, also we did a Virus scan and all clean! Your help appreciated,
    Sunday, September 18, 2011 9:40 AM
  • This is a revision of the update released on 19th, mainly intended for XP/2003, can you try this?

    2616676 Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing


    If this doesnt help, I encourage you to open a support incident with us to investigate this in depth due to the impact of the issue.

    Please visit the below link to see the various paid support options that are available to better meet your needs.http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone



    Sumesh P - Microsoft Online Community Support
    Wednesday, September 21, 2011 12:25 PM