none
June 2017 IE patch detected as missing even though its superseded patch is installed sucessfully RRS feed

  • Question

  • Dear Experts, 

    I have few queries :

    > i have been pacthing IE on win 2012 R2 servers from Oct 2017 and the latest deployed pacth is April 2018 roll out. but when i scan these server by Vulnerability scanners- it detects  june 2017 IE patch missing(which i know was never deplyed as i started patching from Oct 2017 ) and i believe this June 2017 IE patch requires below registry key to be present , which they are not :

    The following registry key is missing.

    This registry key is required to enable the fix for CVE-2017-8529:

    SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

    SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

    My Query is - 

    Does the installation of the superseding patch adds/updates the registry keys required for the patch it supersedes.In this case should  the successfull installation of April 2018 IE patch be adding these registry keys required for June 2017 IE patch. if not  is there any documentation related to this ?


    Thursday, May 17, 2018 8:56 AM

All replies

  • Hi,

    june 2017 IE patch missing

    the KB articles themselves are the primary documentation.

    from your server version of IE select the Help>About Internet Explorer to display the

    Update Version: KB...…..

    click on the KB number to navigate to the MSDN documentation where you will see any important notices...

    Important 



    • The fixes that are included in this Security Update for Internet Explorer 4103768 are also included in the May 2018 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

    • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer (KB 4103768), the May 2018 Security Only Quality Update, and the May 2018 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.

    • This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from May 2018 (or a later month) is already installed. This is because those updates contain all the fixes that are in this Security Update for Internet Explorer.

    see also

    https://www.computerworld.com/article/3209042/microsoft-windows/more-june-security-patch-bugs-you-can-patch-an-ie-flaw-cve-2017-8529-or-print-inside-iframes-but-no.html

    Regards.


    Rob^_^

    Thursday, May 17, 2018 9:04 PM
  • Hi Rob ,

    we have installed April 2018 IE patch (KB4103768) ; should it fix deploy the June 2017 IE (KB4021558) patch as per the catalog information given in KB4103768  ?

    Monday, May 21, 2018 3:03 PM
  • Hi,

    sorry, I can't comment. I have not deployed on that platform to test. A MSFT support engineer may be able to answer your question more fully.

    Did you read the linked computerworld article?

    are you running terminal services? or are you using IE on a server version of windows as a client?

    Regards.


    Rob^_^

    Monday, May 21, 2018 10:07 PM