MS12-034 / KB 2676562 / KB 2686509 mystery solvedPosted on December 21st, 2013 at 22:09 Comment on the AskWoody Lounge
Eighteen months ago, you might recall a pesky Black Tuesday patch that never installed, and wouldn’t go away.
Yuhong Bao, whom many of you might recognize as a frequent commenter both here and on my InfoWorld blog posts, has cracked the problem.
He found a bug in the way the installer interprets a specific Registry key. If you have an unexpected value in that key, the KB 2686509 installer fails, and your system remains vulnerable to the hole known as CVE-2012-0181.
The next time Windows Update comes up for air, it sees that the MS12-034 installation failed, and re-offers the same patch.
Microsoft has a manual workaround, described in my May 9, 2012 AskWoody article. A FixIt that allows the installer to work was issued after much sturm und drang. But Microsoft never did fix the patch. After all, it’s only for XP/Server 2003.
Yuhong concludes that MS didn’t fix the patch because a failed install doesn’t really screw up anything. Mostly, it’s just annoying.