Jim, per Shavlik XML release, this was the update to the patch:
- Modified MS12-054(Q2705219): Microsoft revised this bulletin to rerelease the KB2705219 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 to address an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes.
So the actual hotfix contents were not modified, so the detection logic should be the same, and if you have already applied the "v1" patch, then you do not need to apply the v2 patch. Due to the improper certificate timestamps, Shavlik probably received some complains that this patch cannot be installed, so Shavlik have fixed the certificate part, but not the contents. You do not need to apply v2 to your servers, if the patch is not reported missing.
I don't recall seeing something like this from Shavlik, but there's always a first time. Hopefully this answers your question.
On the other hand, if the file contents were modified, then Shavlik does need to update their detection logic after validating it with MS. We will check with Shavlik on this. I'll update the post once we have more info.
How does the certificate get updated if we don't apply anything new? There is a separate executable with 'v2' in the name that Microsoft is now distributing so our assumption is that this qualifies as a new patch. The Microsoft Security Baseline Analyzer does report the v2 version of the patch missing on servers where we installed the v1 version.
Yes, we're contacting Shavlik about this so that if the patch does need to be applied on top of v1, then Shavlik will modify the detection logic.
1 of 1 people found this helpful
Jim most likely knows already due to vip privileges of having filed the ticket : ) but to bring the rest of community up to date, VMware/Shavlik are working on modifying detection logic for this patch, so that it can be reported missing and deployed where applicable; right now it's just a matter of time.