Discussion:
[wpkg-users] KB3167679
Marco Gaiarin
2016-08-25 10:06:58 UTC
Permalink
Microsoft emitted in august the patch at subject:

https://support.microsoft.com/it-it/kb/3167679

that substantially disable NTLM password change, eg win7+ boxes on a
NT4.0-like domain (eg, samba3 or samba4 in NT mode) cannot anymore
change their password.

For the curious, the error is:
The system detected a possible attempt to compromise security.
Please ensure that you can contact the server that authenticated you.

I've setup a quick recipe to unistall that KB:

<package
id="7tweaks-remove-kb3167679"
name="Seven Registry tweaks: uninstall KB3167679"
revision="20160809:1"
reboot="false"
priority="5">

<check type="execute" path='%COMSPEC% /c wmic qfe | find "KB3167679"' condition="exitcodeequalto" value="1" />

<install cmd='wusa /uninstall /kb:3167679 /quiet /norestart' >
<exit code="3010" reboot="postponed" />
</install>
<install cmd='cscript.exe %WPKGROOT%\tools\HideWindowsUpdates.vbs 3167679' />

<upgrade include='install' />
<downgrade include='upgrade' />

<!-- Da implementare il remove... -->
</package>


'HideWindowsUpdates.vbs' came from:
http://superuser.com/questions/922068/how-to-disable-the-get-windows-10-icon-shown-in-the-notification-area-tray/922921#922921


But is my first ''negative'' recipe, and also the first recipe for a KB.


Eg, i've not clear how to reinstall it: where i can downlaod the .msu files?


Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797

Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
---------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/
Marco Gaiarin
2016-08-29 09:10:38 UTC
Permalink
[i reply to myself...]
Post by Marco Gaiarin
https://support.microsoft.com/it-it/kb/3167679
Ne version of the recipe:

<package
id="7tweaks-remove-kb3167679"
name="Seven Registry tweaks: uninstall KB3167679"
revision="20160809:3"
reboot="false"
priority="5">

<check type="logical" condition="and">
<check type="execute" path='%COMSPEC% /c wmic qfe | find "KB3167679" >nul' condition="exitcodeequalto" value="1" />
<check type="execute" path='%COMSPEC% /c cscript.exe //T:120 "%WPKGROOT%\tools\CheckHiddenWindowsUpdates.vbs" 3167679 >nul' condition="exitcodeequalto" value="0" />
</check>

<install cmd='wusa /uninstall /kb:3167679 /quiet /norestart' >
<exit code='1605' /> <!-- Non installato, standard. -->
<exit code="2359303" /> <!-- Non installato, specifico. -->
<exit code="3010" reboot="postponed" />
</install>
<install cmd='cscript.exe //T:300 "%WPKGROOT%\tools\HideWindowsUpdates.vbs" 3167679' />

<upgrade include='install' />
<downgrade include='upgrade' />

<!-- Faccio solo l'unhide, al resto penserà windows update... -->
<remove cmd='cscript.exe "%WPKGROOT%\tools\UnHideWindowsUpdates.vbs" 3167679' />
</package>


CheckHiddenWindowsUpdates.vbs and UnHideWindowsUpdates.vbs are banal
script modification of HideWindowsUpdates.vbs.


I've filled with timeout because 'HideWindowsUpdates.vbs' do a full
enumeration of patches, and then look at not installed ones.

There's some way to rewrite the script with a stricter query, eg
looking precisely at that KB? The code snippet is:

Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()
Set searchResult = updateSearcher.Search("IsInstalled=0")

i've digged on google to fund a stricter query, with no luck.


Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797

Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
---------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/
Loading...