Hot Fixes Scan Doesn't Show Installed Hotfixes After Microsoft KB3004394 Was Installed

Comments

1 comment

  • Jason Hanks

    Bob,

    Our QA Engineer Kris did some digging on this and just emailed me this information which makes perfect sense as to why you're getting the results you're seeing.

    His email:

    We investigated this as best as we could. Unfortunately, we didn't have any machines with the original bad hotfix (KB3004394) installed.

    Microsoft has already removed their direct download links to the hotfix for Win7/2008R2. As it turns out, KB3004394 only has issues on Windows 7 SP1 and Windows Server 2008 R2 SP1.

    Since we didn't have the ability to test this issue directly, we attempted to look more deeply into what the new fix (KB3024777) was doing that might cause any issues with other hotfixes.

    Here's what we found:

    The KB3024777 is a wrapper for the following command:

    dism.exe /online /remove-package /packagename:Package_for_KB3004394~31bf3856ad364e35~x86~~6.1.1.0 /quiet /norestart

    That means that KB3024777 isn't actually installing a hotfix. It's not installing anything at all.

    We believe that this is why it is not showing up in the list of installed hotfixes. It's only calling an uninstaller to uninstall KB3004394 via dism (info link).  This explains why both of them are showing up in the install history but not showing up as installed hotfixes.

    If you're interested in seeing this in action yourself, you're welcome to duplicate our steps. We utilized the Sysinternals Process Monitor (link) to trace the process as it was created when we ran the KB3024777 exe file.

    Just a head's up, though, if you've never used a process monitor before. It's like trying to drink from a fire hose.

    Here's what to look for inside Process Monitor:

    Process name: <name of the kb's .exe> (in our case, that was KB302477-x86.exe)
    Operation: Process Create

    If you add these as a filter, you should be find the same information pretty quick.

    0
    Comment actions Permalink

Please sign in to leave a comment.