christian.wilhelm | 14 Oct 20:25 2013

AW: The problem child of the month appears to be KB2862330

We are talking about that:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ?

On all fully patched 2008 R2 Servers or Win7 X64 machines I do see none of these entries.

-----Urspr√ľngliche Nachricht-----
Von: Emin [mailto:emin.atac@...] 
Gesendet: Montag, 14. Oktober 2013 17:43
An: Patch Management Mailing List
Betreff: Re: [patchmanagement] The problem child of the month appears to be KB2862330


In my org., we are currently investigating another side effect of MS13-081.

The RunOnce registry key is getting populated with the following content on some computers:

MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

Anyone else noticed the same behavior?

On Fri, Oct 11, 2013 at 6:33 AM, Susan Bradley <susan@...> wrote:

	MS13-081: Description of the security update for USB drivers: October 8, 2013:
	Which appears to be our problem child of the month.
	It's a kernel update (tend to have issues anyway)
	It's a usb update (and with all our third party usb drivers)
	It can take two reboots (a sign that it's a complex issue getting fixed)
	I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support
call and help all of us in the process, please let me know.
	A very [very] few people have reported a BSOD
	A few people have reported it not getting
	--- is hosted by Shavlik
	To unsubscribe send a blank email to leave-patchmanagement <at>
	If you are unable to unsubscribe via this email address, please email
<mailto:owner-patchmanagement <at>>