.Net Framework: Update KB4340558 drops error 0x80092004?

Windows Update[German]Last night Microsoft released the .NET Framework update KB4340558 for Windows. As it looks, this update is buggy and cannot be installed. The installation ends (on some systems) 0x80092004. Addendum: Microsoft has published workarounds – see addendum below.


Advertising


.Net Framework update KB4340558

.Net Framework update KB4340558 (Security and Quality Rollup updates for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2) is available for the above framework versions. The security update is intended to fix the following vulnerabilities.

  • A “remote code execution” vulnerability exists when .NET Framework does not validate input correctly. An attacker who successfully exploits this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights. To exploit the vulnerability, an attacker would have to pass specific input to an application through susceptible .NET Framework methods. This security update addresses the vulnerability by correcting how .NET Framework validates input. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8284.
  • An “elevation of privilege” vulnerability exists in .NET Framework that could allow an attacker to elevate their user rights level. To exploit the vulnerability, an attacker would first have to access the local computer, and then run a malicious program. This update addresses the vulnerability by correcting how .NET Framework enables COM objects. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8202.
  • A “security feature bypass” vulnerability exists when .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. This security update addresses the vulnerability by making sure that .NET Framework components correctly validate certificates. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8356.

The specified security fixes therefore suggest that you install this security update quickly.

Installation Fails with Error 0x80092004

German blog reader Markus B. contacted me today via e-mail (thanks) and described his observation.

KB4340558 is running on error. 60 PCs cannot install it. Find also already the first forum posts to it. Don’t seem like the only one.

“2018-07 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 under Windows 8.1 and Server 2012 R2 for x64 (KB4340558)”. It has error code 80092004.”

A 2nd blog reader from Greece reported the same to me via e-mail. Currently ther is only a German forum post, describing the same error. Also downloading the package from Microsoft Update Catalog and install ist manually, ends with the error dialog shown below.

Update KB4340558 Installationsfehler


Advertising

However, Markus B. wrote, that he received an install error code 0x80092004 (not shown above), which should be found in the event logs. Error code 0x80092004 stands for CRYPT_E_NOT_FOUND, ‘The object or property was not found’. This indicates that something was not found within the package. I assume that Microsoft broke something within the package and have to re-release a new version.

Further details

Below user Valter left a comment, shedding a bit light into that issue. I mentioned the CRYPT_E_NOT_FOUND meaning for error code 0x80092004. Blog reader Valter found the following entry within his event log:

“Couldn’t find the hash of component: NetFx4-PenIMC”

So it seems that one part of the update is missing a has value, so the update installer refuse the package. PenIMC stands obviously for a pen component (Pen Input Mode Component?).

For curiosity I went to Microsoft Update Catalog and tried to download KB4340558. The goal was to analyze the package.

Components of Update KB4340558

Microsoft Update Catalog offered me three .msu packes. Blog reader Valter wrote below in a comment, that he wasn’t able to install the .msu files. There is a Russian Technet forum thread, where KB4338424, KB4338415 and KB4338419 are mentioned also. While KB4338424 and KB4338415 installs for this user, KB4338419 creates the install error.

I read also some forum posts (see here at spiceworks), where users are claiming, that the update installs on Windows Server 2012 R2 without a flaw. Due to the fact, that we have a cumulative update, it’s explainable, that not all Windows 8.1 and Windows Server 2012 R2 systems will fail. Some are probably patched, while on others updating NetFx4-PenIMC fails due to the missing hash value.

What helped some users

Addendum: At askwoody.com there is this forum post, where a user wrote, that entering the command below in an administrative command prompt windows helped.

Dism /Online /NoRestart /Cleanup-Image /StartComponentCleanup

Just try it and reboot Windows. If it works, it’s fine, but I’m skeptical.

Addendum: At askwoody.com user abbodi86 pointed out: ‘but running DISM is not enough, KB4229727 & KB4096417 must be uninstalled beforehand.

Sum it up and final recommendations

Before I wrote the blog post, I’ve 3 different cases, where this update fails during installation on Windows 8.1 clients or Windows Server 2012 R2. After publishing the German and English article, I received another 8 confirmations of this error so far. There are also posts at Microsoft answers, at askwoody and spicework community.

All approaches as using sfc /scannow and dism, to repair Windows system files and component store, or delete the update store, won’t help. Also an attempt to install the package from a download via the .msu file will fail. Currently my recommendation is to hide the update, and wait until Microsoft releases a revised patch or recommendations to fix the install issue. I’ve escalated the issue within this Microsoft answers forum thread, and I created this Technet forum thread – let’s hope that help. If you are affected, you can leave a comment. If a solution is known, also.

Addendum: Microsoft confirmed the issue

Microsoft has added a ‘known issues’ section to KB4340558 with the following text:

Users receive a “0x80092004” error when they try to install the July 2018 Security and Quality Rollup update KB4340557 or KB4340558 on Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 after they install the June 2018 .NET Framework Preview of Quality Rollup updates KB4291497 or KB4291495 on systems that are running on .NET Framework 4.7.2, 4.7.1, 4.7, 4.62, 4.6.1, or 4.6.

So it may be helpful, to uninstall KB4291497 or KB4291495.

Microsoft published workarounds

On July 13, 2018 Microsoft published the article “0x80092004” error occurs and July 2018 .NET Security and Quality Rollup update KB4340557 or KB4340558 does not install after you apply June update KB4291497 or KB4291495 with workarounds for this issue (thx JR for the comment). But I should note, that I got feedback from some affected users, where Microsoft’s fix doesn’t help.


Advertising


This entry was posted in issue, Security, Update, Windows and tagged , , , , , . Bookmark the permalink.

34 Responses to .Net Framework: Update KB4340558 drops error 0x80092004?

  1. Orlin Pavlov says:

    I experience this problem too. On all Server 2012 R2 this update failed with the same error.

  2. Charl Burger says:

    Hi,

    I have the same problem on Windows Server 2012 R2, We have 11 servers and two have failed so far with the same errors on updates (KB4340558) and (KB4054566)

    from South Africa.

    • guenni says:

      Thx, I also received confirmation from spicework community that update KB4054566 is causing the same issue.

  3. Valter says:

    I am seeing the same issue with KB 4340558 as well as KB 4054566 (Microsoft .NET Framework 4.7.2) and the logs are reporting “Couldn’t find the hash of component: NetFx4-PenIMC”. Standard cleaning of C:\Windows\SoftwareDistribution as well as DISM and sfc runs did not help. Really looks like a botched .NET rollout so we are holding back on this Patch Tuesday’s .NET changes until something new gets announced.

    • guenni says:

      Thanks for your feedback.

    • Valter says:

      Oh, and additionally to add: Trying to manually install the updates (with .msu and not through Windows Update/WSUS) did not seem to make any difference either for us.

      • guenni says:

        If the hash for a component is missing or wrong, the package may not be installed at all (because somebody could have altered the package – MS delivers the updates often via http instead of https.

  4. Sitz says:

    Yep, same prob on all our Server 2012 R2 installations.
    Identical error codes.

    Strange your site seems to be one of the very few reporting this prob.
    Well, at least we know it’s no just us.

    Will check back to see if there is any news.

  5. gc says:

    Hi, I have the same error code for Windows 8.1 on a Lenovo T470 ThinkPad :

    2018-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340558)

    Installation date: ‎11.‎07.‎2018 19:13

    Installation status: Failed

    Error details: Code 80092004

    Update type: Important

    A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

    More information:
    http://support.microsoft.com/kb/4340558

    Help and Support:
    http://support.microsoft.com

  6. Advertising

  7. Ted says:

    There are multiple MSU files in KB4340558 because the .NET patches are just a wrapper around three different patches, each corresponding to a specific version of .NET.

    KB4338424 = 3.5
    KB4338415 = 4.5.2
    KB4338419 = 4.6.x and 4.7.x = where the problem lies based on the article above

    So you are likely to only see this error on OSes that have 4.6.x or 4.7.x installed perhaps?

    I found this out the hard way once. One of the .NET patches failed mid-install and afterwards Windows Update would no longer detect the patch as needed so I couldn’t reinstall it. I downloaded the individual MSU files and found that the first one applied and would throw the message it was already installed when I tried to apply it, the other two did not result in the same message and let me manually apply them. So the patch died somewhere in the transition between the first MSU and the second, or it failed on the second and didn’t roll back the first. Either way I ended up with 1/3 of the patch installed.

  8. Bitterman says:

    win 8.1 x64 in Sweden same error update install failed have tried 10 times different install and reboot, still refuses to install.

  9. I’m seeing the same problem on 30 some servers, including VM-Guest machines.

    It looks like Microsoft needs to fix this.

  10. Henk says:

    Exactly the same problem here (same update, manually from msu, resulting in same error code on Win8.1 x64). Did as advised and hid the update.

    Could it be that this update fails only on systems where the standard tablet input components have been disabled?

  11. coyote says:

    Ditto. Wish I’d googled this webpage before I wasted hours on the Windows 8.1 Update Troucleshooter!

  12. K says:

    Hi all!

    So pleased that I am not the only one experiencing this issue so thank you all for posting details of your experience with this update. I hope that Microsoft corrects the error in an expeditious manner as I too have wasted time trying to install several times.

    2018-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340558)

    First attempts 11-07-2018 and then again today 12-07-2018

    Installation status: Failed

    Error details: Code 80092004

    Cheers

  13. RubyOrb says:

    Same for me, nothing worked auto/manual, so I searched on the problem which led me here.

    Do you think since .NET’s security updates that 3rd party security programs could be conflicting with the OS /updates?

    PS: Surprised this problem hasn’t been been posted on MS’ support site… odd

  14. Peter Tomasi says:

    I have the same problem.

    Installation of KB4340558 always fails on all my 3 Win 8.1 Professional machines with error code 80092004.
    Considering available posts on www I conclude the package to be faulty.

    Microsoft, please fix!

  15. Ian Denning says:

    Same issues here on some 2012 R2 Servers.

  16. Jack Tollan says:

    We have 4 x 2012 R2 Servers. Only one of them has this issue but the update has installed on the other 3. Two of the servers are almost exact duplicates of each other with the same hardware and software. One of them has the issue but the other does not.

  17. Nick says:

    Yep, same issue also.

  18. Pingback: Patch Tuesday problems abound, Server 2016 crashes, and a .Net patch goes down in flames - Technology Arena

  19. Michael says:

    Yup – same issue also (windows 2012 R2, VM)

  20. Ruby Neal says:

    Same issue here… municipal government with dozens of Windows 2012R2 servers, both physical and virtual machines running under Hyper-V. KB4340558 fails with error code 80092004 on all of them.

  21. Lia says:

    So glad I found this to be a known problem. So the same here in NL.

  22. Petre says:

    Same here, on Windows 2012R2

  23. Luís says:

    I experience this problem too.

  24. windows 8.1 says:

    Version=1
    EventType=WindowsUpdateFailure3
    EventTime=131759293473718147
    Consent=1
    ReportIdentifier=59049751-8654-11e8-88d2-bcaec5d77667
    Response.type=4
    Sig[0].Name=ClientVersion
    Sig[0].Value=7.9.9600.18970
    Sig[1].Name=Win32HResult
    Sig[1].Value=80092004
    Sig[2].Name=UpdateID
    Sig[2].Value=16FBEB32-5ED2-4A46-BCD6-D7AC17887EE3
    Sig[3].Name=Scenario
    Sig[3].Value=Install
    Sig[4].Name=RevisionID
    Sig[4].Value=202
    Sig[5].Name=IsManaged
    Sig[5].Value=0
    Sig[6].Name=LastError
    Sig[6].Value=80092004
    Sig[7].Name=CallerAppID
    Sig[7].Value=AutomaticUpdatesWuApp
    Sig[8].Name=ServiceUsed
    Sig[8].Value={7971F918-A847-4430-9279-4A52D1EFE18D}
    Sig[9].Name=MiscField2
    Sig[9].Value=0
    DynamicSig[1].Name=OS Version
    DynamicSig[1].Value=6.3.9600.2.0.0.256.48
    DynamicSig[2].Name=Locale ID
    DynamicSig[2].Value=1038
    FriendlyEventName=Windows Update installation problem
    ConsentKey=WindowsUpdateFailure3
    AppName=Host Process for Windows Services
    AppPath=C:\Windows\System32\svchost.exe
    ReportDescription=A Windows update did not install properly. Sending the following information to Microsoft can help improve the software.
    ApplicationIdentity=00000000000000000000000000000000

  25. Eric. says:

    I have the same problem. I try to fix it with sfc/scannow on Windows 8.1 but still the error code 80092004.
    I gonna hide the update till we receiving an better solution.
    Why is Microsoft not check it on there on Computers before they send it to the people?

    Am living in the Philippines.

  26. OckhamsChainsaws says:

    Confirming MS fix resolves the issue. Remove the old kb then do dism. I am betting people didnt actually read the article and did cleanup-image /restore health out of habit instead of reading the article and doing /Cleanup-Image /StartComponentCleanup

    fixed issue on all my 2012 boxes

    • guenni says:

      Thx for feedback and glad it worked. Just for the records: I received feedback from ex MS guys, knowing the articles and my hint to take care of the uninstall preview updates. Their feedback was: It didn’t work (Win 8.1 Clients). Unfortunately I don’t know the reason for the failure.

  27. NotMe says:

    For anyone still struggling with this, installing .NET 4.7.2 and reinstalling the patch should resolve the issue. It seems the patch requires .NET 4.7.2 being installed.

Leave a Reply

Your email address will not be published. Required fields are marked *