{"id":15099,"date":"2020-07-20T02:03:24","date_gmt":"2020-07-20T00:03:24","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15099"},"modified":"2021-11-23T10:56:26","modified_gmt":"2021-11-23T09:56:26","slug":"sigred-patch-kb4565524-install-fails-in-windows-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/20\/sigred-patch-kb4565524-install-fails-in-windows-server-2008-r2\/","title":{"rendered":"SIGRed-Patch KB4565524: Install fails in Windows Server 2008 R2"},"content":{"rendered":"

\"Windows[German<\/a>]Microsoft released update KB4565524 for Windows Server 2008 R2 on July 14, 2020. Among other things, the update is intended to close the critical SIGRed vulnerability in the Windows DNS server. However, users report that the update installation fails with error code 0x80070661.<\/p>\n

<\/p>\n

The SIGRed vulnerability<\/h2>\n

\"\"There has been a bug in the code of the Windows DNS server for 17 years that leads to a critical vulnerability. The worm exploitable vulnerability could be exploited to gain domain administrator privileges and compromise the entire underlying corporate infrastructure.<\/p>\n

Affected are Windows Server 2003 up to the current Windows Server 2019. I had reported extensively about the SIGRed vulnerability in the article Critical update for SigRed Bug in Windows DNS Server<\/a>. CISA warns US admins to patch the vulnerability quickly (see CISA warns admins: Patch the SIGRed Windows DNS Server vulnerability<\/a>).Microsoft has released updates to close the vulnerability.<\/p>\n

Update KB4565524 for Windows Server 2008 R2<\/h2>\n

Update KB4565524<\/a> is also available for Windows Server 2008 R2 It is not explicitly mentioned there, but besides several fixes this update fixes the SIGRed vulnerability. neben diversen Fixes schlie\u00dft dieses Update die SIGRed-Schwachstelle.<\/p>\n

Update KB4565524 not installable<\/h2>\n

In this comment<\/a>, Brian Hampsonpoints out that the KB4565524 update cannot be installed on Windows Server 2008.<\/p>\n

the July patch for 2008R2 won't apply. It reverts after install. 0x80070661 \u2013 wrong architecture.<\/p><\/blockquote>\n

Hampson\u00a0 points to this thread at reddit.com<\/a>, where the problem is also explained. One affected person writes:<\/p>\n

Anyone having issue installing the patch for the new CVE? windows 2008R2<\/p>\n

So i installed the SSU for 2008R2 KB4562030<\/p>\n

Rebooted even though it wasn't required<\/p>\n

Then installed the KB4565524<\/p>\n

Rebooted as asked and now it goes to Failure Windows update reverting update.<\/p>\n

This happened on 3 different Windows 2008R2 machines<\/p>\n

and strangely nothing in the WU logs or event viewer<\/p>\n

Anyone got that issue?<\/p><\/blockquote>\n

So he does not get the update installed on Windows Server 2008 R2. The update might get the error code 0x80070661 – wrong architecture.<\/p>\n

The cause: Missing ESU license<\/h2>\n

In this comment<\/a> I have named the reason for the crude error message. Systems with Windows Server 2008 R2 that do not have an ESU license are excluded from the update installation. Without an ESU license all update installations will fail and a rollback will be initiated. The problem as far as I have found out: It was nearly impossible for customers without volume license subscriptions or E3 plans to get an ESU license – I don't know a solution yet.<\/p>\n

The (unofficial) BypassESU solution used by some Windows 7 users is not an option for Windows Server 2008 R2 systems (imho, due to many collateral damages). My tip would be to have a look at the following blog post (Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>). It describes a solution from Acros Security that protects systems from vulnerabilities for little money even without an ESU license.<\/p>\n

Similar articles:<\/strong>
\nCritical update for SigRed Bug in Windows DNS Server<\/a>
\nCISA warns admins: Patch the SIGRed Windows DNS Server vulnerability<\/a>
\nWindows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a><\/p>\n

Wow! Windows 7 get extended support until January 2023<\/a>
\nWindows 7: Free Extended Update Support and usage<\/a>
\nWindows 7 Extended Security Updates (ESU) requirements<\/a>
\nWindows 7 Extended Security Update (ESU) program available<\/a>
\nWindows 7 Extended Security Updates (ESU) program, price and source for SMEs<\/a><\/p>\n

Windows 7: Buy and manage ESU licenses<\/a>\u00a0\u2013 Part 1
\nWindows 7: Preparing for ESU and license activation<\/a>\u00a0\u2013 Part 2
\nWindows 7: ESU Activation inEnterprise Environment<\/a>\u00a0\u2013 Part 3
\nWindows 7: ESU questions and more answers<\/a>\u00a0\u2013 Part 4<\/p>\n

Windows 7: Forcing February 2020 Security Updates<\/a>\u00a0\u2013 Part 1
\nWindows 7: Securing with the 0patch solution<\/a>\u00a0\u2013 Part 2
\nWindows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a>
\nProject: Windows 7\/Server 2008\/R2 Life Extension & 0patch one month trial<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Microsoft released update KB4565524 for Windows Server 2008 R2 on July 14, 2020. Among other things, the update is intended to close the critical SIGRed vulnerability in the Windows DNS server. However, users report that the update installation fails with … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,580,22,2],"tags":[2520,69,195,18],"class_list":["post-15099","post","type-post","status-publish","format-standard","hentry","category-issue","category-security","category-update","category-windows","tag-kb4565524","tag-security","tag-update","tag-windows-server-2008-r2"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15099"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15099\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}