Update KB2667402 Remote Desktop Mystery


  1. Posts : 6
    Windows 7 Ultimate x64
       #1

    Update KB2667402 Remote Desktop Mystery


    I also posted this in the networking forum because it affects remote desktop, hope that's ok...

    I'm wondering if someone has time to help investigate or can duplicate a strange experience I've had recently with Remote Desktop in Windows 7 Ultimate x64.

    Here's my story...

    I have a small home network set up and regularly rdp from my Windows XP sp3 living room laptop to my Win 7 Ultimate x64 desktop in my home office.

    Everything has been working fine for some time. Last week, I lost the ability to connect. On the Win 7 machine there were several errors in the system event logs indicating Terminal server failing as follows:

    Terminal Server session creation failed. The relevant status code was %1 is not a valid Win32 application.
    is not a valid Win32 application.
    is not a valid Win32 application.
    is not a valid Win32 application.

    and

    Terminal Server listener stack was down. The relevant status code %1 is not a valid Win32 application.
    is not a valid Win32 application.
    is not a valid Win32 application.
    is not a valid Win32 application.

    I searched the net for these errors and found something quite bizarre was going on.

    It seems that on 3/14 MS issued a security update to patch a potential rdp exploit.
    The story behind the update is a strange one, there are allegations that the exploit itself was leaked to the wild by MS or one of it's security partners ahead of the patch. Sort of a conspiracy theory. The tech news was all over it. You can google news for "Microsoft Leaks RDP Exploit" or have a look here for an example.

    Chinese hack Microsoft

    Ok, that being said, my personal story gets stranger. I checked my Windows Update logs and found my machine had indeed taken the unattended updates to prevent the rdp exploit, specifically MS12-020, KB2667402.

    The timing of the update corresponded directly with my inability to rdp, so I dug a little further. I decided to do a system file integrity check. I opened an elevated command prompt and did a sfc /scannow at the dos prompt.

    Sure enough! The scan indicated a problem with a critical rdp component as shown below.

    ==========================================================
    2012-03-22 13:04:33, Info CSI 000000bc [SR] Verify complete
    2012-03-22 13:04:33, Info CSI 000000bd [SR] Repairing 1 components
    2012-03-22 13:04:33, Info CSI 000000be [SR] Beginning Verify and Repair transaction
    2012-03-22 13:04:33, Info CSI 000000c0 [SR] Cannot repair member file [l:20{10}]"rdpwsx.dll" of Microsoft-Windows-TerminalServices-RDP-WinStationExtensions-Binaries, Version = 6.1.7601.17767, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2012-03-22 13:04:33, Info CSI 000000c2 [SR] Cannot repair member file [l:20{10}]"rdpwsx.dll" of Microsoft-Windows-TerminalServices-RDP-WinStationExtensions-Binaries, Version = 6.1.7601.17767, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2012-03-22 13:04:33, Info CSI 000000c3 [SR] This component was referenced by [l:154{77}]"Package_3_for_KB2667402~31bf3856ad364e35~amd64~~6.1.1.1.2667402-6_neutral_GDR"
    2012-03-22 13:04:33, Info CSI 000000c6 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"rdpwsx.dll"; source file in store is also corrupted
    2012-03-22 13:04:33, Info CSI 000000c8 [SR] Repair complete
    ================================================================

    Ah Ha!!! rdpwsx.dll from Package_3_for_KB2667402 is the culprit!

    I thought surely this corrupt file must be the problem. So I uninstalled update KB2667402, rebooted and sure enough, rdp connectivity was back, and sfc indicates no errors.

    I thought maybe there was an error in downloading the update and let Windows Update install it again. Reboot and the corrupt file is back and no rdp joy. Uninstalled again and everything fine. Then I decided to update manually by downloading the individual update Windows6.1-KB2667402-x64.msu file manually from MS. Same exact problems!

    The rdpwsx.dll in all update packages I've tried appears to be corrupt, and looks suspicious. If you view the file properties you'll see no signature or version information like you would in most MS certified files, just a time and date stamp. And it fails sfc check every time.

    I've tried this literally dozens of times with the same results. The update succeeds with no failure but creates this suspicious bad file in the process. Could it be that the update itself is corrupt and MS doesn't realize it yet?

    Can someone here with the same OS please see if you can verify or duplicate my results? I'm thinking MS may be sending a corrupt security update that breaks rdp without knowing it. I'm not sure how a person would contact MS to report this.

    The solution for me is simple enough, uninstall the update and tell Windows Update not to try and install it again.

    If you want to be safe from the exploit without the update you can turn off rdp altogether or set it to require Network Level Authentication.

    But geez, if this update really does contain a bad or hacked file, think of how many others could be affected.

    Am I the only one experiencing this???

    Thanks in advance for the help or whatever comments you may have.
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #2

    The most likely explanation is that the system lacks the proper permissions to update one of the files involved in the update - not necessarily the one shown in the SFC report (that may just be a by-product).

    I would suggest contacting MS direct for assistance - critical update support is free - and see what they can do to help.
    It would be interesting to know what the fix is, if they can find one!
      My Computer


  3. Posts : 6
    Windows 7 Ultimate x64
    Thread Starter
       #3

    Thanks for the response Noel.

    Really what I'm looking for is to find someone who also has Win 7 Ultimate x64 installed, and who has taken update KB2667402 to compare notes with.

    If someone has the time, I'd be very interested in seeing the results of a System File Checker report to see if their rdpwsx.dll file is also corrupt or bad after the update.

    To do this open an elevated command prompt. Start>All Programs>Accessories, right click Command Prompt and run as administrator. Then at the prompt: sfc /scanfile=c:\windows\system32\rdpwsx.dll

    If errors are detected, you can export the results to a text file.

    At the command prompt: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >c:\sfcerror.txt

    Where c:\sfcerror.txt will be the text file that will contain the error details.

    If no error is detected, I'd really be interested in knowing the non-corrupted rdpwsx.dll file details, especially version, date and time.

    If someone is bored and has time to dink around with this, it'll only take a few minutes, and would be greatly appreciated.

    Thanks!
      My Computer


  4. Posts : 6
    Windows 7 Ultimate x64
    Thread Starter
       #4

    Thank you to everyone who responded.

    With the info you provided I was able to see the problem was clearly on my side and not with the update package itself.

    Once I understood that I looked at the event logs again, and while there were no errors in the system events regarding the update, there were in the setup logs, (which I didn't examine before) Doh!

    Pretty cheeky of me to think the update package itself was flawed.

    I solved this issue by using msconfig to run a completely clean boot with no third party processes or drivers, reinstalled the update package, and everything is good now.

    I've marked this mystery solved. Thanks again, great forum here, great folks too. Glad I registered, kudos to all.
      My Computer


  5. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #5

    Thanks for the response! - and a useful workaround.

    Good luck
      My Computer


  6. Posts : 1
    Windows 7 Ultimate 32bit
       #6

    Take a look at Microsoft's KB 2667402, which lists file versions and file date information for the current RDP files. It is interesting to note that there was a rerelease of the MS12-020 patch, partly because of file version issues.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:27.
Find Us