Anybody else noticing this issue? I'm not sure if it's specific to my environment or if there are issues with the STPatchAssessment for these two patches:
NDP40-KB2898855-v2-x64.exe
NDP40-KB2901110-v2-x64.exe
Windows 2003 Standard x64 SP2 servers in my environments are not showing this patch as applicable and they are being picked up as still vulnerable by our vuln detection system. I was able to manually apply the patches to one server as a test.
On my test server I was examining logs to try to dig deeper. The server is Windows 2003 Standard x64 SP2. It has .Net 2.0 and .NET 4.0 installed which are both applicable to MS14-009. The .net 2.0 patches installed as expected for MS14-009 but the .net 4.0 did not.
Attached is a portion of the STPatchAssessment.log file. It looks like it is running detection rules for the .net 2.0 portion of MS14-009 but it is "skipping" .net 4.0.