SCAPaoT

Actually there is a bug within an update, that replaces the conhost.exe on Server 2008 R2 systems that do not have SP1 installed.
At these serversystems the eventlog for application is flooded with “EventID 33,  SideBySide” pointing towards conhost.exe and a missing assembly.

For further details on that error see the following KB article:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;977648

 The corresponding hotfix can be found here:

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=977648&kbln=de

At a customer, there are many servers with 2008 R2 installed.
So we decided to build a monitor in SCOM that displays an information for every system that hasn’t been updated with the hotfix or an sp1 installed.

The monitor fires the following script, checking the fileversion of conhost.exe.

Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()

Set objFSO = CreateObject("Scripting.FileSystemObject")
conhostVersion =  objFSO.GetFileVersion("c:\windows\system32\conhost.exe")

If InStr (1,conhostVersion, ".16823", 1) > 0 Then
 Call oBag.AddValue("Status","BAD")
else
 Call oBag.AddValue("Status","OK")
End If

Call oAPI.Return(oBag)

So after enabling the monitor, we have 138 servers left to patch.

Kind regards and happy patching.