Custom Inventory Rule Misbehaving; Possibly Due to May Microsoft Patches?
Did anyone else notice after patching Windows last month any strange errors with Custom Inventory rules? I had a very simple rule:
For all intents and purposes, it was inactive. However, within the last week there were complaints that a notepad window was opened on a client computer. The notepad session was opened, looking at the file referenced by the above CIR rule.
I looked through the May patches and there was one that seems possibly related: MS14-027 (Vulnerability in Windows Shell Handler Could Allow Elevation of Privelage).