Re: NT 4.0 Security Roll-up and the issue of hotfixes

From: Eric (ews@TELLURIAN.NET)
Date: 07/28/01 

Message-ID:  <5.1.0.14.0.20010727143517.03687790@mail.tellurian.net>
Date:         Fri, 27 Jul 2001 15:19:16 -0700
From: Eric <ews@TELLURIAN.NET>
Subject:      Re: NT 4.0 Security Roll-up and the issue of hotfixes
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ - per the below - I don't think things are nearly as bad as you are
making them out to be. If you are running the most current versions of
your software, apply the SRP, and follow the directions at the bottom of
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/nt4srp.asp,
you will be up to date.

The list of "25 patches above and beyond the SRP" is not really 25, as many
of these issues are superseded by other listed issues, and several issues
are resolved by running recent versions of software (IE, JVM, WMP).

Following the instructions, it boils down to installing latest software for
three packages, installing the SRP, following 6 workarounds, and applying 3
patches.

I'm sure we can discuss this in more detail, and methods to ease the patch
pain, at the NTBugtraq conference next week
(http://ntbugtraq.ntadvice.com/conference.asp)

--eric

Details:
------------------------------------------------------------------------------------------------------
If you are running NT4 SP6a, and apply the SRP hotfix, you must then do the
following things:
  - install latest version of IE (5.5 SP1) This will remove 8 of the below
items
  - install latest version of WMP 7.1 This removes one item below.
  - install latest version of Java Virtual Machine. This removes four
items - three superseded by the fourth (00-081), as documented in the
nt4srp page.
  - follow the directions at the bottom of
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/nt4srp.asp
which includes discussion of
       - 6 workaround solutions that have no patches
       - 3 patches that are called out as not being included in the SRP.
       - 1 issue which is fixed in the SRP itself (01-041)

  - three items are not applicable as they apply to separately purchasable
SKUs (Exchange, MCIS, SFU) These patches should only be applied if you
have applied these products.

At 05:32 PM 7/27/2001 -0400, you wrote:
>98-001 - workaround - documented in nt4srp.asp
>99-018 - superseded - by IE 5.01+
>99-025 - workaround - documented in nt4srp
>99-031 - superseded - by MS00-081 - documented in nt4srp
>99-032 - superseded - by IE 5.01+
>99-036 - workaround - documented in nt4srp
>99-037 - superseded - by 99-050 and IE 5.01+
>99-041 - workaround - tool - documented in nt4 srp
>99-043 - superseded - by IE 5.01+
>99-045 - superseded - by MS00-081 - documented in nt4srp
>00-001 - NA - only applicable to Microsoft Commercial Internet Server 2.x
>00-009 - superseded - by IE 5.01SP1+
>00-025 - workaround - documented in nt4srp
>00-028 - workaround - documented in nt4srp
>00-042 - superseded - by MS00-055 and IE 5.01 SP2 and 5.5 SP1
>00-043 - superseded - by IE 5.01 SP2 and IE 5.5 SP1
>00-055 - superseded - by IE 5.01 SP2 and IE 5.5 SP1
>00-059 - superseded - by MS00-081 - and documented in nt4srp
>00-081 - patch - documented in nt4srp
>01-022 - patch - documented in nt4srp and superseded by OfficeXP
>01-029 - superseded - by WMP 7.1
>01-030 - NA - only applicable to Exchange 5.5 and Exchange 2000 servers
>01-035 - patch - documented in nt4srp
>01-039 - NA - only applicable to Service for Unix SKU
>01-041 - This IS the SRP package - not an additional fix.
>
>Cheers,
>Russ

----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------

Relevant Pages

  • Re: Linux and security
    ... as a trojan backdoor. ... > potential from virus' it does severely limit the ability a virus has to ... if you catch a virus by installing software then you gotta sift through ... > opposed to a large portion of the global open source community. ...
    (comp.os.linux.security)
  • Re: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability
    ... socket handles in an FD_SET structure are ... It's a fair bit more code, but very much worth it. ... Delivery co-sponsored by Trend Micro ... TREND MICRO REAL-TIME VIRUS ALERTS ...
    (NT-Bugtraq)
  • RE: a program suddenly started crashing
    ... virus scanner etc. ... windows updates that were installed since that time? ... After installing, I had SAME problems he was ... Cable connection through Link ...
    (microsoft.public.windowsupdate)
  • Mysteries of XP
    ... Whatever, after installing SystemWorks ... >with my computer because I've had virus problems over the ... >that the new PC thinks it doesn't have a modem of any ...
    (microsoft.public.windowsxp.customize)
  • Re: Stupid Fscking Windows
    ... server on his machine so I could go poke around things. ... saying it can't delete some dodgy virus so I can't even ... Norton was useless and couldn't find ... Actually installing AVG tends to be more less of a load ...
    (uk.singles)