Re: Problems with MS01-052

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 10/19/01 

Message-ID:  <E9A01F52DC939448BBDE44ED2E1C468F1F1D91@muskie.rc.on.ca>
Date:         Thu, 18 Oct 2001 23:05:11 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      Re: Problems with MS01-052
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----

I have had 34 reports so far of the patch causing problems on Windows
2000 systems. Mostly it has stopped Terminal Services from
functioning, although a few people have said their machines cannot
boot to logon.

If you have installed MS01-052 on an **NT 4.0** environment and *had*
a problem, please drop me a note (or send a note to
secure@microsoft.com with details). It does not appear as though
there have been problems with the NT 4.0 version of the patch since
I've received no messages to that effect so far.

Most people who reported having a problem with the patch were able to
successfully remove it. Some, however, have indicated they are
getting a BSOD upon boot and are unable to get to logon. If you are
one of those few who cannot get into your system to remove the patch,
please drop me another message giving me the complete details of the
failure. Alternatively, call your local Microsoft Support telephone
number for support from them.

Finally, just for the record, very few Hotfixes Microsoft produces
cause this type of problem, i.e. once installed the system or service
stops functioning. I can't remember the last one that had this effect
on more than one person's systems. There's an urban legend that this
happens frequently, and as best as I can tell this comes from
experiences with NT 4.0 SP2 or NT 4.0 SP6.

Let me give you some advice. I'd suggest you paste it to the top of
your monitor. You may not be able to do it all, but you should try.

1. Always read the complete Security Bulletin from MS, never rely
solely on information from other sources.

2. Always do a backup if possible, and if not, at least a registry
backup and update of your ERDs before installing any fix (on all
machines you're applying it to).

3. Try it on ONE (1) machine. Apply it, test it, satisfy yourself it
works...then do other machines. That first machine should, ideally,
be one that isn't going to get you fired if you trash it. If you
don't have such a machine, consider holding off applying a Hotfix
until the day after the Security Bulletin release. I know everyone
expected there'd be a world-wide DoS attack against Terminal Services
this evening, but, um, it's not happening (notice tongue in cheek).
MS rated this one as Low for Internet-facing servers.

4. When you're patching a remote service component, and you're doing
it via a remote service, you should probably imagine Wiley Coyote
standing on the end of a board sawing through it. Hmm, if this
doesn't work properly then what?

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2

iQCVAwUBO8+YZxBh2Kw/l7p5AQE6nwQArSIZ63GHinBcARgWeaJ1Hh8EdAq986lw
XKjZJwWj9AHJsGKBp9RbZKEFe34p4jKQLT+WCPLL2XPIFyp1k9zYHJhZlXWSQBCZ
j/AevhgyILlNz+z3f9b8I0WPC5VQ0s/0zj1tMKmb8irarc5a0ZhBww1cFrselDSR
Vd8UdZeGf54=
=4JHX
-----END PGP SIGNATURE-----

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate

Relevant Pages

  • Automatically patching machine with hotfix KB824146 using mbsafu.
    ... I didn't want to spend as many hours patching machines with KB824146 exploit ... Mbsafu is an automatic remote patching tool that applies Security updates ... Download and install mbsa. ... Setup a network share with full privileges for the account you will patch ...
    (NT-Bugtraq)
  • Re: Event ID 6161 for HP 6840
    ... patch related to an exposure via the print spooler service. ... download which offers the option of a local port. ... >> There were no problems with the install and the printer works find so long ... >> 3) All machines on the network can connect to the printer via Internet ...
    (microsoft.public.windowsxp.print_fax)
  • Re: [fw-wiz] terminal services
    ... >> pointing out the danger of opening extra holes in your firewall. ... >that a VPN is a hole in the firewall, albeit generally a mitigated hole, ... >people didn't patch their machines. ...
    (Firewall-Wizards)
  • Re: 5.3-RELEASE TODO
    ... I haven't tested the last one (memory tuning on 4GB machines) ... * There may be a problem with swapping: ... >> He suggested a patch, but it did not fix the problem. ...
    (freebsd-current)
  • RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
    ... machines that are missing them. ... While we have other decent tools available to check whether a patch has ... > installation logs. ... Full-Disclosure - We believe in it. ...
    (Full-Disclosure)
Quantcast