Re: Alert: Problems with MS03-007 installed
From: Russ (Russ.Cooper@RC.ON.CA)
Date: Tue, 18 Mar 2003 17:25:52 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Sorry, resending because the URL had an embedded character which causes
it not to work.
I now have confirmation of several installations with MS03-007 where the
system either crashed or stopped performing otherwise functioning tasks.
I have attempted to contact MS to confirm this with them but have been
unable so far.
Clearly there are problems. Use the DisableWebDAV registry key from
Q241520 in the meantime if you are not using WebDAV.
I did receive the following information from a Microsoft employee;
---- Subject: STOP 0x71 after applying MS03-007 If server that is failing with a STOP 0x71 after applying MS03-007 (Specifically Q815021), Copy back their NTDLL.DLL from the \winnt\$NTUninstallQ815021$\ directory to the \winnt\system32 & \winnt\system32\dllcache. Use Recovery Console per this article to rename the existing ntdll.dll in BOTH sub-directories and copy in the previous NTDLL.DLL from the above location. 229716 Description of the Windows 2000 Recovery Console http://support.microsoft.com/?id=229716 This will return servers to being vulnerable to the weakness described on Windows Update. ---- Additional information received indicates that there is probably a 3rd copy of NTDLL.DLL which needs to be replaced to correct this situation; \winnt\driver cache\i386\ntdll.dll More as we get it. Cheers, Russ - NTBugtraq Editor oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by Prometric - More than testing, learning. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo http://www.prometric.com Prometric, part of The Thomson Corporation, is the leader in technology-enabled testing and assessment services for information technology certification, academic admissions, professional licensure and certifications, computer-based driver's licensing, and corporate testing. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo