Re: Revised: Microsoft Security Bulletin - MS03-007

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 05/29/03

Next message: NSFOCUS Security Team: "NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability"

Previous message: Russ: "Administrivia #30578 - NTBugtraq/MS Bulletin Service update"
Maybe in reply to: Russ: "Revised: Microsoft Security Bulletin - MS03-007"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 29 May 2003 14:39:35 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Many people have suggested that the best answer to the problem Geo. talks about is QChain;

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q296861&sd=tech

For those that weren't aware, it works for NT 4.0 also. It allows you to safely install multiple hotfixes within a single batch file, but you must read the caveat...

From the page above;

"Limitations of QChain.exe
Although QChain works with most Windows NT 4.0 and Windows 2000 hotfixes, QChain.exe may not work with hotfixes that contain binary files that are listed in the following registry key:"
<snip>

and goes on to describe how you might end up with the wrong version of kernel32.dll after using QChain.

In my way of thinking, since this is a known issue, and multiple post-SP6 patches correct the same files, it pretty much precludes the safe use of QChain on NT 4.0 systems. Ergo, you're back to Geo.'s problems.

Cheers,
Russ - NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!

http://www.trusecure.com/offer/s0074/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Next message: NSFOCUS Security Team: "NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability"

Previous message: Russ: "Administrivia #30578 - NTBugtraq/MS Bulletin Service update"
Maybe in reply to: Russ: "Revised: Microsoft Security Bulletin - MS03-007"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]