MS03-021 (819639) Patch Misinformation

• Previous message: Russ: "Hype: Defacers Challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 26 Jun 2003 08:27:25 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ:

with the recent release of MS03-021 (819639) we've been in another patch
deployment flurry here. Among the things we've noticed already:

The bulletin at
http://www.microsoft.com/technet/security/bulletin/MS03-021.asp
says that a reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
Media Services\wm819639 will exist if you've installed this patch, which is
erroneous. It's not Windows Media Services. If you extract the .inf from
the .exe patch, you can see that the key is
HKLM\SOFTWARE\Microsoft\Updates\Windows Media Player\wm819639.

To make matters worse, the KB article says the file version should be
9.0.0.3006 when in fact the version of the file in the patch, and the
version recorded in the registry is actually 9.0.0.3008! File sizes do
match up, so that's a plus.

We noticed this behavior on a clean install of Windows XP SP1 with WMP9
deployed with the Enterprise Deployment Pack. There is only one version of
the patch, however, so I expect this behavior is the same on all platforms.

Is this really how a sysadmin has to work? Read everything microsoft says
and then figure it out by hand anyway?

-Brad

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Russ: "Hype: Defacers Challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Microsoft Numbering System ... the patch for each systems affected. ... in the right frame. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Re: Microsoft Numbering System ... No. KB822036 is an overview of the Office XP patch and how to install it. ... The security bulletin tells you what the general effect of the bug is, ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Revised NAT-T XP patch (818043) ... Microsoft appear to have rereleased this patch without formally announcing ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Perpetual restarts after installing MS03-039 patch ... Last night I decided to push out the MS03-039 patch to all my 2ksp3 ... logged in as an admin user that has a roaming profile, the patch install ... With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. ... And now, for a limited time, you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Re: Alert: Microsoft Security Bulletin - MS03-039 ... What do you mean by patch now? ... I say immediately because I expect to see a new worm based on either of the 2 new vulnerabilities capable of being turned into a worm. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq)