Re: MS03-029 / Q823803 definitely breaks RAS and MS isn't listening?

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 07/29/03

  • Next message: Stephane Barizien: "RUNAS /SAVECRED is huge security hole"
    Date:         Tue, 29 Jul 2003 01:07:36 -0400

    Well, sorry folks. I have had more than 30 people reply to the original post all indicating that their NT 4.0 RAS servers died after installing MS03-029. Some have filed reports with PSS, but PSS has thusfar not been able to provide any of these people with an answer, let alone confirmed there is a problem. Microsoft is continuing to provide people with the download, presumably only a very few NT 4.0 Servers were ever/are still configured to run RAS.

    Isn't it ironic that Microsoft claimed that none of their own software was vulnerable to the vulnerability published by @Stake, yet the fix has so far only killed RAS (nobody has indicated that any 3rd party app has been affected by the fix.)

    And what is up with Microsoft? Why haven't they pulled the patch? Why haven't they at least acknowledged within the FAQ section of the Bulletin that the patch kills boxes with RAS on them? Why doesn't PSS immediately tell affected people to remove the patch?

    FWIW, every else who responded to Adam's original message indicated they were able to successfully uninstall the patch. Not sure why Adam couldn't, but seems very few others have had the same problem.

    Could it be that Microsoft just doesn't care about NT 4.0 any more, are we to conclude that Trustworthy Computing doesn't apply to NT 4.0? I realize that support for NT 4.0 Workstation stopped on June 30, 2003, but NT 4.0 Server is supposed to be fully supported for security hotfixes until the end of 2004.

    I know many people at Microsoft still read NTBugtraq, would it be too much to ask that someone from there respond? (you can email or call me [705-878-3405] if you prefer not to send a post that hasn't been officially sanctioned)

    Russ - NTBugtraq Editor

    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to


  • Next message: Stephane Barizien: "RUNAS /SAVECRED is huge security hole"