MS03-026 Update Problems?
From: Gavin Haslett (gavin_at_NODECAF.NET)
Date: Wed, 13 Aug 2003 11:28:34 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I just wanted to relay my experience recently with MS03-026 and see if anyone else has had such a problem;
The patch was installed across the board on all ~200 of our servers, and a check of the registry still shows it installed. On a whim, I built myself a query to check the file versions of those files installed with MS03-026. Lo and behold, 53 of our servers (13 Windows 2000, 40 NT4) all show the wrong file versions. A quick controlled "DCOM Hack Attempt" does indeed show that those servers are in fact still vulnerable.
Now, on most of these servers we did use a scripted rollout, so I'm not averse to the idea that the rollout may have had a bug... but we've identified 4 of the servers still showing the vulnerability that were installed by-hand. This is not a good thing as it says there's a possibility that Microsoft's installation program itself may be flawed.
The moral of the story? Check file sizes and versions after installation of a hotfix! You never know if the update truly succeeded even if the correct registry entries were added.
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to