Re: Patching MS03-026 on Windows XP SP1

From: Knight, Jim (Jim.Knight_at_YUM.COM)
Date: 09/03/03

  • Next message: Marc Maiffret: "EEYE: Microsoft WordPerfect Document Converter Buffer Overflow" 
    Date:         Wed, 3 Sep 2003 14:40:04 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    This may have been posted here before but I wanted to make sure since
    the MS03-026 patch has been updated about 4-6 times since it original
    release. And yes SUS/Windows Update has posted NEW versions of this
    file.

    We have encountered a problem on some of our Windows XP clients. The
    MS03-026 is not being installed correctly, the log file shows multiple
    errors and the uninstall is not being added to Add/Remove programs,
    although the registry key shows the patch as installed. I have opened
    up a ticket with MS and am awaiting a reply. This install has been done
    several ways (SUS, Scripted and Manual Install) with the same results.

    I checked the file versions and they are correct based on the KB article
    shown:

    Date Time Version Size File name
       -------------------------------------------------------------------
       05-Jul-2003 19:14 5.1.2600.115 1,092,096 Ole32.dll pre-SP1
       05-Jul-2003 19:14 5.1.2600.109 439,296 Rpcrt4.dll pre-SP1
       05-Jul-2003 19:14 5.1.2600.115 203,264 Rpcss.dll pre-SP1
       05-Jul-2003 19:12 5.1.2600.1243 1,120,256 Ole32.dll with SP1
       05-Jul-2003 19:12 5.1.2600.1230 504,320 Rpcrt4.dll with SP1
       05-Jul-2003 19:12 5.1.2600.1243 202,752 Rpcss.dll with SP1

    However the patch is still not showing up in Add/Remove (it used to show
    up and should show up there). As well I noticed that the following
    directories LastKnownGood and LastKnownGood\DLLCache still have old
    versions of the file in them (even after a reboot) this scares me
    because if someone does a LastKnownGood Recovery the patched files are
    effectively overwritten. Also there are no copies of these files in
    DLLCache which means they are not covered by Windows File Protection.

    Ideas or thoughts?

    Can this patch get any more screwed up?

    Thanks,

    Jim

    This communication is confidential and may be legally privileged. If
    you are not the intended recipient, (i) please do not read or disclose
    to others, (ii) please notify the sender by reply mail, and (iii) please
    delete this communication from your system. Failure to follow this
    process may be unlawful. Thank you for your cooperation.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    oooo
    Whatever Happened to Octopus?

    LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
    replication performance that's 5X faster than the competition in an
    independent head-to-head test. Learn how RepliStor uses patented,
    asynchronous, real-time replication, to deliver disaster recovery, data
    distribution and consolidated backups. It is the first replication
    solution
    to achieve Windows 2003 certification. Get the performance report now.

    http://portal1.legato.com/products/replistor/upgrade.cfm

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    oooo

    This communication is confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system. Failure to follow this process may be unlawful. Thank you for your cooperation.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Whatever Happened to Octopus?

    LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
    replication performance that's 5X faster than the competition in an
    independent head-to-head test. Learn how RepliStor uses patented,
    asynchronous, real-time replication, to deliver disaster recovery, data
    distribution and consolidated backups. It is the first replication solution
    to achieve Windows 2003 certification. Get the performance report now.

    http://portal1.legato.com/products/replistor/upgrade.cfm

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Marc Maiffret: "EEYE: Microsoft WordPerfect Document Converter Buffer Overflow"

    Relevant Pages

    • Re: Norton Internet Security 2003 blacklist fault?
      ... Implementing host name blocking, while sounding fairly straight-forward, is ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ...
      (NT-Bugtraq)
    • hfnetFU is gone, now it is MbsaFU
      ... recipient is not a waiver of any attorney-client or work product privilege. ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ...
      (NT-Bugtraq)
    • Norton Internet Security 2003 blacklist fault?
      ... Whatever Happened to Octopus? ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ...
      (NT-Bugtraq)
    • New IIS security hole?
      ... index pages on sites I host at a nationally-known hosting provider began to ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ...
      (NT-Bugtraq)
    • Re: [patch] mm: NUMA replicated pagecache
      ... I've attached another patch that closes one race and fixes a context ... Additional fixes for Nick's page cache replication patch ... report null pcd in find_get_page_readonly. ... int writelock = 0; ...
      (Linux-Kernel)