DLL checksum errors in shavlik's mssecure.xml?
From: Marc DeBonis (Marc.DeBonis_at_VT.EDU)
Date: 09/12/03
- Previous message: Russ: "Patch Solutions - survey"
- Next in thread: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"
- Maybe reply: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Sep 2003 10:21:28 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I believe with the latest version of Shavlik's mssecure.xml file:
(BulletinDatastore DataVersion="1.1.1.847" LastDataUpdate="9/10/2003" SchemaVersion="1.0.0.11" LastSchemaUpdate="3/8/2003" ToolVersion="3.86" MBSAToolVer="1.1.1")
the freeware tool hfnetchk is misidentifying systems that correctly have the java and vba patch installed:
The java hotfix MS03-011 (816093) is being misidentified as not being installed with this explanation:
C:\winnt\system32\javart.dll has an invalid checksum and its file version [5.0.3810.] is equal to what is expected
Installing the hotfix as denoted and restarting does not alleviate this error from hfnetchk. You get an error on restart saying "Java package Manager Unable to install Java packages. The command line is invalid.". This using the msjavawu.exe from Windows Update catalog as noted in KB articles.
The vba hotfix MS03-37 (822715) is in the same class of error as the java one:
c:\program files\common files\microsoft shared\vba\vba6\vbe6.dll has an invalid checksum and its file version [6.4.99.69] is equal to what is expected
Installing the hotfix as denoted and restarting does not alleviate this error from hfnetchk.
I've recorded the md5 checksums as:
MD5 (javart.dll) = 2322bcf818fa2df937f17f67a057a237
MD5 (vbe6.dll) = 50ea3ebaac8d47cbfc2c7a88a51979d4
respectively
I've attempted to contact shavlik multiple times via email, but with no response
I've also noted that hotfixes that have different versions of a dll depending on the system architecture (single processor or multiple processor) are incorrectly noted as missing in multi-processor systems. Both shavlik and MS have responded to my queries concerning this issues and say that it is a limitation of the current technology because they only check for the single processor version of the hotfixed dlls. Shavlik also said that I might just want to turn off checksum matching to stop this error from happening... something I'm not comfortable with.
Thanks.
- M
--- Marc.DeBonis@vt.edu VT.SETI.IAD.MIG:Systems Architect http://vtmig.w2k.vt.edu "Si hoc legere scis nimium eruditionis habes" --- ---- Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER! With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. And now, for a limited time, you can save 33% off of the TICSA certification exam! To learn more about the TICSA certification, and to register as a TICSA candidate online, just go to http://www.trusecure.com/offer/s0100/ ----
- Previous message: Russ: "Patch Solutions - survey"
- Next in thread: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"
- Maybe reply: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
