Patch MS03-045 for Czech W2K has conflicting kernel32.dll

From: Ondøej Holas (OHolas_at_EXCH.DIGI-TRADE.CZ)
Date: 10/17/03

  • Next message: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)" 
    Date:         Fri, 17 Oct 2003 18:50:22 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Patch MS03-045 (824141) for Czech version of Windows 2000 has kernel32.dll with preferred base address changed and causing overlay with mpr.dll. If a process using mpr.dll starts and kernel32.dll is loaded first, it's OK - mpr.dll is relocated (the only effect of the conflict here is a bit greater memory usage since pages of relocated libraries are not shared between processes). If mpr.dll is loaded first, kernel32.dll cannot be relocated (is present on "KnownDlls list") and the process does not start at all. Uninstallation of 824141 helps to resolve this problem, but leaves the system unpatched by MS03-045.

    English version of the patch seems to be OK. We've not tested other language versions.

    Regards,

    Ondrej Holas
    Senior Systems Consultant

    DIGI TRADE, s.r.o.
    Vlkova 46
    Praha 3
    130 00
    Czech Republic
    Tel.: +420 222 720 699
    Fax : +420 222 722 302
    http://www.digi-trade.cz 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"