Re: Issues with MS03-043

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/22/03

  • Next message: Russ: "MajorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)" 
    Date:         Wed, 22 Oct 2003 17:22:24 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    I have had confirmation from an individual in Microsoft that there is a
    requirement in UPDATE.EXE prior to version 5.4.1.0, used in hotfixes,
    which expects the user running the update process to have debug rights.
    This was done in order to avoid the need to reboot. Apparently, the
    process was supposed to check for the right, and if not found, prompt
    the user to reboot. If found, it would avoid the need to reboot
    (something most people want.) A bug causes some versions (unknown
    precisely which ones) to drive the CPU utilization up when the right
    isn't present.

    I've got no details on how to get the newer version of this file, likely
    you could contact PSS and ask for it. I'm told that the newer version
    will be used in future patches that use it (not all patches use this
    method of deployment, as we know there are currently 8 different
    installer packages.)

    I certainly do not recommend granting the right to the user if you have
    previously removed it, clearly the advantages of the user not having
    such rights outweigh the benefits of not having to reboot.

    Apparently the problem can also occur with MS03-041.

    I suggest you perform a reboot after installing this patch to ensure it
    completes (or at least terminates the update process.)

    Cheers,
    Russ - NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MajorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)"