Re: Alert: Microsoft Security Bulletin MS03-049 - Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
From: Knight, Jim (Jim.Knight_at_YUM.COM)
Date: Tue, 11 Nov 2003 16:51:14 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Patch management becomes even more complex....
From the MS03-049 bulletin:
Note: The Windows XP security updates that released on October 15th as
part of Security Bulletin MS03-043 (828035) include the updated file
that helps protect from this vulnerability. If you have applied the
Windows XP security updates for MS03-043 (828035) you do not have to
reapply this update. However, the Windows 2000 security update that is
released as part of this security bulletin contains updated files that
were not part of the MS03-043 (828035) security bulletin. Customers have
to apply this Windows 2000 security update even if they applied the
Windows 2000 security updates for MS03-043 (828035).
Questions that arise from this bulletin:
Why was Windows XP included in the list of vulnerable systems?
Does MS03-049 supercede MS03-043 (but only on Windows 2000 systems)?
There is a link to download the patch for Windows XP systems, when you
click on it, you are directed to the MS03-043 download page.
From a pure consitency standpoint we now have 2 vulnerabilities which
are patched in 2 different ways, on 2 different OS's and even though
Windows XP is listed as vulnerable it is in reality not vulnerable to
049 but only vulnerable to 043 or is that, this bufferoverrun was found
for the 043 patch for XP, but wasn't fixed for Windows 2000.
Oh well, at least I have Job Security...
This communication is confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system. Failure to follow this process may be unlawful. Thank you for your cooperation.
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----