MS04-012 breaks AT command when managing NT 4.0 scheduler from XP PC

From: BROWN Nick (Nick.BROWN_at_COE.INT)
Date: 04/23/04

  • Next message: Derek Soeder: "EEYE: Symantec Multiple Firewall TCP Options Denial of Service" 
    Date:         Fri, 23 Apr 2004 17:49:24 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Since installing the patch for MS04-012 (Q828741) on my Windows XP machine,
    I get the following error when using the AT command to manage scheduled jobs
    on a remote NT 4.0 server:

        C:\> AT \\nt4server
        The authentication service is unknown.

    This problem is documented in Q834223; there is a hotfix (with the usual
    jumping through hoops to obtain it). Uninstalled MS04-012 fixes the
    problem.

    Another workaround is to execute the AT command from the remote server (or
    any other NT 4.0 machine), eg:
        C:\> \\nt4server\admin$\system32\AT \\nt4server

    However, just copying the AT.EXE from the NT machine to the XP machine and
    running it from a local directory doesn't work, because the bug is in one of
    three DLLs, which Windows apparently locates on the same machine as the
    executable.

    I was interested to notice that the three DLLs in question, contained in the
    MS04-012 fix, are dated 2003-11-17. The hotfix versions are dated
    2003-12-30. One wonders why Microsoft didn't include those more recent
    versions in MS04-012.

    ---------------------------------------------------------------
    |\ | o _ |/ Life's like a jigsaw
    | \| | |_ |\ You get the straight bits
                        But there's something missing in the middle

    Nick Brown, Strasbourg, France (Nick(dot)Brown(at)coe(dot)int)
    ---------------------------------------------------------------

    -----
    Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
    -----

  • Next message: Derek Soeder: "EEYE: Symantec Multiple Firewall TCP Options Denial of Service"

    Relevant Pages

    • Re: Executing command with Runtime.getRuntime.exec() fails
      ... More portable, since on my windows system at least, there is an ls. ... command at the command line. ... The appropriate command interpreter for each os could be found through ... be sure, and programming is about certainty, is to explicitly execute the ...
      (comp.lang.java.programmer)
    • Re: Running Ring3 command from Ring0 in Windows?
      ... I am looking for a way to execute Ring3 command (for ex, ... The motivation of this is that I can exploit Windows kernel, ... executing in Ring0 only, and want to run some code in Ring3, too. ...
      (Pen-Test)
    • Re: working w/ windows-only CDs in Virtual; PC 6.1
      ... I think if you hold down the fn key and press F10 then the ... > sometimes interactive CD's and they are typicaly windows only. ... > HAVE to be able to execute this one command on this one CD. ...
      (microsoft.public.mac.otherproducts)
    • Re: Cannot activate sbcl
      ... whether fragmentation on Windows is so bad that SBCL would need to leave ... Does placement of dlls affect only those processes that actually ... the process's local address space and the code is patched to execute ... When a process tries to load an already loaded DLL, ...
      (comp.lang.lisp)
    • [Full-Disclosure] Advanced usage of system() function.
      ... and call its arguments as a command for shell. ... as we can see we still didnt get what we want (typing exit ... Connection closed by foreign host. ... think what we want to execute. ...
      (Full-Disclosure)