Re: MS05-019 Breaks VPN

• Previous message: Chad Myers: "Bad string handling in hha.dll (HTML Help Workshop)?"
• Next in thread: Arley Barros Leal: "Re: MS05-019 Breaks VPN"
• Maybe reply: Arley Barros Leal: "Re: MS05-019 Breaks VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 26 Apr 2005 13:20:30 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

The problem with ICMP breaking (in some circumstances) is in both the
security update for MS05-019 and Service Pack 1 for Windows Server 2003.

Microsoft now has a hotfix available, but you must contact Microsoft PSS
to obtain the fix. For more information about the fix, see Microsoft KB
article KB898060 (dated today).

The KB article referenced in the security bulletin (893066) has been
updated, but the security bulletin itself has not been updates (thus no
automatic notice from Russ' e-mail for updated security bulletins).

If you try uninstalling the update for MS05-019, it presents you with a
vague dialog containing a warning about a relationship with the update
for MS05-020. Trying to get information from Microsoft about the
meaning of this dialog and whether it is saying that the update for
MS05-020 will also be automatically uninstalled, needs to be manually
uninstalled before uninstalling MS05-019, or needs to be reinstalled
after uninstalling MS05-019 has been difficult. I now have an
explanation, but have been asked to not forward the information and
instead refer people to Microsoft PSS.

(If this is a (new) standard procedure for uninstalling security
updates, I hope that there will be some documentation somewhere because
the presented dialog IMNSHO really just intimidates you and does not
give information on how to proceed.)

> -----Original Message-----
> From: Windows NTBugtraq Mailing List
> [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]On Behalf Of
> Darryl J Roberts
> Sent: Tuesday, April 19, 2005 6:11 PM
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: MS05-019 Breaks VPN
>
>
> After installing the update in Microsoft Security Bulletin
> MS05-019 on two servers at a customer site, we are no longer
> able to connect via VPN to terminal services on those servers.
> (Other servers that did not have the security bulletins from
> last Tuesday installed can connect via VPN.)
>
> After many hours over two days working with Microsoft Product
> Support Services, we discovered that forcing the MTU size down
> allowed the client to connect to terminal services. Today
> Microsoft PSS reported the they have confirmed that there is
> a problem with ICMP messages being incorrectly discarded
> (other have opened PSS cases about this issue). This could
> be why the MTU size is not being set correctly.
>
> There will be an update to the patch in MS05-019, but as
> of this time, that update is not available. A Microsoft KB
> article is being written and has been assigned the number
> KB898060, but as to this time, that article is not publicly
> available.
>
> I will be uninstalling the update for Security Bulletin
> MS05-019 from our customers servers this evening and waiting
> for the corrected patch before reinstalling it.
>
> --
> Darryl J. Roberts, MCSE, MCP+I, CompTIA CTT+, CSSA
> Software Engineering Unlimited, IT Professional Services Consultancy
> Ventura, CA, USA

--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--

• Previous message: Chad Myers: "Bad string handling in hha.dll (HTML Help Workshop)?"
• Next in thread: Arley Barros Leal: "Re: MS05-019 Breaks VPN"
• Maybe reply: Arley Barros Leal: "Re: MS05-019 Breaks VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Now wait just a dab non minute - this is getting out of hand ... administrators should not use servers to browse the ... best practices on computers using Microsoft Internet Explorer." ... Managing Internet Explorer Enhanced Security ... (microsoft.public.security) RE: MS broadening its efforts to warn customers ... on the legitimate aspect and move on. ... Do their servers resolve under reverse DNS? ... I learned that a security feature in Outlook 2003 ... Whatever happened to Microsoft wanting to combat spam? ... (Focus-Microsoft) Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients ... Microsoft products are inherently secure. ... anti-Microsoft attempt to discredit their security commitments by people ... > Reports indicate that Web servers running Windows 2000 Server and IIS ... (Full-Disclosure) RE: Trusted connections ... connection string if anything changes in the future. ... For information about the Microsoft Strategic Technology ... Protection Program and to order your FREE Security Tool Kit, ... | I have two different servers connecting to a SQL ... (microsoft.public.sqlserver.security) RE: Uninstalling Office 95 ... Microsoft Security Announcement: Have you installed the patch for Microsoft ... visit Windows Update at http://windowsupdate.microsoft.com to install the ... | uninstalling software, only installing. ... (microsoft.public.office.setup)