Re: Updates incl in 2003 SP1

From: Jay Sudowski - Handy Networks LLC (jay_at_HANDYNETWORKS.COM)
Date: 05/09/05

  • Next message: contact_at_WEBAPPSEC.ORG: "Announcement: The Web Security Mailing List"
    Date:         Sun, 8 May 2005 19:16:33 -0600
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Are there any other "hidden" list of fixes included in SP1?
    http://support.microsoft.com/kb/824721 indicates that both 830381 and
    838306 are NOT included, but both will not install under 03 SP1.

    830381 indicates that dns.exe will have a file version of 5.2.3790.90,
    and the version that ships with 03 SP1 is 5.2.3790.1830. Am I to assume
    that .90 is greater than .1830 or that version "1830" is greater than
    version "90".

    838306 indicates bersion 4.0.8704.0 or greater, and 03 SP1 includes
    4.0.9025.0, but one the couple of machines I'm running SP1 on, I have
    issues the are very similar to the issues we had with 03 before 838306
    was installed. Further confusing the issue, when I try to run this
    updater under 03 SP1, it indicates that 837001 is required, but this
    hotfix is already included with SP1 per
    http://www.microsoft.com/technet/security/prodtech/windowsserver2003/sp1
    .mspx.

    I have been on hold for about 40 minutes trying to reach PSS and was
    told by the operator that no one was in the queue ahead of me - right.
    Grr ...

    Let me re-iterate my initial question: Are there any other "hidden" list
    of fixes included in SP1? The mis-information provided by MS is making
    me nuts.

    -Jay

    -----Original Message-----
    From: Windows NTBugtraq Mailing List
    [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Craig Williams
    Sent: Wednesday, April 06, 2005 3:13 PM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Updates incl in 2003 SP1

    I was surprised when I reviewed the "Windows Server 2003 Service Pack 1
    list of updates" @ http://support.microsoft.com/kb/824721 and found
    nearly
    all of the security hotfixes we've deployed in the past 2 years were
    missing.

    Thanks to my Microsoft TAM who pointed out there is another page for
    only
    the security related hotfixes that are included with SP1.
    http://www.microsoft.com/technet/security/prodtech/windowsserver2003/sp1
    .mspx

    I could not find any links to this page from either the SP1 home or the
    Server 2003 home.

    --
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an
    Anti-Virus product which automatically notifies the perceived sender of
    a message it believes is infected may well cause more harm than good.
    Someone who did not actually send you a virus may receive the
    notification and scramble their support staff to find an infection which
    never existed in the first place. Suggest such notifications be disabled
    by whomever is responsible for your AV, or at least that the idea is
    considered.
    --
    --
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    --
    

  • Next message: contact_at_WEBAPPSEC.ORG: "Announcement: The Web Security Mailing List"