RE: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
From: Coffin, Chris (ccoffin@bindview.com)Date: 07/26/02
- Previous message: Barton Miller: "Re: Announcement: injectso-0.2"
- Maybe in reply to: Szulc Roger: "26 June 2002 Cumulative Patch for Windows Media Player (Q320920)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Jul 2002 11:58:15 -0500 From: "Coffin, Chris" <ccoffin@bindview.com> To: "Szulc Roger" <roger_szulc@yahoo.com>, <bugtraq@securityfocus.com>
Yes i am seeing something similar on a Windows XP system.
Patch had already been applied to the system but windows
update notification prompted for the update again
recently. Before applying the patch a second time,
I checked the four files associated with the update
found here:
HKLM\SOFTWARE\Microsoft\Updates\Windows Media Player\wm320920\FileList
The four files were present and matched what was in
the registry FileList as far as version numbers go.
Since the registry key and the files were already
updated and i was being asked to patch once again,
it would seem that there is a problem with the
microsoft windows update catalog regarding this patch,
though i haven't looked into this any further.
Another issue (could be related) noticed with this
patch is that it does not update the dllcache with the
new files installed by the patch. For those of you not
familiar with the purpose of the dllcache directory, it
is the Windows File Protection file store. If a WFP
protected file (many files within the systemroot dir are
monitored by WFP) is deleted, renamed, corrupted, or
whatever... WFP will take the copy it has within the
dllcache (if it exists) and replace the broken or
missing file automatically without ever prompting the
user. A stroll through some of the other patch FileLists
and you'll notice that most all of them will update the
dllcache.
Since the patched media player files are not installed
into the dllcache directory, it's entirely possible
that these files could get reverted at some point. I
found an archived ntbugtraq post
http://archives.neohapsis.com/archives/ntbugtraq/2002-q2/0072.html
that mentions a similar issue with an earlier media
player patch. The issue pointed out in the ntbugtraq
post is really the same issue. What is occuring
is that the earlier media player patch did not
update the dllcache dir, and after running the System
File Checker utility he noticed that the one of the
patched files had been reverted to an earlier version.
So for those of you out there that are using the SFC
utility, you may want to look at your media player
file versions and make sure they are the latest.
Chris
-----Original Message-----
From: Szulc Roger [mailto:roger_szulc@yahoo.com]
Sent: Thursday, July 25, 2002 1:18 PM
To: bugtraq@securityfocus.com
Subject: 26 June 2002 Cumulative Patch for Windows Media Player
(Q320920)
This update does not complete if you download it and
try it manually or even if you use the windowsupdate
site. It still shows up as an update that needs to be
installed. I have even tried to uninstall media player
7.1 and reinstall, then apply the patch and it does
not work. This testing was done on 3 Windows 2000
machines and all with the same results.
Roger Szulc
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
- Previous message: Barton Miller: "Re: Announcement: injectso-0.2"
- Maybe in reply to: Szulc Roger: "26 June 2002 Cumulative Patch for Windows Media Player (Q320920)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
