RE: Microsoft Security Advisory MS 03-007 - Problems

From: Godfrey, Tyler (Tyler.Godfrey@agiliti.com)
Date: 03/18/03

  • Next message: Turner, Keith (Contractor): "RE: Microsoft Security Advisory MS 03-007 - Problems"
    Date: Tue, 18 Mar 2003 12:44:40 -0600
    From: "Godfrey, Tyler" <Tyler.Godfrey@agiliti.com>
    To: <josephdurnal@cablespeed.com>, <focus-ms@securityfocus.com>
    
    

    We received a conflicting message from our TAM:

    <message_from_TAM>
    We are currently researching a very specific issue with the patch. It
    only appears to affect a small percentage of installations. However,
    since there are many workarounds available, I would recommend using one
    of the documented workarounds until further notice.

    The workarounds are well documented in the Security Advisory and
    associated knowledge base article. If you have any questions regarding
    any of the workarounds, do not hesitate to contact Jim or myself.
    </message_from_TAM>

    This makes me wonder what the TAMs are being told. Is there a consistent message within MSFT?

    -Tyler

    --
    Tyler Godfrey
    Systems Engineer
    Agiliti, Inc.
    tyler.godfrey@agiliti.com
    http://www.agiliti.com
    -----Original Message-----
    From: Joseph Durnal [mailto:josephdurnal@yahoo.com]
    Sent: Tuesday, March 18, 2003 11:46 AM
    To: focus-ms@securityfocus.com
    Cc: mikeheitz@upshotmail.com; jgrotegut@directpointe.com
    Subject: Re: Microsoft Security Advisory MS 03-007 - Problems
    Here is the exact text of the message - I'm not sure
    if I'm allowed to include any infomation about the
    sender, so, I'm not.  The best advice is to install
    the patch on a test box and test all required
    functionality before installing it in a production
    environment.  My first install on a freslhly built W2K
    server did not indicate that there were any problems. 
    I will try to update the group if I get more
    information.
    **Message Text**
    Subject: RE: Premier - Product Support Services -
    Microsoft Security Bulletin - MS03-007
    Importance: High
    Hi Folks, 
    We may have identified an issue with applying the
    patch for this security issue.  We currently have
    folks in Redmond working on it. Please hold off on
    applying any further patches, until further notice.
    As soon as I have more details, I will let you know.
    **End Message Text**
    Joseph M. Durnal
    josephdurnal@yahoo.com
    --- Joseph Durnal <josephdurnal@yahoo.com> wrote:
    > I just heard through Microsoft Premier Support that
    > customers have had problems after installing the
    > patch
    > for MS 03-007 (Q815021_W2K_sp4.exe).  It has been
    > recommended to us to hold off on patching until
    > further notice.
    > 
    > Joseph M. Durnal
    > josephdurnal@yahoo.com
    > 
    > 
    > 
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Platinum - Watch CBS' NCAA March Madness,
    > live on your desktop!
    > http://platinum.yahoo.com
    > 
    __________________________________________________
    Do you Yahoo!?
    Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
    http://platinum.yahoo.com
    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input 
    box giving hackers complete access to all your backend systems! 
    http://www.spidynamics.com/mktg/sqlinjection33
    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input 
    box giving hackers complete access to all your backend systems! 
    http://www.spidynamics.com/mktg/sqlinjection33
    

  • Next message: Turner, Keith (Contractor): "RE: Microsoft Security Advisory MS 03-007 - Problems"

    Relevant Pages

    • Re: MicroMonopoly aids Terrorism?
      ... > It appears your reference to sqlmag is to support the supposition ... > that the SQL patch which covered the Slammer vulnerability ... > also difficult to install). ... Microsoft also changed patch development for SQL ...
      (microsoft.public.security)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... recommending that the patch be installed. ... would have a problem installing this patch, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... I had one person report problems installing the patch on a server running ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ... It's as simple as placing additional SQL commands into a Web Form input ...
      (Focus-Microsoft)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... I think that one of the most important things to remember about this patch ... MS has released buggy patches in the past. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • Re: Microsoft Security Advisory MS 03-007 - Problems
      ... My first install on a freslhly built W2K ... patch for this security issue. ... > Do you Yahoo!? ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
      (Focus-Microsoft)