RE: Microsoft Security Advisory MS 03-007 - Problems

From: Godfrey, Tyler (Tyler.Godfrey@agiliti.com)
Date: 03/18/03

  • Next message: Turner, Keith (Contractor): "RE: Microsoft Security Advisory MS 03-007 - Problems" 
    Date: Tue, 18 Mar 2003 12:44:40 -0600
From: "Godfrey, Tyler" <Tyler.Godfrey@agiliti.com>
To: <josephdurnal@cablespeed.com>, <focus-ms@securityfocus.com>

    We received a conflicting message from our TAM:

    <message_from_TAM>
    We are currently researching a very specific issue with the patch. It
    only appears to affect a small percentage of installations. However,
    since there are many workarounds available, I would recommend using one
    of the documented workarounds until further notice.

    The workarounds are well documented in the Security Advisory and
    associated knowledge base article. If you have any questions regarding
    any of the workarounds, do not hesitate to contact Jim or myself.
    </message_from_TAM>

    This makes me wonder what the TAMs are being told. Is there a consistent message within MSFT?

    -Tyler 

    --
Tyler Godfrey
Systems Engineer
Agiliti, Inc.
tyler.godfrey@agiliti.com
http://www.agiliti.com
-----Original Message-----
From: Joseph Durnal [mailto:josephdurnal@yahoo.com]
Sent: Tuesday, March 18, 2003 11:46 AM
To: focus-ms@securityfocus.com
Cc: mikeheitz@upshotmail.com; jgrotegut@directpointe.com
Subject: Re: Microsoft Security Advisory MS 03-007 - Problems
Here is the exact text of the message - I'm not sure
if I'm allowed to include any infomation about the
sender, so, I'm not.  The best advice is to install
the patch on a test box and test all required
functionality before installing it in a production
environment.  My first install on a freslhly built W2K
server did not indicate that there were any problems. 
I will try to update the group if I get more
information.
**Message Text**
Subject: RE: Premier - Product Support Services -
Microsoft Security Bulletin - MS03-007
Importance: High
Hi Folks, 
We may have identified an issue with applying the
patch for this security issue.  We currently have
folks in Redmond working on it. Please hold off on
applying any further patches, until further notice.
As soon as I have more details, I will let you know.
**End Message Text**
Joseph M. Durnal
josephdurnal@yahoo.com
--- Joseph Durnal <josephdurnal@yahoo.com> wrote:
> I just heard through Microsoft Premier Support that
> customers have had problems after installing the
> patch
> for MS 03-007 (Q815021_W2K_sp4.exe).  It has been
> recommended to us to hold off on patching until
> further notice.
> 
> Joseph M. Durnal
> josephdurnal@yahoo.com
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness,
> live on your desktop!
> http://platinum.yahoo.com
> 
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input 
box giving hackers complete access to all your backend systems! 
http://www.spidynamics.com/mktg/sqlinjection33
----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input 
box giving hackers complete access to all your backend systems! 
http://www.spidynamics.com/mktg/sqlinjection33
  • Next message: Turner, Keith (Contractor): "RE: Microsoft Security Advisory MS 03-007 - Problems"

    Relevant Pages

    • Re: MicroMonopoly aids Terrorism?
      ... > It appears your reference to sqlmag is to support the supposition ... > that the SQL patch which covered the Slammer vulnerability ... > also difficult to install). ... Microsoft also changed patch development for SQL ...
      (microsoft.public.security)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... recommending that the patch be installed. ... would have a problem installing this patch, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... I think that one of the most important things to remember about this patch ... MS has released buggy patches in the past. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
      (Focus-Microsoft)
    • RE: Microsoft Security Advisory MS 03-007 - Problems
      ... I had one person report problems installing the patch on a server running ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ... It's as simple as placing additional SQL commands into a Web Form input ...
      (Focus-Microsoft)
    • Re: Microsoft Security Advisory MS 03-007 - Problems
      ... My first install on a freslhly built W2K ... patch for this security issue. ... > Do you Yahoo!? ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
      (Focus-Microsoft)