Re: Anyone have hard evidence of problems with WindowsAutomatic Upda tes?

From: Kurt Keys (kkeys@sddpc.org)
Date: 03/21/03

  • Next message: Nero, Nick: "RE: Expire accounts from Active Directory after a period of inactivity" 
    Date: Fri, 21 Mar 2003 13:18:01 -0800
From: "Kurt Keys" <kkeys@sddpc.org>
To: ThomasC@mip.com, focus-ms@securityfocus.com

    On Thursday 20 March 2003 12:49 pm, Thomas Cameron wrote:
    > All -
    >
    > We are using the Windows 2000 automatic update feature on several of our
    > production servers.
    >
    > One of my fellow IT team members has expressed concern that Microsoft has a
    > bad history of releasing hotfixes which break servers. I can find lots of
    > anecdotal evidence that this has happened, but only a very limited number
    > of cases where some specific configurations were negatively impacted by
    > hotfix application.
    >
    > Does anyone have any hard evidence that automatic updates are a Bad
    > Thing(tm)?
    >
    Concerning the MS03-007 patch...

    At the Microsoft website:
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-007.asp?tag=nl
    Microsoft says this :

    Caveats:
    If you are running Windows 2000 SP2, before installing this patch please check the version of ntoskrnl.exe on your system. To verify the version of ntoskrnl.exe on your system, perform the following steps:

    1. Browse to the %windir%\system32 directory

    2. Right-click ntoskrnl.exe

    3. Choose properties.

    The version information is located on the 'version' tab.

    Versions of ntoskrnl.exe between 5.0.2195.4797 and 5.0.2195.4928 (inclusive) are not compatible with this patch. These versions were only distributed with Product Support Services hotfixes.

    If the patch for this issue is installed on a system with one of these versions of ntoskrnl.exe, the machine will fail on the first reboot with a Stop 0x00000071 message and will have to be recovered using the Windows 2000 recovery console and the backup copy of ntdll.dll stored in the "\winnt\$NTUninstallQ815021$" directory.

    To update a system with a version of ntoskrnl.exe distributed from Product Support Services, you must first contact PSS before applying this patch. Information on contacting Product Support Services can be found at:

    Kurt M. Keys BSCS, MCSE+I, CNA, GISO
    Information Security Specialist
    San Diego Data Processing Corporation
    858-581-7844
    kkeys@sddpc.org
    _______________________________
    Bill Martin
    Information Security Officer
    San Diego Data Processing Corporation
    858-581-9726
    bmartin@sddpc.org
    _______________________________

    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input
    box giving hackers complete access to all your backend systems!
    http://www.spidynamics.com/mktg/sqlinjection33

  • Next message: Nero, Nick: "RE: Expire accounts from Active Directory after a period of inactivity"