RE: MS03-007 Round-up

From: Dozal, Tim (tdozal@cisco.com)
Date: 03/25/03

Next message: manssonjohan@telia.com: "SMB Brute Force"

Previous message: Laura A. Robinson: "RE: Expire accounts from Active Directory after a period of inactivity"
Maybe in reply to: Marc Fossi: "MS03-007 Round-up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Mar 2003 15:45:14 -0800
From: "Dozal, Tim" <tdozal@cisco.com>
To: "Chris Gallimore" <ChrisG@concur.com>, "Marc Fossi" <mfossi@securityfocus.com>, "Focus-MS" <focus-ms@securityfocus.com>

This should clear things up:

ntoskrnl.exe versions 5.0.2195.4797 to 5.0.2195.4928 are not compatible
with versions of ntdll.dll that are greater than 5.0.2195.4797.

If a you apply a hotfix that only updates to one of those binaries, the
two binaries will now be in a 'mismatched' state and the machine will
blue screen after rebooting for the first time.

If you are running Win2K SP2 and the ntoskrnl.exe file version is
between is 5.0.2195.4797 and 5.0.2195.4928 you can get a STOP 0x00000071
on the first reboot after applying the patch.

Ensure that the ntoskrnl.exe file version is greater than or equal to
5.0.2195.4929 or apply Win2k SP3 before applying MS03-007.

MS also just released this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;815021

Cheers,
Tim

-----Original Message-----
From: Chris Gallimore [mailto:ChrisG@concur.com]
Sent: Monday, March 24, 2003 9:06 AM
To: Dozal, Tim; Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That's not always the case; my company has over 200 sp2 web servers that
are all running this patch and not a single one had an issue with it.

- -----Original Message-----
From: Dozal, Tim [mailto:tdozal@cisco.com]
Sent: Friday, March 21, 2003 4:38 PM
To: Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up

As far as our groups have been able to tell, the problems caused by this
patch are related to the dependencies of 4 .dll files and this patch
replaces ONE of those .dll files. In order to avoid the blue screens
you need to first patch your system with Win2k SP3 since the updated
.dll file in the MS03-007 patch was designed to work with the other .dll
files from W2k SP3. If you do not have SP3 as I understand it you WILL
get a blue screen on reboot.

Hope that helps.

- -Tim

- -----Original Message-----
From: Marc Fossi [mailto:mfossi@securityfocus.com]
Sent: Wednesday, March 19, 2003 12:55 PM
To: Focus-MS
Subject: MS03-007 Round-up

Hey folks,

I think that we've pretty much established that this patch does cause
problems on some systems and not on others. Seems to be about 50/50
judging from the posts.

At this point I'm not going to approve any more posts about it unless
someone offers conclusive evidence as to what the problem is or a
remedy. I know that there are MS people subscribed to the list and their
silence on this says to me that they are aware that there is a problem
(though it would be nice to actually hear it from them).

On a side note, the bulletin has been updated with some info about a
possible conflict with a prior hotfix released by PSS. Check out the
FAQ in the bulletin. Not sure if this covers everyone who reported
problems with the patch or if there are additional issues there.

Marc Fossi
Symantec Corp.
www.symantec.com

- ----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as
simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPn86yfX/3fXjg2cjEQL8LgCgkOA2hgcr71jZMj3Rc9ggK8gB+a8AoK23
Q87BiCBJKblZMclCMCK2Oaha
=/8OV
-----END PGP SIGNATURE-----

----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1

Next message: manssonjohan@telia.com: "SMB Brute Force"

Previous message: Laura A. Robinson: "RE: Expire accounts from Active Directory after a period of inactivity"
Maybe in reply to: Marc Fossi: "MS03-007 Round-up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Microsoft Security Advisory MS 03-007 - Problems
... We are currently researching a very specific issue with the patch. ... My first install on a freslhly built W2K ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
(Focus-Microsoft)
RE: MS03-007 Round-up
... patch are related to the dependencies of 4 .dll files and this patch ... replaces ONE of those .dll files. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
(Focus-Microsoft)
RE: Microsoft Security Advisory MS 03-007 - Problems
... recommending that the patch be installed. ... would have a problem installing this patch, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
(Focus-Microsoft)
RE: Microsoft Security Advisory MS 03-007 - Problems
... I had one person report problems installing the patch on a server running ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ... It's as simple as placing additional SQL commands into a Web Form input ...
(Focus-Microsoft)
RE: Microsoft Security Advisory MS 03-007 - Problems
... I think that one of the most important things to remember about this patch ... MS has released buggy patches in the past. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
(Focus-Microsoft)