Re: Q811114 and Q815021
From: Anthony Kim (Anthony.Kim_at_VWCREDIT.COM)
Date: 07/03/03
- Previous message: Anthony Kim: "Re: How to block users from installing other apps"
- In reply to: Floyd Russell: "Q811114 and Q815021"
- Next in thread: Eric: "Re: Q811114 and Q815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jul 2003 16:19:15 -0500 To: focus-ms@securityfocus.com
On Thu, Jul 03, 2003, Floyd Russell wrote:
> I'm confused by Windows Update ( not suprising ). According to Windows
> Update I need to install Q815021 however, Q811114 is installed. Should the
> latter, being a "Cumulative Patch", already include Q815021? I would think
> so. Anyone else notice this - Windows NT Server 4.0 only.
Q811114 does not contain the updated ntdll.dll patch found in
Q815021.
The WebDAV/ntdll.dll patch (815021) was not built for NT back in
March... Even though the original attack vector for the
vulnerability, WebDAV, which prompted the patch, is not
available for NT, the core vulnerability in ntdll.dll still
exists in NT and as they found out also in XP.
The revised 815021 which came out a little later than the
811114 cumulative IIS patch addresses these issues.
http://support.microsoft.com/?kbid=815021
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Anthony Kim: "Re: How to block users from installing other apps"
- In reply to: Floyd Russell: "Q811114 and Q815021"
- Next in thread: Eric: "Re: Q811114 and Q815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
