Re: New MS patches crashed my 2k3 SP1 PDC

• Previous message: Manuel J. Morales: "Re: Latest patches: restart issues?"
• Maybe in reply to: Hamid . K: "New MS patches crashed my 2k3 SP1 PDC"
• Next in thread: Thor (Hammer of God): "Re: New MS patches crashed my 2k3 SP1 PDC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 21 Aug 2005 01:43:41 -0700 (PDT)
To: focus-ms@securityfocus.com

Skill2die is 100% right , about testing everything
_BEFORE_ deply on critical systems .even WSUS warn you
in RED not to deploy patches without testing them ! ,.
after some checks here and there , I guess I`ve found
some reasons for that crash . Although it didn`t
stopped our businnes for more thn few hours ( lack of
fast restoring mechanism and) but it was hard to
bypass.

I`ll plan for checking patches one by one on a test
pdc ASAP , but what I`m sure is that the crash is
caused by
pnp or IE patch , not print spooler or telephony
service or ...
AND , remember that release-candidate version of 2k3
sp1 ? I guess that`s the most reasonable reason for
the conflict . RC-SP1+pnp patch = ????

anyway I`ll test them all and report back here :>

just some quick hints for crash-recovery in case
you`ve
same problem (can`t get into safe-mode)and have no
backup !!!

boot the crashed system , in command-prompt mode
and go to windows directory .
running "dir /AD *uninstall*" will give you list of
installed hotfixes on system . hotfixes are identified
by their KB number . move to directory
$NtUninstallKB899588$\spuninst
in case of ms05-039 pnp hotfix , and run
"spuninst.exe" . it will uninstall the patch.
note that there is no guaranty to get back your
domain-controller work reliable as it was before
installing patch !

regards

--- Adil Absar <sabsar@csc.com> wrote:

>
>
>
>
> You have to test and reapply the patches 1 by 1.
>
> It will be very surprising if the patch targets a
> PDC only and not a DC ,so
> fire up a test DC and apply patches 1 by 1.
>
> If it is MS05-039 that is causing the problem ,
> every one will be
> interested, including MS, since that is related to
> all the recent viruses.
> However since the plug and play vulnerability
> (Ms05-039) cannot be
> exploited remotely and anonymously (spelling!) on
> w2k3 it is not a critical
> problem for you, and you have compensating controls
> to utilise (see ms
> bulletin)
>
> Adil Absar
> CSC Global Security Solutions
> Based : London , UK
>
>
>
>
----------------------------------------------------------------------------------------
>
> This is a PRIVATE message. If you are not the
> intended recipient, please
> delete without copying and kindly advise us by
> e-mail of the mistake in
> delivery. NOTE: Regardless of content, this e-mail
> shall not operate to
> bind CSC to any order or other contract unless
> pursuant to explicit written
> agreement or government initiative expressly
> permitting the use of e-mail
> for such purpose.
>
----------------------------------------------------------------------------------------
>
>
>
>
>
>
>
> "Hamid . K"
>
>
> <elite_netbios To:
> focus-ms@securityfocus.com
>
> @yahoo.com> cc:
>
>
>
> Subject: New MS patches crashed my 2k3 SP1 PDC
>
> 20/08/2005 06:24
>
>
>
>
>
>
>
>
>
> Hi list ,
>
> After deploying new set of microsoft patches
> released
> this months , we experienced a heavy crash on out
> domain controller systems which are based on windows
> 2003 SP1 !
> just after a clean install of last 5 patches ,
> windows will no more boot ! nice blue screen of
> death
> is what MS dedicated to us !
> another friend of mine , in his own network
> experienced the same . cool point is that _ONLY_ PDC
> systems are affected to this unexpected crash . no
> other 2k3 SP1 server had any problem with patches .
>
> anyone else have had same problem ?
> what the hell is going wrong ?
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - Find what you need with new enhanced
> search.
> http://info.mail.yahoo.com/mail_250
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
>
>
>

                
__________________________________
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Manuel J. Morales: "Re: Latest patches: restart issues?"
• Maybe in reply to: Hamid . K: "New MS patches crashed my 2k3 SP1 PDC"
• Next in thread: Thor (Hammer of God): "Re: New MS patches crashed my 2k3 SP1 PDC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]