Microsoft Security Bulletin MS03-033 - 823718

From: Kitty B. (ZUOTVYPEJQCV_at_spammotel.com)
Date: 08/21/03 

Date: Thu, 21 Aug 2003 14:16:29 -0700

I experienced a problem with this update. This update
does not install all required files for MDAC 2.5, Service
Pack 3. It does NOT install
odbcbcp.dll version 3.70.11.40
and
sqlsrv32.dll version 3.70.11.40.

(see file list in at
http://support.microsoft.com/default.aspx?scid=kb;en-
us;823718)

I did a workaround by
- downloading Q823718_MDAC_SecurityPatch.exe and saving it
on my disk
- opening Q823718_MDAC_SecurityPatch.exe with a zip utility
- extracting the two needed files, renaming them (without
the _253) and using them to replace the older files in
\WINNT\system32 and \WINNT\system32\dllcache.
- rebooting

I believe problem is in the .inf file, either
Q823718-253_WinNT.inf
or
Q823718-253_WinNTx.inf

These list only 2 of the 4 files to be installed; they are
missing the files listed above.

Why you're at it, why not ask someone to review ALL
the .inf files against the file list in the Knowledge Base
article?

>-----Original Message-----
>Title: Unchecked Buffer in MDAC Function Could Enable
System Compromise
>(823718)
>Date: August 20, 2003
>Software: Microsoft Data Access Components 2.5; Microsoft
Data Access
>Components 2.6; Microsoft Data Access Components 2.7
>Impact: Run code of the attacker's choice
>Maximum Severity Rating: Important
>Bulletin: MS03-033
>
>The Microsoft Security Response Center has released
Microsoft Security
>Bulletin MS03-033
>
>What Is It?
>The Microsoft Security Response Center has released
Microsoft Security
>Bulletin MS03-033 which concerns a vulnerability in
Microsoft Data
>Access Components versions listed above. Customers are
advised to
>review the information in the bulletin and test and
deploy the patch in
>their environments, if applicable.
>
>More information is now available at
>http://www.microsoft.com/technet/security/bulletin/MS03-
033.asp
>
>If you have any questions regarding the patch or its
implementation
>after reading the above listed bulletin you should
contact Product
>Support Services in the United States at 1-866-PCSafety
>(1-866-727-2338). International customers should contact
their local
>subsidiary.
>
>--
>Regards,
>
>Jerry Bryant - MCSE, MCDBA
>Microsoft IT Communities
>
>Get Secure! www.microsoft.com/security
>
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>.
>

Relevant Pages

  • Microsoft Security Bulletin MS03-033 - 823718 **PROBLEM**
    ... does not install all required files for MDAC 2.5, ... >The Microsoft Security Response Center has released ... >Bulletin MS03-033 which concerns a vulnerability in ...
    (microsoft.public.security)
  • Re: Any help here???
    ... If you are having odd connectivity issues then ... AFAIK you cannot uninstall MDAC once its installed. ... Format your drive, do a new/clean install of XP, and go from there. ... > troubleshoot SQL Server connectivity issues - you should investigate the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Could not install or remove the Internet Authentication
    ... I want to roll back the MDAC install. ... IAS does not start because it is not installed. ... It sort of behaves like incorrectly configured connection to an Oracle ...
    (microsoft.public.internet.radius)
  • Re: windows update kb927779 always reoffers to install even alread
    ... And even download SP2 and install again same.... ... Then I run System File Checker tool on a Windows XP SP2-based computer by ... I don't see how you can repair MDAC without ...
    (microsoft.public.windowsupdate)
  • Re: Using vfoledb with webservices?
    ... later MDAC package and install that. ... MDAC 2.7 or 2.8 doesn't install specific OLE or ODBC drivers for any ... particular database engines except Oracle and SQL Server. ...
    (microsoft.public.fox.programmer.exchange)