Re: ISSUES WITH MS03-007
From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 03/19/03
- Next message: Roger Abell [MVP]: "Re: Windows Backup"
- Previous message: Roger Abell [MVP]: "Re: 2000 server exploit, webDAV"
- In reply to: Keith W. McCammon: "FYI: ISSUES WITH MS03-007"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> Date: Tue, 18 Mar 2003 21:28:20 -0700
OK, one more note.
If you are holding off on the patch, do not hold off
on using the provided information to immediately
block the known exploit vector on boxes with IIS.
The info on using this is out in the public space.
-- Roger "Keith W. McCammon" <km@km.com> wrote in message news:ez2IqYZ7CHA.2368@TK2MSFTNGP10.phx.gbl... > The following was just posted to NTBUGTRAQ, in response to numerous reports > of problems with this patch. > > ----------------------------------------------------------- > ----- Original Message ----- > From: "Russ" <Russ.Cooper@RC.ON.CA> > To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM> > Sent: Tuesday, March 18, 2003 4:13 PM > Subject: Alert: Problems with MS03-007 installed > > > I now have confirmation of several installations with MS03-007 where the > system either crashed or stopped performing otherwise functioning tasks. > I have attempted to contact MS to confirm this with them but have been > unable so far. > > Clearly there are problems. Use the DisableWebDAV registry key from > Q241520 in the meantime if you are not using WebDAV. > > I did receive the following information from a Microsoft employee; > > ---- > Subject: STOP 0x71 after applying MS03-007 > > If server that is failing with a STOP 0x71 after applying MS03-007 > (Specifically Q815021), Copy back their NTDLL.DLL from the > \winnt\$NTUninstallQ815021$\ directory to the \winnt\system32 & > \winnt\system32\dllcache. > > Use Recovery Console per this article to rename the existing ntdll.dll > in BOTH sub-directories and copy in the previous NTDLL.DLL from the > above location. > > 229716 Description of the Windows 2000 Recovery Console > http://support.microsoft.com/?id=3D229716 > > This will return servers to being vulnerable to the weakness described > on Windows Update. > ---- > > Additional information received indicates that there is probably a 3rd > copy of NTDLL.DLL which needs to be replaced to correct this situation; > > \winnt\driver cache\i386\ntdll.dll > > More as we get it. > > Cheers, > Russ - NTBugtraq Editor > > ----------------------------------------------------------- > > >
- Next message: Roger Abell [MVP]: "Re: Windows Backup"
- Previous message: Roger Abell [MVP]: "Re: 2000 server exploit, webDAV"
- In reply to: Keith W. McCammon: "FYI: ISSUES WITH MS03-007"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
