Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

FYI: MS06-049 patch (920958) corrupts NTFS compression files

From: kjm () rins ryukoku ac jp (KOJIMA Hajime)
Date: Mon, 11 Sep 2006 12:19:03 +0900
  just FYI...

  MS06-049 patch (920958) corrupts NTFS compression files. 

Affected sytem
--------------

  Windows 2000 SP4 + MS06-049 patch (920958)

Discussion
----------

* Discussion in english:
  
http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?&query=920958&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.win2000.file_system&p=1&tid=d826afe9-2ab1-4b2f-ae11-cc27702f574a
* Discussion in japanese:
  http://slashdot.jp/~oops/journal/
  http://pc8.2ch.net/test/read.cgi/win/1151414872/47-
  http://slashdot.jp/security/article.pl?sid=06/09/10/068243

How to demonstrate
------------------

  1. Creat folder on NTFS partition.
  2. Enable NTFS compression to that folder.
  3. Insert Windows 2000 Installation disk to your CD-ROM drive.
  4. Copy all files from Windows 2000 Installation disk to that
     folder.
  5. Compare.

How to prevent
--------------

  Uninstall MS06-049 patch (920958).

How to find corrupted files
---------------------------

  Try findcorr tool (by 147-win/1151414872):
  http://211.2.20.24/pub/findcorr.lzh

  C:\> findcorr.exe
  Usage: findcorr [-a] [-d] [-e] path

  Options:
           -a      Scan all files including uncompressed files.
           -d      Report compression directories.
           -e      Exact mode.

How to fix corrupted files
--------------------------

  Restore them from backups.

Patch and NTFS compression
--------------------------

  If you install patch, patch installer create backup folder for
  uninstall, such as C:\WINNT\$NtUninstallKB920958$, and copy old
  files to it.

  This folder is NTFS compression enabled automatically.  You
  cannot turn off this feature.

Official information from Microsoft
-----------------------------------

  Not yet, but they are working to fix problem.

- kjm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: