Bugtraq mailing list archives
Bug in German Hotfix for MS00-070
From: Frank Heyne <fh () Rcs1 urz tu-dresden de>
Date: Fri, 16 Mar 2001 09:40:55 +0100
This bug is only in the german version of the Hofix for NT 4, but because I am not aware of any german security mailing list, I post it here. Hotfix archive gerq266433i.exe contains the file MSAuditE.dll, version 4.0.1381.7086 from 08.11.2000 This file contains a broken message table for security events. It contains a new security event 519. The translator for the german version of this file was kind a lazy, he did skip the ressource string for this new event. As a result of this, all other ressource strings for event 519 trough 644 are displaced, for instance event 519 is now interpreted as successful logon, event 528 is now interpreted as logon failure, deactivated user accounts are reported as deleted and much other nonsense. This is not exploitable, but very annoying for the admin. A more thoroughly description (in german language only ;) can be found at http://www.heysoft.de/Warnung.htm The error was reported to secure () microsoft com on 9. March 2001. They replied on 10. March that they "will get the needed corrections made soonest". Now we know soonest is not within a week at Microsoft, because the bugfix for the hotfix is still not available. Greetings Frank Heyne
Current thread:
- Bug in German Hotfix for MS00-070 Frank Heyne (Mar 16)