Problems with MS04-032(840987) on Windows 2000 and alleged Exploit published

[Gary Flynn <flynngn () JMU EDU>]

Hi,

A heads up:

We're seeing about 6% of our Dell windows 2000 computers
repeatedly blue screen on boot after installation of
MS04-032(840987). Most are model GX150. Booting to safe
mode and removing the patch solves the immediate problem.

According to some posts on Microsoft's newsgroups,
replacing the Intel ATA Ultra driver with the
newer Intel "Applications Accelerator" driver
fixes the problem but we haven't tested it yet
to see if that fixes all problems. If anyone else has
had any similar experiences and can share their results,
it would be greatly appreciated.

To make matters worse, some folks posted a program
they claim to be an exploit for one of the defects
fixed in the patch. If it works as claimed, a one
line command will create a picture file that, when
viewed, will either open a cmd shell port or download
and execute code from a web site of the perpetrator's
choosing.

Patch link:
http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx

Intel driver links:
http://downloadfinder.intel.com/scripts-df/Product_Filter.asp?ProductID=182
http://downloadfinder.intel.com/scripts-df/Product_Filter.asp?ProductID=663

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.