Educause Security Discussion mailing list archives

Re: Problems with MS04-032(840987) on Windows 2000 and alleged Exploit published

From: Derek Spransy <dsprans () EMORY EDU>
Date: Wed, 20 Oct 2004 16:00:11 -0400

Hi Gary,

   We had the same problem with GX-150s running Windows 2000.  Just
removing the Intel ATA driver all together solves the problem as well.  When
installing the updated drivers we had several machines who came back with
another BSOD saying that the boot device was inaccessible.  Those had to be
rebuilt.
----- Original Message -----
From: "Gary Flynn" <flynngn () JMU EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Wednesday, October 20, 2004 3:21 PM
Subject: [SECURITY] Problems with MS04-032(840987) on Windows 2000 and
alleged Exploit published

Hi,

A heads up:

We're seeing about 6% of our Dell windows 2000 computers
repeatedly blue screen on boot after installation of
MS04-032(840987). Most are model GX150. Booting to safe
mode and removing the patch solves the immediate problem.

According to some posts on Microsoft's newsgroups,
replacing the Intel ATA Ultra driver with the
newer Intel "Applications Accelerator" driver
fixes the problem but we haven't tested it yet
to see if that fixes all problems. If anyone else has
had any similar experiences and can share their results,
it would be greatly appreciated.

To make matters worse, some folks posted a program
they claim to be an exploit for one of the defects
fixed in the patch. If it works as claimed, a one
line command will create a picture file that, when
viewed, will either open a cmd shell port or download
and execute code from a web site of the perpetrator's
choosing.

Patch link:
http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx

Intel driver links:
http://downloadfinder.intel.com/scripts-df/Product_Filter.asp?ProductID=182
http://downloadfinder.intel.com/scripts-df/Product_Filter.asp?ProductID=663

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Problems with MS04-032(840987) on Windows 2000 and alleged Exploit published Gary Flynn (Oct 20)
- <Possible follow-ups>
- Re: Problems with MS04-032(840987) on Windows 2000 and alleged Exploit published Derek Spransy (Oct 20)