Full Disclosure mailing list archives
Re: RPC DCOM Patches
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 09:11:09 +1200
"John Sec" <john_sec_lists () hotmail com> wrote:
The MS website says that the patch can only be applied to Windows 2000 systems with SP3 or SP4. Has anybody tried to run the patch on an SP2 system? ...
No, but limited experience with other patches that have similar restrictions results in a "You must first install <required_SP> ..." dialog boxen...
... Are NT 4 Workstations vulnerable too, or just NT 4 Servers?
NT 4.0 WS is bound to be vulnerable. MS did not release a patch because the product had hit its official end-of-life before the patch was released. Again, previous experience of similar situations suggests that the patch installer will refuse to run on NT 4.0 WS though I've not tried it. You may find that manually "porting" the updated files via a home-grown installation procedure "fixes" NT 4.0 WS boxes, but be aware that the updated files will not have been tested in that environment and may introduce other problems. If you have the time to do some testing on a lab machine it could be worth the effort if you have enough active NT 4.0 WS machines to be concerned... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RPC DCOM Patches John Sec (Jul 31)
- Re: RPC DCOM Patches Michael Scheidell (Jul 31)
- Re: RPC DCOM Patches Nick FitzGerald (Jul 31)
- <Possible follow-ups>
- RE: RPC DCOM Patches Tinsley Paul (Jul 31)
- Re: RPC DCOM Patches r1an (Jul 31)