Full Disclosure mailing list archives

RE: Patching networks redux

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 09:59:37 +1200

Byron Copeland <nodialtone () comcast net> wrote:

[restructured to proper quoting order so the question makes sense]

On Wed, 2003-07-30 at 18:58, Alan Kloster wrote:

<<snip Paul Schmehl>>

Reading the notice from Microsoft MS03-026 suggests that nothing
below Win2k SP3 or NT SP6a can be patched effectively.  They kind 
of hid this in one of the extra pull downs on the website.  We are
finding that the patch can be applied to systems that don't meet
this criteria, but doesn't take, and the Eeye scanner still shows
them vulnerable.  Just a heads up for people who haven't applied the
service packs, but think they are safe.  Windows update also doesn't
show the patch as available for machines at the wrong SP level. 

Props to Eeye for helping us all with the scanner tool.


Do you have a specific link to that paragraph noting that.  I've looked
around and didn't catch anything on the MS site saying that.


Got to in your favourite browser:

  http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Hit Ctrl-F (or whatever starts a "find in current page" search in your 
browser).  Enter "6a" (without the quotes).  Bingo!

Unless, of course, you use IE in which case that may not work.  I like 
the way Mozilla, with scripting disabled, renders those pages -- non of 
those poxy drop-down sections where the guts of the information you are 
looking for is hidden; it's all laid out and you can quickly skim 
through the page until the sub-section likely to contain the specific 
detail you are looking for looms into view.

In case you are still using that security nightmare that some pass off 
as a web browser, here is the specific text your "oh so helpful" 
browser and MS's "form over content" web designers felt should be 
hidden away and hard for you to find:

------------------------------------------------------------------
Additional information about this patch

    Installation platforms:

        * The Windows NT 4.0 patch can be installed on systems running
          Service Pack 6a.
        * The Windows NT 4.0, Terminal Server Edition patch can be
          installed on systems running Windows NT 4.0, Terminal Server
          Edition Service Pack 6.
        * The Windows 2000 patch can be installed on systems running
          Windows 2000 Service Pack 3, or Service Pack 4.
        * The patch for Windows XP can be installed on systems running
          Windows XP Gold or Service Pack 1.
        * The patch for Windows Server 2003 can be installed on systems
          running Windows Server 2003 Gold.
------------------------------------------------------------------

Thanks,


You're welcome.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Patching networks redux Schmehl, Paul L (Jul 30)
- Re: Patching networks redux Jason (Jul 31)
- <Possible follow-ups>
- RE: Patching networks redux Alan Kloster (Jul 30)
  - RE: Patching networks redux Byron Copeland (Jul 31)
    - RE: Patching networks redux Nick FitzGerald (Jul 31)
- RE: Patching networks redux Schmehl, Paul L (Jul 31)
- RE: Patching networks redux John . Airey (Jul 31)
  - RE: Patching networks redux Nick FitzGerald (Jul 31)