Full Disclosure mailing list archives
RE: Patching networks redux
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 09:59:37 +1200
Byron Copeland <nodialtone () comcast net> wrote: [restructured to proper quoting order so the question makes sense]
On Wed, 2003-07-30 at 18:58, Alan Kloster wrote:
<<snip Paul Schmehl>>
Reading the notice from Microsoft MS03-026 suggests that nothing below Win2k SP3 or NT SP6a can be patched effectively. They kind of hid this in one of the extra pull downs on the website. We are finding that the patch can be applied to systems that don't meet this criteria, but doesn't take, and the Eeye scanner still shows them vulnerable. Just a heads up for people who haven't applied the service packs, but think they are safe. Windows update also doesn't show the patch as available for machines at the wrong SP level. Props to Eeye for helping us all with the scanner tool.Do you have a specific link to that paragraph noting that. I've looked around and didn't catch anything on the MS site saying that.
Got to in your favourite browser: http://www.microsoft.com/technet/security/bulletin/MS03-026.asp Hit Ctrl-F (or whatever starts a "find in current page" search in your browser). Enter "6a" (without the quotes). Bingo! Unless, of course, you use IE in which case that may not work. I like the way Mozilla, with scripting disabled, renders those pages -- non of those poxy drop-down sections where the guts of the information you are looking for is hidden; it's all laid out and you can quickly skim through the page until the sub-section likely to contain the specific detail you are looking for looms into view. In case you are still using that security nightmare that some pass off as a web browser, here is the specific text your "oh so helpful" browser and MS's "form over content" web designers felt should be hidden away and hard for you to find: ------------------------------------------------------------------ Additional information about this patch Installation platforms: * The Windows NT 4.0 patch can be installed on systems running Service Pack 6a. * The Windows NT 4.0, Terminal Server Edition patch can be installed on systems running Windows NT 4.0, Terminal Server Edition Service Pack 6. * The Windows 2000 patch can be installed on systems running Windows 2000 Service Pack 3, or Service Pack 4. * The patch for Windows XP can be installed on systems running Windows XP Gold or Service Pack 1. * The patch for Windows Server 2003 can be installed on systems running Windows Server 2003 Gold. ------------------------------------------------------------------
Thanks,
You're welcome. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Patching networks redux Schmehl, Paul L (Jul 30)
- Re: Patching networks redux Jason (Jul 31)
- <Possible follow-ups>
- RE: Patching networks redux Alan Kloster (Jul 30)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Schmehl, Paul L (Jul 31)
- RE: Patching networks redux John . Airey (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)