RE: New Microsoft security bulletins today

["Randal, Phil" <prandal () herefordshire gov uk>]

Shouldn't the basesrv.dll end up in c:\winnt\system32 as well?

Can the folks who are having this trouble tell us what OS version and
Service pack level they're on?

Cheers,

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK 

> -----Original Message-----
> From: Robert L. Harris [mailto:Robert.L.Harris () rdlg net]
> Sent: 16 October 2003 01:43
> To: Ben Nelson
> Cc: full-disclosure; Jerry Heidtke
> Subject: Re: [Full-disclosure] New Microsoft security bulletins today
>
>
>
>
> Yes, I got the same.  Somethings I found though:
>
> It's complaining about "basesrv" a dynamicly linked library.  
> I rebooted
> into Linux and ran some finds and found 3 files:
>
> WINNT/$NtUninstallKB824141$/basesrv.dll
> WINNT/ServicePackFiles/i386/basesrv.dll
> WINNT/system32/dllcache/BASESRV.DLL
>
> the one in system32/dllcache is dated Aug5, the other two are 
> dated June
> 19th.  As soon as I finish backing up a couple critical files 
> I'm going
> to use the recovery console to copy the $NTUninstall version back to
> system32/dllcache and see if that helps.
>
>
>
> Thus spake Ben Nelson (lists () venom600 org):
>
> > Well, after installing the patches recommended by Windows Update my 
> > machine won't boot.  It gives me a stop error complaining about an 
> > inaccessible boot device.
> >
> > Ruh-roh Microsoft......
> >
> > Has anyone else seen this behavior?  Thank god I test all 
> patches on a 
> > disposable box before applying them elsewhere.
> >
> > --Ben
> >
> > Jerry Heidtke wrote:
> > > Microsoft just issued 7 new security bulletins: 5 for 
> various Windows
> > > version and 2 for Exchange.
> > >
> > > Six are rated "critical", one is "important". Just to refresh your
> > > memory, a critical vulnerability is one that can be 
> exploited remotely
> > > and automatically (such as by a worm) and gives complete 
> system control.
> > > An important vulnerability is one can be exploited 
> remotely and gives
> > > complete system control, but cannot be exploited automatically or
> > > without some user action.
> > >
> > > Get patching.
> > >
> > > Confidentiality Notice: This e-mail message, including any 
> attachments,
> > > is for the sole use of the intended recipient(s) and may contain
> > > confidential and privileged information.  Any unauthorized 
> review, use,
> > > disclosure or distribution is prohibited.  If you are not 
> the intended
> > > recipient, please contact the sender by reply e-mail and 
> destroy all
> > > copies of the original message.
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> :wq!
> --------------------------------------------------------------
> -------------
> Robert L. Harris                     | GPG Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
>
> Life is not a destination, it's a journey.
>   Microsoft produces 15 car pileups on the highway.
>     Don't stop traffic to stand and gawk at the tragedy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html