I just had a 'patch event' applying the re-released malformed header patch. I went through the Microsoft security bulletins and carefully checked the dates before downloading and applying the patch. I did not apply the first release of the patch before applying the updated one. This is on an NT 4.0 SP5 system. The re-released patch itself caused a very effective denial of service. Once applied, the Web server would no longer serve pages; the browser hung with the message 'Host www.....com contacted; Waiting for reply....". Reapplying SP5 corrected the problem. I repeated the procedure, applying the patch after reapplying SP5; the DoS repeated after applying the malformed header patch. Reapplying SP5 repaired the patch. The event logs did not report anything out of the ordinary. I do not know if others are seeing this, but it seemed worth reporting. Before you attempt this patch, make sure you have SP5 available in case you need it to recover. Michael Brennen President, FishNet(R), Inc. (972) 669-0041
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:48 PDT