Microsoft is aware of a problem with the recently released security patch MS03-029 (http://www.microsoft.com/technet/security/bulletin/MS03-029.asp) This patch corrects a Moderate rated Denial of Service security vulnerability in Microsoft Windows NT 4.0 Server. Specifically there is a problem with the patch when installed on systems that are also running RRAS (Routing and Remote Access Service) that causes the RRAS Service to fail when the system is rebooted after applying the patch. It is important to note that the security fix itself is unaffected and the patch is still effective in correcting the DOS flaw. Microsoft is investigating this problem and will shortly issue a fix to correct it once that fix has been thoroughly tested. The security bulletin has been updated to reflect this. In the meantime customers affected by the problem may take one of the following actions. 1. Contact Microsoft Product Support Services for a hot fix that corrects the problem. This fix has not yet been extensively tested and should therefore only be applied by customers who are directly affected by the RRAS problem. 2. Install the patch if you do not need the RRAS service. The RRAS Service will fail to start however this will not impact normal operations other than those that use the RRAS Service. 3. Review the security bulletin and assess whether your enviroment requires the security patch. 4. Wait until a fix for the RRAS problem has been fully tested and released. The security bulletin will be updated when this happens. Regards, Microsoft Security Response Center
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 15:05:01 PDT