In terms of stability, MS has added the following warning to the bulletin: "Warning If you are running Windows 2000 Service Pack 2 (SP2), you must check the version of Ntoskrnl.exe on your computer before you install this update. To do this: Open the %Windir%\System32 folder. Right-click the Ntoskrnl.exe file, click Properties, and then click the Version tab. Versions of Ntoskrnl.exe from 5.0.2195.4797 to 5.0.2195.4928 are not compatible with this update. These versions were distributed only with Microsoft Product Support Services hotfixes. If you install the update that is described in this article on a computer with an Ntoskrnl.exe version from 5.0.2195.4797 to 5.0.2195.4928, the computer stops responding with a "Stop 0x00000071" message when you restart the computer. If this occurs, you must recover the Windows installation by using Windows 2000 Recovery Console and the backup copy of the Ntdll.dll file that is stored in the Winnt\$NTUninstallQ815021$ folder" The full details are located here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q815021&sd=tech I feel for the folks who blue screened their production servers they may have attempted to patch... Fortunately, we caught it on test systems first. HTH Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonanat_private http://www.bmc.com > -----Original Message----- > From: Royans Tharakan [mailto:RTharakanat_private] > Sent: Tuesday, March 18, 2003 22:02 > To: Sarah Kenna Groark; Nicolas Gregoire; Gary O'leary-Steele > Cc: pen-testat_private > Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability > > I checked this out. SANS had an emergency webcast this morning > in which a lot of security engineers reviewed this bug. Few microsoft > guys where there who confirmed that OWA uses its own version of WEBDAV > which overrides the version which is installed by the OS. > They said the version of WEBDAV in OWA is not vulnerable to this exploit. > > However, I'm still hunting for an exploit to test it. Obviously we don't > want to upgrade OWA if it can be avoided. We don't know how stable the > patch is at this point. > > rkt > > -----Original Message----- > From: Sarah Kenna Groark [mailto:sarahat_private] > Sent: Tuesday, March 18, 2003 4:35 PM > To: Royans Tharakan; Nicolas Gregoire; Gary O'leary-Steele > Cc: pen-testat_private > Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability > > > > >Someone said that OWA is not at risk so we are not patching it for > webdav. > > Is there a definitive statement on this somewhere? I am trying to track > down for a client whether OWA is vulnerable to this and unfortunately do > not have an environment where I can test it myself at the moment. > > Any info much appreciated. > > Take care, > // Sarah > > > -------------------------------------------------------------------------- > -- > Did you know that you have VNC running on your network? > Your hacker does. Plug your security holes now! > Download a free 15-day trial of VAM: > http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 10:09:38 PST