Given that this vulnerability can generally only be exploited through malicious use from *within* the network (at least for most organisations), you may want to hold off on SP4. This will depend on your assessment of the threat in your environment. SP4 was only released last week and it is usually prudent to wait to see if any major bugs appear before installing it. I'm sure you remember the problems introduced by Windows NT 4.0 SP6, which were then urgently fixed in SP6a?
You could always install the hotfix first and hold off a while on SP4. More info on this vulnerability here: http://www.coresecurity.com/common/showdoc.php?idx=351&idxseccion=10 Tony ---------- Original Message ---------------------------------- Wrom: NKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUC Reply-To: [EMAIL PROTECTED] Date: Thu, 3 Jul 2003 11:10:44 +0100 I received notification about a vulnerability in AD this morning - details are at http://support.microsoft.com/default.aspx?kbid=319709 It looks like the recommended fix is to upgrade my DCs to SP4. I was planning to wait a lot longer before I inflict SP4 on any machines that I care about, but it looks like this might force my hand a bit. What's everyone else doing? Has anyone heard of *any* problems with SP4 yet? -- Steve Bennett, Systems Support Lancaster University List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
