>From another list: Original Message ----- From: "Jim Knouse" <[EMAIL PROTECTED]> Sent: Thursday, August 21, 2003 5:40 PM
"Seems many of you subscribe to Brian's Buzz. He published a story today; http://www.briansbuzz.com/w/030821/ that included a bit about the statement we, TruSecure Corporation, had posted on our website. During the initial rush to get information out about Blaster, we Included a statement that if you had Windows 2000 SP3, then applied MS03-026, you'd be patched. However, if you subsequently installed SP4, you would be reverted to an unpatched state. The testing that was used to come up with this statement was wrong. I did the testing, so I know it was wrong. Last week I rechecked this and found my mistake. Unfortunately, it took until Monday to get the TruSecure alert corrected. Brian refers to a different alert, the original alert about the RPC/DCOM overflow (TSA03-009). I'm not sure we ever had mention about SP4 reverting MS03-026 in that alert. I know we had it in TSA03-011, and that alert now contains the following"; "TruSecure Corporation originally believed that Windows 2000 machines which were at SP3, then patched with MS03-026, and then updated to SP4, would become vulnerable to the attacks against RPC/DCOM (e.g. Blaster). Subsequent testing proved this not to be the case. Systems patched in this method will retain the MS03-026 patch after applying SP4 and do not need to re-apply the patch. Apologies to all who read the incorrect information." -Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor William Lefkovics ----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jalen richard Sent: Thursday, August 21, 2003 7:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SP4 Windows 2000 upgrades to SP4 undo the MS03-026 patch. Take Windows 2000 machines with Service Pack 3, patch them with MS03-026, and then upgrade them to Service Pack 4. They become vulnerable to Blaster again. If you don't need the features of SP4, either hold off on installing it, or do install it and then manually disable the Windows DCOM service. (That last step will break applications that use DCOM.) A more complete description of this approach can be found in the Mitigations section of TruSecure article 03-009. Roger Seielstad <[EMAIL PROTECTED]> wrote: I would tend to agree with you. Then again, I also witnessed no less than 3 different releases of the same patch over the last 10 days. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SP4 Despite what the FAQ says, I've seen some win2k pro workstations where the patch would NOT install on SP2. Upgrading to SP3 allowed the patch to be applied. My guess is that what is really required is SP2 + some post SP2 hotfix. Again, this is only a guess on my part. Since our internal standard is SP3, we didn't spend anytime investigating - we just installed SP3. -----Original Message----- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:11 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SP4 Is the patch supported on Windows 2000 Service Pack 2? This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at http://support.microsoft.com/lifecycle. In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch. " http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-026.asp ----- Original Message ----- From: Hutchins, Mike To: [EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:36 AM Subject: RE: [ActiveDir] SP4 sp3 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 8:34 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SP4 The patch to stop the MSBlast virus only requires SP2 be installed on the machine. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:28 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SP4 Has anyone had issues with SP4 on DC's? We are getting hammered by the latest virus. Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
