TEST TEST TEST. You are going to Fsk yourself hard one day taking chances like that.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Hoffman Sent: Friday, October 19, 2001 6:54 AM To: MSWinNT Discussions Subject: RE: Microsoft Security Bulletin : MS01-52 Terminal Services Failu re - Patch kills terminal services I've installed on Win2K Server, but haven't rebooted yet... I'm thinking about uninstalling it before I even try (this is our Exchange box). Matt -----Original Message----- From: Brad Staaterman [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 18, 2001 8:22 PM To: MSWinNT Discussions Subject: Re: Microsoft Security Bulletin : MS01-52 Terminal Services Failure - Patch kills terminal services OUCH! Thanks for the heads up. Anyone else try it yet? Brad ----- Original Message ----- From: "David N Precht" <[EMAIL PROTECTED]> To: "MSWinNT Discussions" <[EMAIL PROTECTED]> Sent: Thursday, October 18, 2001 6:39 PM Subject: FYI : Microsoft Security Bulletin : MS01-52 Terminal Services Failure - Patch kills terminal services > > > -----Original Message----- > From: Windows NTBugtraq Mailing List > [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Dorrans > Sent: Thursday, October 18, 2001 15:39 > To: [EMAIL PROTECTED] > Subject: Microsoft Security Bulletin : MS01-52 Terminal Services > Failure > - Patch kills terminal services > > > - ---------------------------------------------------------------------- > Title: Invalid RDP Data can Cause Terminal Service Failure > Date: 18 October 2001 > Software: Windows NT 4.0 Server, Terminal Server Edition, > Windows 2000 Server and Advanced Server > Impact: Denial of service > Max Risk: Moderate > Bulletin: MS01-052 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS01-052.asp. > - > ---------------------------------------------------------------------- > > > So, as I'm at home I though I'll test the patch out. > > It's a killer, I now have a very very sick SQL box, and a not so sick, > but still sick IIS server. > > The SQL server box is in a continuous reboot mode, the IIS box is > stable, but not allowing Terminal services connections. On each > machine terminal services is in Remote Administration mode (ie. One > connection only, from Administrator group members) > > The SQL server Error log is filled with Event ID 1014s from the > Terminal Server service, Cannot load illegal module > C:\WINNT\System32\rdpwsx.DLL. The IIS log is missing this report. > > Terminal Services is in an "uncontrollable" state from the Services > control panel applet. The applet believes the service has started, yet > the start, pause, stop and restart buttons are inactive and grey. A > reboot of the server seems to not add errors into the error log, > however the service itself is still as dead as a dodo. Time after > login in either box seems longer than normal, up to 2 minutes on the > SQL server. This may be due to SQL objecting to the numerous restarts > and rolling back transactions. > > Attempted connections to either box via the terminal services client > application (both servers appear in the list), or the TSWeb > application believe that terminal services is busy. > > The SQL server box does also (at seemingly random intervals) die with > a blue screen in TCP/IP.SYS > > Now these boxes do have the odd strange thing on, the .Net beta 2 CLR > is on the IIS box, OLAP on SQL but neither have any of the same sets > of "weird" software, so I doubt it's interference with some dodgey > development code I've installed :) > > An uninstall of the patch fixes everything on the IIS box. The SQL box > still random reboots or dies in TCPIP.SYS > > As you can imagine I'm a little unwilling to experiment further, > having recovered the machines to a useful, stable state again. I would > strongly suggest that before installing the patch on remote servers > you test it in your own configurations. > > If anyone requires more information, please feel free to contact mine > (just be mindful I'm in BST!) > > (I've CC secure@ ms.com, although if anyone has a better address to > email, please let me know) > > Barry > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
