OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
What patches *must* I install?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What patches *must* I install?

  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: What patches *must* I install?
  • From: Russ <Russ.CooperRC.ON.CA>
  • Date: Mon, 9 Mar 1998 06:27:38 -0500
  • Reply-To: Russ <Russ.CooperRC.ON.CA>
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
After the recent attacks by Teardrop2, I figured I would send this out
to everyone just to be on the safe side. Here are the current security
Hot Fixes from Microsoft that reflect Denial of Service attacks. These
represent, to me, the *MUST HAVE* hot fixes.

This message can also be found at http://www.ntbugtraq.com/mustfix.htm

I am not going to give you URLs for these patches. The URLs vary
depending on your Language and Processor. I also am not going to mention
NT 3.51 patches. To get specifics on all of these things, go to
http://www.ntbugtraq.com/ntfixes.asp. That page gives you a mechanism to
get a complete listing of URLs for all of the patches I will mention,
but allows you to specify your Language, Processor, etc... so the URLs
reflect your system.

Obviously, you should check with your System Administrator before
applying any patches.

Service Pack #3 - SP3
---------------------
First, it should be realized that we are up to Service Pack #3. If you
are not running Service Pack #3, get it now. For those that don't know,
Service Packs are cumulative, meaning, you only have to apply the latest
one (not all the preceding ones as well).

Hot Fixes
---------
As has previously been pointed out, Hot Fixes for security issues are
fully supported. I'll go out on a limb here and say that the 4 I'm going
to mention below are all fully supported by Microsoft PSS. Clearly, if
any cause any problems on your machine you should contact NTBugTraq and
let us know, but I've tested each on my systems and not run into any
problems. We've also not had any reports of systems failing as a result
of any of these Hot Fixes.

1. admnfix = GetAdmin (Q146965)

GetAdmin was a utility that would grant a user Administrative privilege.
This fix also incorporates the double-click fix (Q170510) and the IE
Java fix (Q168748).

This fix IS language specific (due to inclusion of user32.dll);

Available versions for CHP, CHS, CHT, CZE, FRN, GER, JPN, KOR, NLD, SPA,
and USA
Not available for BRA, DAN, FIN, HUN, ITA, NOR, POL, RUS, and SVE.

2. chargen = Simple TCP Services fix (Q154460)

This fix should only be applied if you are running Simple TCP Services.
However, I cannot see a good reason why an important server should be
running Simple TCP Services in the first place (hey, that's my opinion).
If you are, I'd recommend reconsidering why you have them there in the
first place.

This fix IS language specific (due to inclusion of msafd.dll,
simptcp.dll, wshtcpip.dll);

Available versions for ALL LANGUAGES (Hurray!)

3. tearfix = TCPIP.sys (Q179129)

This fix should be applied to all systems and addresses all known TCPIP
exploits (including fragmentation attacks as known today).

This fix IS NOT language specific (since no .dlls are included)

This fixes Q143478 (oob), Q154174 (icmp), parts of Q154460 (simptcp),
Q165005 & Q177539 (land), and parts of Q169274 (IIS4fix).

4. srvfix = SRV.sys (Q180963)

Fixes a bug in the Server Service that could allow it to abend (BSOD) if
it saw fragmented packets.

This fix IS NOT language specific (since no .dlls are included)

5. pentfix = Pentium bug fix. (Q163852)

I recommend that this gets applied since its a problem regardless. There
should be no reason why this fix would cause any problems.

This fix IS language specific (due to the inclusion of numerous hal
.dlls)

Available versions for FRN, SPA, and USA
Not available for BRA, CHP, CHS, CHT, CZE, DAN, FIN, GER, HUN, ITA, JPN,
KOR, NLD, NOR, POL, RUS, and SVE.

I guess Intel only sells Pentiums and above in France, Spain, and the
US!!

Some additional notes and comments:
-----------------------------------

Firstly, Microsoft needs to get off its butt and get these fixes
available for all languages. I've called for this several times in the
past, and regardless of what it takes from their resources, THIS MUST BE
DONE!!! Sorry, but how many times do I have to beat my head against the
wall to get this done? The Pentium bug is a pathetic example. Would all
my non-USA readers please call their local Microsoft offices tomorrow
(not PSS, your local marketing office) and tell the highest person you
can get ahold of that YOU DEMAND HOT FIXES FOR YOUR LANGUAGE!! If they
give you anything other than "I'm sorry, we'll get it done right away!"
then please email me their email address!

The order is obviously important. Some Hot Fixes contain files that are
contained in other Hot Fixes. The order I have provided above is based
on the USA Hot Fixes. Some fixes have been updated since they were
originally released (the pentfix for example). I haven't gone in to
check what changed, but assume something has a alter your order
according to what you find in the http://www.ntbugtraq.com/ntfixes.asp
page for your environment.

Further, there are fixes that could be applied that I haven't mentioned.
This does not make them unimportant. If you run IIS 4.0, for example,
then there is a Hot Fix that should be applied (IIS4fix). If you run MS
Exchange 5.5, then you must apply the Roll-up fix.

Use the http://www.ntbugtraq.com/ntfixes.asp page as a guide as to the
order these fixes should be applied. The page is listed in date order,
so if something's been updated it will reflect the change in order.

Finally, do check back to the http://www.ntbugtraq.com/ntfixes.asp site
regularly. As Hot Fixes are released, my scanning program scours
Microsoft's FTP server every two hours to catch those new fixes. Rather
than tell everyone that new Printer Drivers were released for the
Japanese version of NT 4.0 on the 4th of March, I leave it to you to
keep yourselves up-to-date.

If you are a non-USA reader, and you see an important security Hot Fix
for your language that's not available for USA (like the
Chinese/Japanese Crypt32 fix), please send me an email to let me know.
I'll send out a message to the list.

I do hope this helps you get the resources together to get these fixes
deployed. I've seen signs that this will not be a difficult task in the
future. If you've seen the latest versions of the Microsoft BackOffice
Installer then you may have noticed that not only does it know what Hot
Fixes you *must* apply, but it also incorporates installation of
components from the NT 4.0 Options Kit as well. This kind of integration
between, normally, separate products is quite refreshing. Hopefully SP4
(should there be one) gives us this kind of integration.

Before you contact me with questions about any of the above fixes,
please read the associated KB article listed in the same directory as
the Hot Fix file.

Also, remember that you can install multiple Hot Fixes, and SP3 itself,
without rebooting the computer. Obviously you will need to do a reboot
before they become effective, but you do not need to do multiple reboots
(i.e. one for each Hot Fix). Type Hotfix /? to get command switch
options (not, the options are slightly different for the SP3 Update.exe
program than they are for the Hotfix.exe program). For those that used
it, I've stopped work on my HotFix Central application after seeing the
modifications to the BackOffice installer application, clearly Microsoft
are working on a program to do what HFC was intended to do.

Cheers,
Russ Cooper
R.C. Consulting, Inc. - NT/Internet Security
http://www.ntbugtraq.com

Russ Cooper is solely responsible for the entire contents. Permission to
redistribute this information for your internal use is granted by the
author. Publication in public form beyond the NTBugtraq mailing list is
strictly prohibited.
Copyright © 1998 by Russ Cooper, all rights reserved.