Q267861 may not mention NT 4.0 TSE, but the fix package associated with
MS00-095 does (there's a specific TSE patch). The TCPCFG.DLL contained
in the patch supplied via MS00-095 is identical, other than file date,
with the TCPCFG.DLL supplied in the TSE SRP. So too is REGACL40.EXE,
included in both packages (despite the SRP documentation saying its
not).

IOWs, from;

http://www.microsoft.com/technet/security/news/nt4tsesr.asp

which includes a statement referring to MS00-095;

"TSE SRP1 does not include the tool provided as part of the following
bulletin. This tool should be downloaded and run separately."

Would seem to be incorrect. The tool (REGACL40.EXE) and DLL (TCPCFG.DLL)
are provided in the SRP, and appear to be the same version (same version
number, same size) as the ones provided in the Q265714i.exe package.

I would assume that HFNetchk is going to look for the files from the
SRP, since they are newer than the MS00-095 package. Following the
advice of the TSE SRP is likely going to lead to something, somewhere,
saying you haven't applied MS00-095.

Clear as mud?

Cheers,
Russ - NTBugtraq Editor

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]