|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Alert: Microsoft Security Bulletin - MS03-013 - Windows 2000 Warning
From: Russ (Russ.Cooper
RC.ON.CA)
Date: Wed Apr 16 2003 - 18:32:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks to Bronek Kozicki for bringing this to my attention.
The Windows 2000 version of MS03-013 contains numerous files not listed in the manifest supplied in KB 811493. In addition to the kernel files supplied in the other OS patches, the following files are also included;
gdi32.dll v5.0.2195.5907
kernel32.dll v5.0.2195.6011
msgina.dll v5.0.2195.4733
ntdll.dll v5.0.2195.6685
rdpwd.sys v5.0.2195.6692
user32.dll v5.0.2195.6000
userenv.dll v5.0.2195.5968
win32k.sys v5.0.2195.6003
winlogon.exe v5.0.2195.6013
winsrv.dll v5.0.2195.5935
A brief check shows all to be post-SP3 versions.
The problem here is that by including NTDLL.DLL in MS03-013, it is definitely applying MS03-007. As has been previously reported, there are definitely problems installing MS03-007 on systems which had previously applied a PSS supplied hotfix, check the archives for more details.
If Microsoft has somehow fixed the problems with MS03-007, they've never said so. The version of NTDLL.DLL included in MS03-013 is the same as that included in MS03-007, however as Bronek points out;
"Binary compare between MS03-007 and MS03-013 version of NTDLL.DLL reveals six different bytes (file offset 0x8-0xA and 0x128-0x12A)"
Its also difficult to determine whether the inclusion of all of these other files will cause some other problems for Windows 2000 systems. Let me know if you encounter any.
Meanwhile, I would strongly suggest you avoid applying MS03-013 unless you are able to test it in a non-production environment, and possibly wait until Microsoft provides some form of clarification. Both the Security Bulletin and its KB article are incorrect in stating they do not supercede any other hotfix as clearly this is not the case for Windows 2000 systems.
More information when Microsoft decide to publish it.
Trustworthy Computing just took another big hit today.
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?
Contact mailto:AdvisoriesNTBugtraq.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]