RE: [ActiveDir] SP4

Thu, 21 Aug 2003 20:00:04 -0700

Yep - just found this out today.  Cool, huh?  All this work that we've done, and we're going to have to do it again - that or figure out a way to slipstream the DCOM patch into the SP4.  Guess it's time to ask MS what they are doing about this, so I'm off to the Security Groups.
 
I'll let you know what I can when I know.  Hopefully, yet tonight. 
 
IMHO, this is the worst news since the night the threat was revealed on the Blaster worm.
 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jalen richard
Sent: Thursday, August 21, 2003 9:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SP4

Windows 2000 upgrades to SP4 undo the MS03-026 patch. Take Windows 2000 machines with Service Pack 3, patch them with MS03-026, and then upgrade them to Service Pack 4. They become vulnerable to Blaster again. If you don't need the features of SP4, either hold off on installing it, or do install it and then manually disable the Windows DCOM service. (That last step will break applications that use DCOM.) A more complete description of this approach can be found in the Mitigations section of TruSecure article 03-009.



Roger Seielstad <[EMAIL PROTECTED]> wrote:
I would tend to agree with you.

Then again, I also witnessed no less than 3 different releases of the same patch over the last 10 days.
 
 

--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.

-----Original Message-----
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 11:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SP4

Despite what the FAQ says, I've seen some win2k pro workstations where the patch would NOT install on SP2. Upgrading to SP3 allowed the patch to be applied. My guess is that what is really required is SP2 + some post SP2 hotfix. Again, this is only a guess on my part. Since our internal standard is SP3, we didn't spend anytime investigating - we just installed SP3.  
-----Original Message-----
From: Andy David [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 10:11 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] SP4

Is the patch supported on Windows 2000 Service Pack 2?

This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at http://support.microsoft.com/lifecycle. In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch. "

http://www.microsoft.com/technet/treeview/default.asp?url="">

 

 

----- Original Message -----
Sent: Thursday, August 21, 2003 10:36 AM
Subject: RE: [ActiveDir] SP4

sp3

From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 8:34 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] SP4

The patch to stop the MSBlast virus only requires SP2 be installed on the machine.
 
 

--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.

-----Original Message-----
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 10:28 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] SP4

Has anyone had issues with SP4 on DC's?
We are getting hammered by the latest virus.
 
 
 
 
Don L. Murawski
Sr. Network Administrator
WorldTravel BTI
Phone: (404) 923-9468
Fax:     (404) 949-6710
Cell:     (678) 549-1264
 

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

Reply via email to