I agree completely. It is funny, after I sent my boss all the info I have found about the issue and performed my own tests here, which came back negative for the SP rolloing back the hotfix, they still emailed our MS TAM about the issue and here is what was sent back The patch is post-sp4 and would have to be re-installed. They’ve made it available to install on the older SPs to allow organizations at different levels to secure the environment. This is not unlike any other patch until we have a roll-up that includes 026. I told my boss that this is incorrect, but they are still insisting on re applying the hotfix after servers are upgraded to SP4. I guess this is just the typicla corporate mentality around here, what can you do. Anyone looking for a good network/security admin?
Thanks,
Jon
|
Jon
Hicks | KEMET
Electronics Corporation | Server
Team Phone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: jhicks352 [ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ] |
| "Rick Kingslan"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 08/27/2003 10:15 AM
|
|
John,
Show him the statement from TruSecure. Microsoft is not going to repond to it, as they denied that it was a problem from day one. Russ so much as sadmits this and the problem is now history. If your boss will not accept Russ Cooper's retraction as stated, then I doubt that a statement from Microsoft would be authoritative either. Me, I'd prefer to have a statement from the discoverer rather than an affected party - Microsoft - who has much to loose if they are shown to have a faulty patch.
Hope this helps....
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon Hicks/MIS/HQ/KEMET/US
Sent: Wednesday, August 27, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SP4 question
SP4 was released first. I ran a test on a few servers running SP3 that have the MS03-026 patch applied and I then installed SP4 and ran a DCOM vulnerability scanner against them and they still showed as patched, so it appears not to effect the patch. I was just looking for something from Microsoft to appease my boss, they always want something form MS to make them feel better about things
|
Jon
Hicks | KEMET
Electronics Corporation | Server
Team Phone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: jhicks352 [ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ] |
| "Hutchins, Mike"
<[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/27/2003 09:29 AM
|
|
which one came out first chronologically?
From: Jon Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 7:03 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SP4 question
I have heard mixed opinions on whether or not installing Win2k SP4 breaks the MS03-026 patch. Does anyone have any links to docs form MS about this subject. NTBUGTRAQ posted some reports from people that SP4 did break the patch, but later found it to be untrue.
Thanks
|
Jon
Hicks | KEMET
Electronics Corporation | Server
Team Phone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: jhicks352 [ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ] |
