[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Anyone running SUS see the content update today?

To: "Joshua Levitsky" <jlevitsk@joshie.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Anyone running SUS see the content update today?
From: "Jerry Heidtke" <jheidtke@fmlh.edu>
Date: Wed, 22 Oct 2003 22:09:20 -0500

There were a variety of "issues" with last weeks patches.

MS03-045 installation failed on some language version of Windows 2000 SP4. 
Since this patch replaces the entire core of the OS, it often left the computer 
in a completely unusable state. This patch has also been repackaged so that a 
single download can be used to patch Windows 2000 SP2, SP3, and SP4. 
Previously, SP2 had a separate package.

All the original 10/15 OS patches included a new version of update.exe that 
contained a critical bug. In an attempt to reduce the number of reboots, MS 
tested to see if the user installing the patch had the debug privilege. This 
privilege allows system files that are in-use to be replaced on a running 
system. Normally only Local System and Administrators have this right. The 
intention was that if the user had the debug right, the files would be replaced 
and no reboot would be needed. The check to see if the current user had this 
right would sometimes enter an infinite loop, and sometimes system files would 
be damaged, putting the computer into an endless reboot cycle. Sometimes 
recovery was possible by booting into safe mode or using the recovery console 
and uninstalling the patches or manually copying the old files.

The updated bulletins so far make no mention of this. I would bet that when the 
updated patches are actually available on the the download site (they're not 
there yet) they will have a new version of update.exe.

I believe that in every case, the patches themselves contain the same system 
files. It is only the patch installer that is being replaced. We should know 
for sure by tomorrow.

Jerry

-----Original Message-----
From: Joshua Levitsky [mailto:jlevitsk@joshie.com]
Sent: Wednesday, October 22, 2003 9:12 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Anyone running SUS see the content update today?


Seems like tonight Microsoft re-released all the updates from last week. Anyone 
else see this? Anyone know why all the updates from last week got re-released 
and some of them show up as new rather than updated even though the KB articles 
in the description are last weeks patches. 

-Josh

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Anyone running SUS see the content update today?
  - From: "Joshua Levitsky" <jlevitsk@joshie.com>

Prev by Date: [Full-Disclosure] Anyone running SUS see the content update today?
Next by Date: Re: Linux (in)security (Was: Re: [Full-Disclosure] Re: No Subject)
Previous by thread: [Full-Disclosure] Anyone running SUS see the content update today?
Next by thread: Re: [Full-Disclosure] Anyone running SUS see the content update today?
Index(es):
- Date
- Thread