lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 20 Apr 2004 19:39:50 -0000
From: Greg Kujawa <greg.kujawa@...mondcellar.com>
To: bugtraq@...urityfocus.com
Subject: Re: After Ms patches last Wed ...


In-Reply-To: <2DF52978DE0D854F9435C7AA7DD51F9801F4A12D@...maiexcp01.iss.local>

Don't know if this is duplicate info from another message, but there are two different issues with the KB835732 update. Specifically on Windows 2000 machines. 

The first issue involves cached data in RAM. If a machine is rebooted immediately after applying the update there is a chance that the BSOD will come up. The STOP error is described as DRIVER_IRQ_NOT_LESS_OR_EQUAL. A hard reboot will eliminate this transient error.

The second issue involves problems with the IPSec Policy Agent Service. This is enabled to start automatically with the update and it can lead to the CPU pegging. Stopping the service and disabling it will elimiate this issue.

Can't say that Microsoft can claim these issues were the result of updates being rushed to market. Most of the vulnerabilities were brought to their attention 6 months ago. At least the issues aren't as bad as Windows NT 4.0 Service Pack 6. That broke the TCP/IP stack and really had me scrambling back then resuscitating my servers!

>Received: (qmail 25226 invoked from network); 19 Apr 2004 18:05:58 -0000
>Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.27)
>  by mail.securityfocus.com with SMTP; 19 Apr 2004 18:05:58 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
>	by outgoing.securityfocus.com (Postfix) with QMQP
>	id 6453B236FE4; Mon, 19 Apr 2004 19:36:44 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 29580 invoked from network); 19 Apr 2004 11:30:38 -0000
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
>content-class: urn:content-classes:message
>MIME-Version: 1.0
>Content-Type: text/plain;
>	charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>Subject: RE: After Ms patches last Wed ...
>Date: Mon, 19 Apr 2004 13:33:53 -0400
>Message-ID: <2DF52978DE0D854F9435C7AA7DD51F9801F4A12D@...maiexcp01.iss.local>
>X-MS-Has-Attach: 
>X-MS-TNEF-Correlator: 
>Thread-Topic: After Ms patches last Wed ...
>Thread-Index: AcQmMmxSjtFxm8gHTOi27BhiHtRdWQAASwgw
>From: "Brito, Nelson (ISS Brazil)" <NBrito@....net>
>To: "T.H. Haymore" <bonk@...chat.chatsystems.com>,
>	<bugtraq@...urityfocus.com>
>X-OriginalArrivalTime: 19 Apr 2004 17:33:54.0535 (UTC) FILETIME=[7CB10F70:01C42634]
>
>(As usual, and obviously: not speaking on behalf of my employer.)
>
>I didn't see anything unusual, neither with my Win2k nor with my WinXP =
>boxes.=20
>
>It'd be a machine specific or something conflicts with some DLL(s).=20
>
>It is usual to replace some DLL(s) when install some program(s).
>
>Cheers.
>
>Nelson Brito
>
>> -----Original Message-----
>> From: T.H. Haymore [mailto:bonk@...chat.chatsystems.com]
>> Sent: Saturday, April 17, 2004 5:29 AM
>> To: bugtraq@...urityfocus.com
>> Subject: Re: After Ms patches last Wed ...
>>=20
>>=20
>> On Fri, 16 Apr 2004, phaser-X wrote:
>>=20
>> > I had a different issue after Wednesdays updates.  Two=20
>> win2k computers in
>> > my office were rendered useless after the patch.  They were=20
>> fine before,
>> > but as soon as the patch finished and the PC was rebooted,=20
>> the CPU usage
>> > was 100% and nothing could be done.  I left both PC's=20
>> sitting for about 20
>> > minutes and the 100% CPU usage never came down.  Another=20
>> coworker said he
>> > had the same issue with his home PC and he was eventually=20
>> able to get into
>> > the task manager and noticed that the system process was=20
>> taking up 99-100%
>> > of the CPU.
>>=20
>>=20
>> I have run into the same thing with 2K workstations as well=20
>> as 2K server.
>> On a side note, an XP 'goof off' box I use will no longer=20
>> connect to the
>> online card games or anything else.  (Thank goodness for BSD).
>>=20
>>=20
>> >
>> > Anyone else experience this issue?
>> >
>> > -pX
>>=20
>>=20
>>=20
>>=20
>> =
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> Travis
>> www.cyberabuse.org/crimewatch
>> Email: Bonk@...tsystems.com | Bonk@...erabuse.org
>> =
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> /"> \ /
>>  X   ASCII Ribbon Campaign
>> / \  Against HTML Email
>>=20
>>=20
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ