lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Patching networks redux

Byron Copeland <nodialtone@...cast.net> wrote:

[restructured to proper quoting order so the question makes sense]

> On Wed, 2003-07-30 at 18:58, Alan Kloster wrote:
<<snip Paul Schmehl>>
> > Reading the notice from Microsoft MS03-026 suggests that nothing
> > below Win2k SP3 or NT SP6a can be patched effectively.  They kind 
> > of hid this in one of the extra pull downs on the website.  We are
> > finding that the patch can be applied to systems that don't meet
> > this criteria, but doesn't take, and the Eeye scanner still shows
> > them vulnerable.  Just a heads up for people who haven't applied the
> > service packs, but think they are safe.  Windows update also doesn't
> > show the patch as available for machines at the wrong SP level. 
> > 
> > Props to Eeye for helping us all with the scanner tool.
> 
> Do you have a specific link to that paragraph noting that.  I've looked
> around and didn't catch anything on the MS site saying that.

Got to in your favourite browser:

  http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Hit Ctrl-F (or whatever starts a "find in current page" search in your 
browser).  Enter "6a" (without the quotes).  Bingo!

Unless, of course, you use IE in which case that may not work.  I like 
the way Mozilla, with scripting disabled, renders those pages -- non of 
those poxy drop-down sections where the guts of the information you are 
looking for is hidden; it's all laid out and you can quickly skim 
through the page until the sub-section likely to contain the specific 
detail you are looking for looms into view.

In case you are still using that security nightmare that some pass off 
as a web browser, here is the specific text your "oh so helpful" 
browser and MS's "form over content" web designers felt should be 
hidden away and hard for you to find:

------------------------------------------------------------------
Additional information about this patch

    Installation platforms:

        * The Windows NT 4.0 patch can be installed on systems running
          Service Pack 6a.
        * The Windows NT 4.0, Terminal Server Edition patch can be
          installed on systems running Windows NT 4.0, Terminal Server
          Edition Service Pack 6.
        * The Windows 2000 patch can be installed on systems running
          Windows 2000 Service Pack 3, or Service Pack 4.
        * The patch for Windows XP can be installed on systems running
          Windows XP Gold or Service Pack 1.
        * The patch for Windows Server 2003 can be installed on systems
          running Windows Server 2003 Gold.
------------------------------------------------------------------

> Thanks,

You're welcome.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ