lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Sep 2006 12:19:03 +0900 From: kjm@...s.ryukoku.ac.jp (KOJIMA Hajime) To: bugtraq@...urityfocus.com Cc: full-disclosure@...ts.grok.org.uk Subject: FYI: MS06-049 patch (920958) corrupts NTFS compression files just FYI... MS06-049 patch (920958) corrupts NTFS compression files. Affected sytem -------------- Windows 2000 SP4 + MS06-049 patch (920958) Discussion ---------- * Discussion in english: http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?&query=920958&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.win2000.file_system&p=1&tid=d826afe9-2ab1-4b2f-ae11-cc27702f574a * Discussion in japanese: http://slashdot.jp/~oops/journal/ http://pc8.2ch.net/test/read.cgi/win/1151414872/47- http://slashdot.jp/security/article.pl?sid=06/09/10/068243 How to demonstrate ------------------ 1. Creat folder on NTFS partition. 2. Enable NTFS compression to that folder. 3. Insert Windows 2000 Installation disk to your CD-ROM drive. 4. Copy all files from Windows 2000 Installation disk to that folder. 5. Compare. How to prevent -------------- Uninstall MS06-049 patch (920958). How to find corrupted files --------------------------- Try findcorr tool (by 147-win/1151414872): http://211.2.20.24/pub/findcorr.lzh C:\> findcorr.exe Usage: findcorr [-a] [-d] [-e] path Options: -a Scan all files including uncompressed files. -d Report compression directories. -e Exact mode. How to fix corrupted files -------------------------- Restore them from backups. Patch and NTFS compression -------------------------- If you install patch, patch installer create backup folder for uninstall, such as C:\WINNT\$NtUninstallKB920958$, and copy old files to it. This folder is NTFS compression enabled automatically. You cannot turn off this feature. Official information from Microsoft ----------------------------------- Not yet, but they are working to fix problem. - kjm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists