lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <949915AAAC8CED4B823E2B1BBD0B3E7F0264A9F7@red-msg-18.redmond.corp.microsoft.com>
Date: Tue, 29 Jul 2003 14:47:16 -0700
From: "Microsoft Security Response Center" <secure@...rosoft.com>
To: <bugtraq@...urityfocus.com>
Subject: MS03-029 / Q823803 and RRAS Problems [im]


Microsoft is aware of a problem with the recently released security
patch MS03-029
(http://www.microsoft.com/technet/security/bulletin/MS03-029.asp) This
patch corrects a Moderate rated Denial of Service security vulnerability
in Microsoft Windows NT 4.0 Server.

Specifically there is a problem with the patch when installed on systems
that are also running RRAS (Routing and Remote Access Service) that
causes the RRAS Service to fail when the system is rebooted after
applying the patch. It is important to note that the security fix itself
is unaffected and the patch is still effective in correcting the DOS
flaw.

Microsoft is investigating this problem and will shortly issue a fix to
correct it once that fix has been thoroughly tested. The security
bulletin has been updated to reflect this. In the meantime customers
affected by the problem may take one of the following actions.

1. Contact Microsoft Product Support Services for a hot fix that
corrects the problem. This fix has not yet been extensively tested and
should therefore only be applied by customers who are directly affected
by the RRAS problem. 
2. Install the patch if you do not need the RRAS service. The RRAS
Service will fail to start however this will not impact normal
operations other than those that use the RRAS Service. 
3. Review the security bulletin and assess whether your enviroment
requires the security patch. 
4. Wait until a fix for the RRAS problem has been fully tested and
released. The security bulletin will be updated when this happens.

Regards,

Microsoft Security Response Center



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ