lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OF0771F35B.BDBAECE2-ONC1256E7A.0044285B-C1256E7A.004560EA@mca.org.mt>
Date: Sun, 18 Apr 2004 14:37:48 +0200
From: aborg@....org.mt
To: <bugtraq@...urityfocus.com>, NTBugtraq@...tserv.ntbugtraq.com
Subject: MS Patches last Wed - SOLUTION






Hi ..

So, after my previous two mails, I managed to solve the problem (I think)

1) I rebooted the PDC and one of the clients started working.  It was the
only one that worked immediately so I think a reboot was required for the
PDC.  That set me thinking.

2) I tried rebooting the BDC but that  did not help, i.e., I still could
not login.  I tried one of the other clients and went through all of this
to fix it:

a) Uninstalled 835732; the uninstallation requires a reboot - still can't
login.  Rebooted again (see 1 above); still no luck
b) Uninstalled 828741; the uninstallation requires a reboot - still can't
login.  Rebooted again (see 1 above); still no luck
c) Uninstalled 837001; the uninstallation does not require a reboot - but
rebooted anyway.  No luck, rebooted again and this worked!!

I used this sequence since this is the reverse order of installation of
these patches according to the Event Log, so I figured that it would be
best to tackle them in this order.

3) I tried another client PC and the same MO worked, confirming my steps in
2 were good and not merely luck.

4) I had already uninstalled 837001 from the BDC since this is the patch
that replaces WINLOGON.EXE and LSASS.EXE (which I figured would be the
culprit); now I needed to uninstall 828741 and 835732 hoping that the
change in sequence would not negatively affect my solution.  I researched
the MS Site for these patches to see what the uninstallation path is and
this info is listed - %WINDIR%\$NTUninstallKB828741$\SPUInst\SPUInst.exe is
the uninstaller.  Unfortunately I could not access the server to run
"Add/Remove Programs" or run this exe.  I checked the MS KB again to see if
I could use the Run or RunOnce keys.  KB article 137367 lists the keys and
explains what they do.  KB article 179365 explains the sequence that
Windows uses to run them.  On both pages, the indication is that the
"RunServices" key is run before the login prompt (which is what I wanted)
but 137367 explains that this key does not apply to Win2k.  I figured, what
the hell and connected to the registry remotely, added this key and added
an entry to the path mentioned together with /u (unattended) and /q
(quiet).  Rebooted the BDC, got the login screen, rebooted again.

It worked.

I rebooted the BDC a few more times and everything looks fine so in
conclusion:

1) Patch 835732 does not seem to have any problems associated with it.
2) Patch 828741 and patch 837001 are the main culprits although I will now
test 837001 to see if it breaks anything or not.


Sigh.

And now I can get back to enjoying my Sunday.

Antoine Borg
Network Administrator

Malta Communications Authority
Suite 43/44, "Il-Piazzetta"
Tower Road
Sliema SLM 16
Malta G.C.

Mob: +356 79 271852

---------
"There is something about inevitability that offends human nature.  Man is
a creature of hope and invention, both of which belie the idea that things
cannot be changed. But man is also a creature prone to error, and sometimes
that makes inevitable the things that he so often seeks to avoid."



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ