lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <W3092120505124301082231726@webmail2>
Date: Sat, 17 Apr 2004 19:55:26 +0000
From: geoff.froh@...sho.org
To: bugtraq@...urityfocus.com
Subject: Re:  After Ms patches last Wed ...


> I was told a Win2K user at work experienced the same thing.  Seems that
> Microsoft may not have spent enough time testing one of these patches on the
> Win2K platform.  Dunno which one, since in recent years I'd found
> Microsoft's patches to be well-tested enough that I haven't made a point to
> apply them only one at a time so I could identify faulty ones, as I found it
> necessary to do in past years.

I had neither one of the issues mentioned in this thread; but did have a single workstation (out of about 25) start spewing windows file protection error messages for almost every system file. The disturbing thing was that even after the box had access to the installation media (which wfp uses to roll back to the original file), the errors just kept coming. In the event log, the service was writing more error messages saying that the file could not be replaced because the signatures didn't match.

I'm planning on reinstalling; but didn't have time this week so I disabled wfp by hex editing sfp.dll to turn the damn thing off. (Incidentally, I *love* windoze services that you can't control. That way I can't accidentally hurt myself. Thanks MS!)

The machine is SP4 fully patched with virusscan fully updated. I did some additional security auditing and didn't find anything strange. Everything started going to hell after applying the latest patches.

Anyone else?

Geoff Froh
Technical Manager

Densho
1416 S. Jackson St.
Seattle, WA 98144
US
(v) 1.206.320.0095
(f) 1.206.320.0098
(e) geoff.froh@...sho.org
(w) www.densho.org
 







Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ