[<prev] [next>] [day] [month] [year] [list]
Message-ID: <W3092120505124301082231726@webmail2>
Date: Sat, 17 Apr 2004 19:55:26 +0000
From: geoff.froh@...sho.org
To: bugtraq@...urityfocus.com
Subject: Re: After Ms patches last Wed ...
> I was told a Win2K user at work experienced the same thing. Seems that
> Microsoft may not have spent enough time testing one of these patches on the
> Win2K platform. Dunno which one, since in recent years I'd found
> Microsoft's patches to be well-tested enough that I haven't made a point to
> apply them only one at a time so I could identify faulty ones, as I found it
> necessary to do in past years.
I had neither one of the issues mentioned in this thread; but did have a single workstation (out of about 25) start spewing windows file protection error messages for almost every system file. The disturbing thing was that even after the box had access to the installation media (which wfp uses to roll back to the original file), the errors just kept coming. In the event log, the service was writing more error messages saying that the file could not be replaced because the signatures didn't match.
I'm planning on reinstalling; but didn't have time this week so I disabled wfp by hex editing sfp.dll to turn the damn thing off. (Incidentally, I *love* windoze services that you can't control. That way I can't accidentally hurt myself. Thanks MS!)
The machine is SP4 fully patched with virusscan fully updated. I did some additional security auditing and didn't find anything strange. Everything started going to hell after applying the latest patches.
Anyone else?
Geoff Froh
Technical Manager
Densho
1416 S. Jackson St.
Seattle, WA 98144
US
(v) 1.206.320.0095
(f) 1.206.320.0098
(e) geoff.froh@...sho.org
(w) www.densho.org
Powered by blists - more mailing lists