lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OF6CB1254D.22B27464-ON85256E89.004FB436-85256E89.0050E58D@seba.com>
Date: Mon, 3 May 2004 10:41:45 -0400
From: InfoSec@...a.com
To: "David Hayden" <dahayden@...bhayden.com>
Cc: bugtraq@...urityfocus.com
Subject: RE: After Ms patches last Wed ...


I've been following this thread and the stated instabilities of the 
MS04-011 security update, I had determined to delay deployment of this 
patch until it was stabilized but it seems it wasnt stabilized fast enough 
to beat the worms to market.

Now of course this same LSASS vuln addressed by MS04-011 is the target of 
the Sasser worm.... 

undeployable/unstable patch + critical vulnerability = the even greater 
threat of the sasser worm(s)... good job.

I read in a article on this patch that the instability is only present if 
the "Nortel Networks VPN client is installed and the IPSec Policy Agent is 
set to manual or automatic startup type", does anyone have any further 
input on MS04-011? Stable on a standard Win2k server install or not?

Thanks,
Michael





"David Hayden" <dahayden@...bhayden.com>
04/30/2004 01:36 PM
 
        To:     "Greg Kujawa" <greg.kujawa@...mondcellar.com>, 
<bugtraq@...urityfocus.com>, "Michael Ooi" <michael@....com.sg>, 
"phaser-X" <px@...oday.net>, "T.H. Haymore" 
<bonk@...chat.chatsystems.com>, <plasmahh@...ormatik.uni-bremen.de>, "Andy 
Shaw" <andy@...t.no>, <aborg@....org.mt>
        cc: 
        Subject:        RE: After Ms patches last Wed ...


For those of you that had problems with the MS Patch...

Microsoft (Quote, Chart) confirmed that disruptive bugs in a recently
issued Windows security patch could cause systems to freeze or lead to
system usage overload.

The buggy patch, issued earlier this month to plug numerous "critical"
vulnerabilities in the Windows operating system, has caused problems for
IT admins because of conflicts with installed drivers.

"[It] causes Microsoft Windows 2000 to try repeatedly to load drivers
that do not load successfully," the software giant said Wednesday,
identifying the drivers as Ipsecw2k.sys, Imcide.sys and Dlttape.sys...

http://www.internetnews.com/dev-news/article.php/3347221

DH


-----Original Message-----
From: Greg Kujawa [mailto:greg.kujawa@...mondcellar.com] 
Sent: Tuesday, April 20, 2004 3:40 PM
To: bugtraq@...urityfocus.com
Subject: Re: After Ms patches last Wed ...

In-Reply-To:
<2DF52978DE0D854F9435C7AA7DD51F9801F4A12D@...maiexcp01.iss.local>

Don't know if this is duplicate info from another message, but there are
two different issues with the KB835732 update. Specifically on Windows
2000 machines. 



The first issue involves cached data in RAM. If a machine is rebooted
immediately after applying the update there is a chance that the BSOD
will come up. The STOP error is described as
DRIVER_IRQ_NOT_LESS_OR_EQUAL. A hard reboot will eliminate this
transient error.



The second issue involves problems with the IPSec Policy Agent Service.
This is enabled to start automatically with the update and it can lead
to the CPU pegging. Stopping the service and disabling it will elimiate
this issue.



Can't say that Microsoft can claim these issues were the result of
updates being rushed to market. Most of the vulnerabilities were brought
to their attention 6 months ago. At least the issues aren't as bad as
Windows NT 4.0 Service Pack 6. That broke the TCP/IP stack and really
had me scrambling back then resuscitating my servers!



>Received: (qmail 25226 invoked from network); 19 Apr 2004 18:05:58 
>-0000

>Received: from outgoing3.securityfocus.com (HELO 
>outgoing.securityfocus.com) (205.206.231.27)

>  by mail.securityfocus.com with SMTP; 19 Apr 2004 18:05:58 -0000

>Received: from lists2.securityfocus.com (lists2.securityfocus.com 
>[205.206.231.20])

>                by outgoing.securityfocus.com (Postfix) with QMQP

>                id 6453B236FE4; Mon, 19 Apr 2004 19:36:44 -0600 (MDT)

>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm

>Precedence: bulk

>List-Id: <bugtraq.list-id.securityfocus.com>

>List-Post: <mailto:bugtraq@...urityfocus.com>

>List-Help: <mailto:bugtraq-help@...urityfocus.com>

>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>

>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>

>Delivered-To: mailing list bugtraq@...urityfocus.com

>Delivered-To: moderator for bugtraq@...urityfocus.com

>Received: (qmail 29580 invoked from network); 19 Apr 2004 11:30:38 
>-0000

>X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1

>content-class: urn:content-classes:message

>MIME-Version: 1.0

>Content-Type: text/plain;

>                charset="iso-8859-1"

>Content-Transfer-Encoding: quoted-printable

>Subject: RE: After Ms patches last Wed ...

>Date: Mon, 19 Apr 2004 13:33:53 -0400

>Message-ID: 
><2DF52978DE0D854F9435C7AA7DD51F9801F4A12D@...maiexcp01.iss.local>

>X-MS-Has-Attach: 

>X-MS-TNEF-Correlator: 

>Thread-Topic: After Ms patches last Wed ...

>Thread-Index: AcQmMmxSjtFxm8gHTOi27BhiHtRdWQAASwgw

>From: "Brito, Nelson (ISS Brazil)" <NBrito@....net>

>To: "T.H. Haymore" <bonk@...chat.chatsystems.com>,

>                <bugtraq@...urityfocus.com>

>X-OriginalArrivalTime: 19 Apr 2004 17:33:54.0535 (UTC) 
>FILETIME=[7CB10F70:01C42634]

>

>(As usual, and obviously: not speaking on behalf of my employer.)

>

>I didn't see anything unusual, neither with my Win2k nor with my WinXP 
>=

>boxes.=20

>

>It'd be a machine specific or something conflicts with some DLL(s).=20

>

>It is usual to replace some DLL(s) when install some program(s).

>

>Cheers.

>

>Nelson Brito

>

>> -----Original Message-----

>> From: T.H. Haymore [mailto:bonk@...chat.chatsystems.com]

>> Sent: Saturday, April 17, 2004 5:29 AM

>> To: bugtraq@...urityfocus.com

>> Subject: Re: After Ms patches last Wed ...

>>=20

>>=20

>> On Fri, 16 Apr 2004, phaser-X wrote:

>>=20

>> > I had a different issue after Wednesdays updates.  Two=20

>> win2k computers in

>> > my office were rendered useless after the patch.  They were=20

>> fine before,

>> > but as soon as the patch finished and the PC was rebooted,=20

>> the CPU usage

>> > was 100% and nothing could be done.  I left both PC's=20

>> sitting for about 20

>> > minutes and the 100% CPU usage never came down.  Another=20

>> coworker said he

>> > had the same issue with his home PC and he was eventually=20

>> able to get into

>> > the task manager and noticed that the system process was=20

>> taking up 99-100%

>> > of the CPU.

>>=20

>>=20

>> I have run into the same thing with 2K workstations as well=20

>> as 2K server.

>> On a side note, an XP 'goof off' box I use will no longer=20

>> connect to the

>> online card games or anything else.  (Thank goodness for BSD).

>>=20

>>=20

>> >

>> > Anyone else experience this issue?

>> >

>> > -pX

>>=20

>>=20

>>=20

>>=20

>> =

>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
>D=3D=

>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
>D

>> Travis

>> www.cyberabuse.org/crimewatch

>> Email: Bonk@...tsystems.com | Bonk@...erabuse.org

>> =

>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
>D=3D=

>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
>D

>> /"> \ /

>>  X   ASCII Ribbon Campaign

>> / \  Against HTML Email

>>=20

>>=20

>






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ