| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: RPC DCOM Patches "John Sec" <john_sec_lists@...mail.com> wrote: > The MS website says that the patch can only be applied to Windows 2000 > systems with SP3 or SP4. Has anybody tried to run the patch on an SP2 > system? ... No, but limited experience with other patches that have similar restrictions results in a "You must first install <required_SP> ..." dialog boxen... > ... Are NT 4 Workstations vulnerable too, or just NT 4 Servers? NT 4.0 WS is bound to be vulnerable. MS did not release a patch because the product had hit its official end-of-life before the patch was released. Again, previous experience of similar situations suggests that the patch installer will refuse to run on NT 4.0 WS though I've not tried it. You may find that manually "porting" the updated files via a home-grown installation procedure "fixes" NT 4.0 WS boxes, but be aware that the updated files will not have been tested in that environment and may introduce other problems. If you have the time to do some testing on a lab machine it could be worth the effort if you have enough active NT 4.0 WS machines to be concerned... Regards, Nick FitzGerald
Powered by blists - more mailing lists