lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F2A2EAD.26962.114E3393@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: RPC DCOM Patches

"John Sec" <john_sec_lists@...mail.com> wrote:

> The MS website says that the patch can only be applied to Windows 2000 
> systems with SP3 or SP4.  Has anybody tried to run the patch on an SP2 
> system?  ...

No, but limited experience with other patches that have similar 
restrictions results in a "You must first install <required_SP> ..." 
dialog boxen...

> ...  Are NT 4 Workstations vulnerable too, or just NT 4 Servers?

NT 4.0 WS is bound to be vulnerable.  MS did not release a patch 
because the product had hit its official end-of-life before the patch 
was released.  Again, previous experience of similar situations 
suggests that the patch installer will refuse to run on NT 4.0 WS 
though I've not tried it.  You may find that manually "porting" the 
updated files via a home-grown installation procedure "fixes" NT 4.0 WS 
boxes, but be aware that the updated files will not have been tested in 
that environment and may introduce other problems.  If you have the 
time to do some testing on a lab machine it could be worth the effort 
if you have enough active NT 4.0 WS machines to be concerned...


Regards,

Nick FitzGerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ