[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F2A2EAD.26962.114E3393@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: RPC DCOM Patches
"John Sec" <john_sec_lists@...mail.com> wrote:
> The MS website says that the patch can only be applied to Windows 2000
> systems with SP3 or SP4. Has anybody tried to run the patch on an SP2
> system? ...
No, but limited experience with other patches that have similar
restrictions results in a "You must first install <required_SP> ..."
dialog boxen...
> ... Are NT 4 Workstations vulnerable too, or just NT 4 Servers?
NT 4.0 WS is bound to be vulnerable. MS did not release a patch
because the product had hit its official end-of-life before the patch
was released. Again, previous experience of similar situations
suggests that the patch installer will refuse to run on NT 4.0 WS
though I've not tried it. You may find that manually "porting" the
updated files via a home-grown installation procedure "fixes" NT 4.0 WS
boxes, but be aware that the updated files will not have been tested in
that environment and may introduce other problems. If you have the
time to do some testing on a lab machine it could be worth the effort
if you have enough active NT 4.0 WS machines to be concerned...
Regards,
Nick FitzGerald
Powered by blists - more mailing lists