lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <00c601c39500$87c5c650$182ea8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Problems with MS03-042 (KB826232) patch?

> For example, on one computer that had Windows 2000 SP2, we installed
> KB826232 and then the other critical patches from 10/15. We then
> installed SP4. When attempting later to uninstall KB826232, we get a
> warning that Internet Explorer, Windows Media Player, and 
> other patches
> installed after KB826232 might be non-functional if we proceeded. We
> tested Windows Media Player and it was, in fact, non-functional (it
> could download a video clip and display that it was playing, it just
> couldn't display any video... a minor inconvenience I guess).

Though referring to patch 40 and not 42 this from Brian Livingston's
newsletter is likely relevant:

Update HTML Help. As was the case with MS03-032 and a few other recent
patches, installing MS03-040 will cause problems with Windows' HTML Help
engine unless you also install a fix to update the help feature. This is
explained in Microsoft Knowledge Base article 811630. 

Update Windows Media Player. After installing MS03-040, you also need to
install an update for Windows Media Player versions 6.4, 7.1, and 9, and
Media Player for XP. Microsoft-style audio and video data files are allowed
(stupidly, in my opinion) to command Media Player to open Web pages. These
pages might be malicious or infected. The update allows administrators to
shut down this feature by making changes to the Registry. I don't believe
this capability should ever have been shipped, but I recommend that you
install the patch and implement the more-secure policies, as described in KB
828026. 

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 2792 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031017/f89ed563/winmail.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ